Viewing O365's Global Exchange Online Protection Quarantining Excel Files
The Office 365 Global Exchange Online Protection (EOP) recognizes .xlsx files as malware. This may sometimes affect the deliverability of phishing templates with Excel file attachments in KnowBe4's simulated phishing tests.
When you send an email with an Excel file, the Global EOP quarantines that email before it can get to the Malware filter or user-accessible quarantine.
To find this Global EOP quarantine action being applied to these emails, follow the steps below:
- Log in to your Office 365 Exchange admin center.
- Under the mail flow option, click on message trace.
- While in the message trace area, you can search for a specific message by variables such as the sender, recipient, and/or date range.
- Click Search to find any emails that fit the entered search criteria.
- Double click on the email any phishing test emails that have a Quarantined Excel attachment.
A new window will open with information about the email.
This is not the same quarantine that Exchange admins have access to under the protection area of the Exchange admin center.
- Once you open a message, you can see all of the different events that happened to that email including whether or not the attachment was deleted by malware.