Exceptions for the Password-Protected Attachments Workflow

Administrators can exclude external senders from the default workflow of handling emails with password-protected attachments

Password-protected attachments are especially hard to secure, as they are encrypted and cannot be opened without the password set by the external sender.

For this reason, we recently released a dedicated workflow for emails with password-protected attachments, where the end users are required to provide the password before gaining access to the original attachment.
This way, organizations get 100% coverage for their password-protected attachments, while their end users are fully independent and do not need any help from the Help Desk / SOC team.

In cases where specific trusted automated systems or trusted domains send a lot of emails with password-protected attachments, organizations may want to avoid requesting the passwords over and over again from their end users.

Avanan now supports exceptions for the password-protected attachments workflow. Specific sender addresses or sender domains can be excluded from the workflow. Their emails will still undergo malware inspection and if the system can understand the passwords to the files, they will still be inspected, but if it can’t – the attachments will be considered as allow-listed (clean).

To define such exceptions go to Security Settings -> Exceptions -> Anti-Malware -> Password-Protected Attachments and click Create Allow List

Note - this feature is being deployed gradually. You should see it in your portal in the next 7 days.