Password-protected attachments can now be inspected, even if the email does not contain their passwords.
Many Phishing attacks include password-protected attachments as a means to avoid inspection. These attacks often employ very simple techniques to prevent security solutions from guessing the password and inspecting the attachments, while making it easy for the end user to understand the password.
In these cases other security solutions default to a generic decision - allow-all or block-all. A classic productivity vs. security dilemma.
Avanan now supports a unique workflow for handling password-protected attachments, providing maximum coverage for password-protected attachments, without compromising on end user productivity:
- If guessing the password fails, end users receive the email without the attachment, but with a banner containing a restore link
- Clicking the link prompts the end user to type in the password for the attachment
- The attachment is then inspected and if found benign, the original recipients of the email will get the original email with all its attachments restored
This workflow ensures:
- Maximum security for password-protected attachments
- No impact on end-user productivity
- No help desk involvement at all
To configure this workflow, go to Office 365 Mail or Gmail Threat Detection policy -> Attachments -> Password-Protected Attachments
Note - this feature is now being gradually deployed. You should see it in your portal in the upcoming 2 weeks.