Microsoft Outlook is an integral part of the workplaces worldwide. This makes it a common entry point for malicious software into business networks.
Since ITbrain Anti-Malware was released we noticed that many Malware detections from our customer’s Malware detections are in Outlook archives (PST or OST). Due to the design of Outlook, it is only possible to modify these archives using an add-in for Outlook. And so, we created the ITbrain Anti-Malware Outlook add-in to solve this issue.
The Outlook Add-in can be activated in the ITbrain Anti-Malware policy. When a scan of the Outlook archive is triggered it will scan all emails. Once an e-mail attachment will be flagged as malware it will be deleted and a replacement text file with a message will be added instead.
If a user tries to open an attachment which is malicious ITbrain Anti-Malware On-Access Scan will catch it and will make sure the threat is dealt with.
When the Quick scan or a Scheduled scan will run on that machine and Outlook will be running then all malicious attachments from e-mails will be quarantined and alerts will be reported to the Console.
Anti-Malware Outlook Add-in can be activated in the Anti-Malware policy.
To make sure that The Outlook Add-in was activated in Microsoft Outlook you can check the Options dialog. (Optional)
ITbrain Anti-Malware cleared an infection in Outlook:
Hint: For Outlook OST database files please make sure the Server settings are set to delete the attachments if the client deleted an attachment. This would avoid redownloading of the attachment from the mail server.
Note: ITbrain Anti-Malware is not a security solution for Mail servers or Exchange. For more complex situations we recommend installing a dedicated Mail server security solution which will resolve malware on the mail server before distributing them to the clients. Good security can be achieved only with tailored solutions for specific needs.
Unfortunately I can not find out how to delete attachments via imap. How about an option to delete the mail right away?
Also sometimes the start of this addon is too slow so that Outlook deactivates it! This should really be solved, because it won't work then and customers do not understand what happens and select the option to not run it again.
We are not aware of any loading issue as of now.
Could you please Submit a ticket to our support to find out why this is happening. If there is an issue we will solve it for sure. We will need logs from the affected machines.
Regarding the removal of the e-mails. The Addin only gives the right to the engine to extract malware attachments during a scan while outlook is open.
Thanks for the post.
Endpoint Protection on macOS was released a few months ago and we are still looking for feedback to get the next features in. So far our customers did not request an outlook add-in for macOS. The reason why we made the Outlook add-in for Outlook on Windows was due to the permissions required for removing threats in Outlook DB. For Mac, this issue should be present as on macOS everything is contained and isolated from the system.
If you encounter any shortcomings of the Endpoint Protection on macOS using Outlook please let us know and we will investigate the reasons why.