GitBit
Blog
Sign Up

Block executable content from email client and webmail

Blocking executable content from email clients and webmail can be an important security measure to prevent malware from being delivered to a system via email or web-based channels. Here are a few reasons why you might want to do this:

  1. Protect against malware: Malware authors may use email and webmail as delivery mechanisms to infect systems with malware, such as viruses, Trojans, or ransomware. By blocking executable content from these channels, you can prevent the delivery of malware to a system and limit the potential for data breaches or other security incidents.
  2. Enforce security policies: If your organization has specific policies in place regarding the use of email and web-based channels, blocking executable content can help enforce those policies and limit the potential for non-compliance.
  3. Reduce the attack surface: Blocking executable content can reduce the attack surface of a system by limiting the potential for attackers to exploit vulnerabilities in email clients or webmail applications to deliver and execute malicious code.

Why would you not want to block executable content from email client and webmail?

There really isn't any reason to allow executable content from your email client or webmail in today's world. Most email providers will actually block it too. So you may not even need this rule. But it's still a good practice to put it in place.

How to block executable content from email client and webmail

First, you'll need to make sure Microsoft Defender Antivirus is turned on as the primary antivirus solution, with Real-Time Protection enabled. To verify Defender Antivirus is turned on with real-time protection enabled go to Security recommendations and search for "Turn on real-time protection". From there click "Turn on real-time protection". Finally, click Exposed devices.

Turn on real-time protection

Now that our devices are ready, let's go ahead and block executable content from email clients and webmail using Intune.

Block executable content from email client and webmail
  1. Go to Microsoft Intune admin center (Microsoft Endpoint Manager) > Endpoint security > Attack surface reduction.
  2. Click Create Policy.
  3. Set Platform to Windows 10 Windows 11, and Windows Server.
  4. Set Profile to Attack Surface Reduction Rules.
  5. Click Create.
  6. Name your policy and click Next.
  7. Set Block executable content from email client and webmail to Block. Click Next.
  8. Add your inclusions and exclusions. Click Next > Next > Create.
Did you like the site?