Expanding policy-settings for unknown malware
Issue: Very huge amount of false-negative detections as "unknown malware" on pdf and xls files (without macros!).
Suggestion from MSFT: Creating a policy for the reaction to attachements that are considered as unknown malware.
Only option there is, is to set a RECiPIENT out of our domain as "trusted" which means this recipient can receive ALL mails with unknown malware no matter where they are from - truly not what we want, that logic really bothers me.
What we need is to set a SENDER as trusted.
That might fal under "we need a whitelist", but I am only talking about "unknown malware" and that special option for it - which is there and just needs that small extension of setting a sender as trusted.