Office 365 ATP attachments taking too long for scanning and won't open

Attachments is taking too long for scanning with ATP attachments enabled in office 365. Why and how to fix this? Is there way to exclude from scanning?
Nick ITAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Vasil Michev (MVP)Commented:
You can control the policy settings as detailed here: https://docs.microsoft.com/en-us/office365/securitycompliance/set-up-atp-safe-attachments-policies#step-3-learn-about-atp-safe-attachments-policy-options

More specifically, you can either disable it completely, enable dynamic delivery (which will deliver the message and replace attachments once they are scanned) or configure the "Apply the above selection if malware scanning for attachments times out or error occurs" setting to ensure that messages are delivered even if the default 1h period expires.

Lastly, if you want to configure a bypass, you can set up a transport rule to add the X-MS-Exchange-Organization-SkipSafeAttachmentProcessing header to any messages you want to bypass the scan, with value set to 1.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Nick ITAuthor Commented:
When the user try open attachments the scanning takes like more than 1 hour to open, how to prevent this? Dynamic delivery is turn on.
Matt FieldsPremier Field EngineerCommented:
Nick,
         Im a little confused here, ATP's safe attachments policy scans attachments in transit, not upon opening. Can you share an example of exactly what happens when an end user tries to open an attachment that's been scanned by ATP?

         As mentioned by Vasil, you can change the safe attachments policy to block or replace the attachment based on scanning and the end user would not even have the message that's being scanned.

         Microsoft's SLA is 30 minutes for ATP scanning but over 95% of all messages are scanned in less than a minute so it would be nice to have a better picture of exactly what's happening.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Office

From novice to tech pro — start learning today.