We're receiving a rash of new phishing/hack messages that contain a .zip attachment that contains a .js file.
In all cases, the .js is harmless because of existing security policies in place. However, we recieve a number of these messages per day. The messages adapt faster than our perimeter protection + SEP + end user education can adapt.
I would like to avoid exposure altogether by simply deleting any messages from Outlook where the .zip attachment contains a .js file. SEP is really very good at catching .zip > .scr/.exe conditions. I would like to expand that behavior to .zip > .js. No one will ever need to send us a .js file, except for the developer teams who already rename .js to .js_safe when sending. I'm confident this is a reasonable bheavior change with no negative impact.
This will be my first time navigating SEPM to modify its behavior, and I'm a bit overwhelmed at all of the options. Could someone give me a brief guide on what to do? I'm sure I could muddle my way through it and likely end up doing it the wrong way. I would prefer to get it right the first time.