In Exchange Administrative Center of Exchange 2013, the configuration page of anti-malware policy only provides options to delete entire message or attachment for action of malware detected. Is there any option for quarantine, just in case of false positive.

Hi WfG09,

Exchange provides limited options to Configure anti-malware policies:

If malware is detected in the message body, the entire message, including all attachments, will be deleted regardless of which option you select. This action is applied to both inbound and outbound messages.

Other options:

Anti-malware protection

Endpoint Protection for client PC:

Product like Endpoint Protection in Microsoft System Center 2012 Configuration Manager which has more options you are looking for. List of Antimalware Policy Settings -Default Actions

There are 4 options:

• Recommended Use the action recommended in the malware definition file.

• Quarantine Quarantine the malware but do not remove it.

• Remove Remove the malware from the computer.

• Allow Do not remove or quarantine the malware.

How to Create and Deploy Antimalware Policies for Endpoint Protection in Configuration Manager:

https://technet.microsoft.com/en-us/library/hh508785.aspx#BKMK_List