Microsoft Exchange Server Antivirus Exclusions
The Microsoft Exchange Server is an e-mail server developed exclusively for Windows OS users. It also offers collaboration functions like scheduling and calendaring.
One of the Exchange Server's biggest draws is its high availability features. These features ensure that outages and server failures won’t disrupt server operations.
But while the Exchange Server sounds like a dream for users, it also has limitations. Microsoft warned against performing antivirus scans on some Exchange Server’s files, folders, and processes.
Why Exclude Files From Antivirus Scans?
Microsoft explained that scanning certain Exchange Server files and processes could cause
stability issues. A Windows antivirus program could lock an open database or log file that may cause severe Exchange Server failures.
The company also released a list of files, folders, and running processes that users should
exclude from their scans.
New Development: No More Scanning Restrictions on Some Exchange Server Files
Recently, Microsoft announced some good news. According to the company, users can now remove some files and processes from the no-scan list. Scanning some of these processes no longer affects the Exchange Server's stability. Including these processes in your antivirus scans even has its benefits.
The files and processes that are no longer part of the exclusions are:
- %SystemRoot%System32Inetsrv
- %SystemRoot%Microsoft.NETFramework64v4.0.30319Temporary ASP.NET Files
- %SystemRoot%System32inetsrvw3wp.exe
- %SystemRoot%System32WindowsPowerShellv1.0PowerShell.exe
The Exchange team has confirmed that using Microsoft Defender to scan these files does not affect the server’s performance. But the team advised IT and systems admins to still be vigilant. Admins should monitor their servers and inspect their files after the scans.
The Benefits of Removing Restrictions
Exchange Servers have become a popular hacking and cybercrime target in recent years because they are vulnerable and unprotected. A global wave of data breaches and cyberattacks on Exchange Servers began in 2021. The culprit was a Chinese cyber espionage organization called Hafnium. Attacks by other cybercrime groups followed.
These malicious attacks affected businesses and organizations and compromised their data and sensitive information. In a worst-case scenario, this could lead to business operations getting paralyzed.
Being able to scan certain Exchange Server files and processes will help prevent further
cyberattacks. The particular files that are no longer included in the list are usually the ones that attackers target. They inject malware or deploy malicious modules through these files. So, it is a significant improvement for Exchange Server’s security.
Impact on Business Owners
Businesses and organizations using Exchange Servers will benefit from this new development. Being able to scan some of the files and processes means less vulnerability for them. This, in turn, means more security for customers’ personal data and sensitive information.