14 DAY TRIAL // Anti-malware solutions are still a must-have in the Windows world, and Microsoft knows this very well. This is why, not a long time ago, the company recommended Exchange Server admins to install antivirus software on their systems but at the same time, to enable some exclusions to make sure everything is working properly.
In a new article, the software giant explains that setting directory, process, and file name extension exclusions is no longer recommended.
And it all happens for a very simple reason. These exclusions could eventually allow malware to break in, as the security software might fail to detect certain threats.
As such, if you’ve previously configured exceptions on your Exchange Server, Microsoft says you should just remove them as soon as possible. You shouldn’t encounter any type of performance of stability problem if you use Microsoft Defender on Exchange Server 2019.
“Times have changed, and so has the cybersecurity landscape. We’ve found that some existing exclusions, namely the Temporary ASP.NET Files and Inetsrv folders, and the PowerShell and w3wp processes - are no longer needed, and that it would be much better to scan these files and folders. Keeping these exclusions may prevent detections of IIS webshells and backdoor modules, which represent the most common security issues. So, we now recommend that you remove these exclusions from your file-level AV scanner,” Microsoft says.
The same applies to older versions of Exchange Server as well, but in some cases, Microsoft says monitoring potential issues is still recommended.
“We also believe that these exclusions can also be safely removed from servers running Exchange Server 2016 and Exchange Server 2013. When running on Exchange Server 2013 (before decommissioning it in April, right?) or Exchange Server 2016, keep an eye on the server and watch for issues. If any issues arise on any Exchange Server version, simply put the exclusions back in place, and report the issue to us,” it says.