The Microsoft Exchange Server is an e-mail server developed exclusively for Windows OS users. It also offers collaboration functions like scheduling and calendaring.
One of the Exchange Server's biggest draws is its high availability features. These features ensure that outages and server failures won’t disrupt server operations.
But while the Exchange Server sounds like a dream for users, it also has limitations. Microsoft warned against performing antivirus scans on some Exchange Server’s files, folders, and processes.
Why Exclude Files From Antivirus Scans?
Microsoft explained that scanning certain Exchange Server files and processes could cause stability issues. A Windows antivirus program could lock an open database or log file that may cause severe Exchange Server failures.
The company also released a list of files, folders, and running processes that users should exclude from their scans.
New Development: No More Scanning Restrictions on Some Exchange Server Files
Recently, Microsoft announced some good news. According to the company, users can now remove some files and processes from the no-scan list. Scanning some of these processes no longer affects the Exchange Server's stability. Including these processes in your antivirus scans even has its benefits.
The files and processes that are no longer part of the exclusions are:
- %SystemRoot%System32Inetsrv
- %SystemRoot%Microsoft.NETFramework64v4.0.30319Temporary ASP.NET Files
- %SystemRoot%System32inetsrvw3wp.exe
- %SystemRoot%System32WindowsPowerShellv1.0PowerShell.exe
The Exchange team has confirmed that using Microsoft Defender to scan these files does not affect the server’s performance. But the team advised IT and systems admins to still be vigilant. Admins should monitor their servers and inspect their files after the scans.
The Benefits of Removing Restrictions
Exchange Servers have become a popular hacking and cybercrime target in recent years because they are vulnerable and unprotected. A global wave of data breaches and cyberattacks on Exchange Servers began in 2021. The culprit was a Chinese cyber espionage organization called Hafnium. Attacks by other cybercrime groups followed.
These malicious attacks affected businesses and organizations and compromised their data and sensitive information. In a worst-case scenario, this could lead to business operations getting paralyzed.
Being able to scan certain Exchange Server files and processes will help prevent further cyberattacks. The particular files that are no longer included in the list are usually the ones that attackers target. They inject malware or deploy malicious modules through these files. So, it is a significant improvement for Exchange Server’s security.
Impact on Business Owners
Businesses and organizations using Exchange Servers will benefit from this new development. Being able to scan some of the files and processes means less vulnerability for them. This, in turn, means more security for customers’ personal data and sensitive information.
Frequently Asked Questions:
Microsoft Exchange Server Antivirus ScanningWhat is Microsoft Exchange Server?
Microsoft Exchange Server is an email server developed for Windows OS users that also offers collaboration functions like scheduling and calendaring. It's known for its high availability features that ensure continuous server operations even during outages or failures.
Why did Microsoft previously warn against antivirus scans on certain Exchange Server files?
Microsoft warned that scanning certain files and processes could cause stability issues. Antivirus programs might lock open database or log files, potentially leading to severe Exchange Server failures.
What has changed regarding antivirus scanning for Exchange Server?
Microsoft recently announced that some files and processes can now be removed from the no-scan list. Scanning these processes no longer affects the Exchange Server's stability and can even provide security benefits.
Which files and processes can now be scanned?
The files and processes that can now be scanned include:
- %SystemRoot%System32Inetsrv
- %SystemRoot%Microsoft.NETFramework64v4.0.30319Temporary ASP.NET Files
- %SystemRoot%System32inetsrvw3wp.exe
- %SystemRoot%System32WindowsPowerShellv1.0PowerShell.exe
Is it safe to scan these files with Microsoft Defender?
Yes, the Exchange team has confirmed that using Microsoft Defender to scan these files does not affect the server's performance. However, IT and systems admins are advised to monitor their servers and inspect files after scans.
Why is this change important for Exchange Server security?
Exchange Servers have been popular targets for hackers and cybercriminals in recent years. The ability to scan these previously restricted files and processes can help prevent cyberattacks, as these are often the files targeted by attackers to inject malware or deploy malicious modules.
What was the Hafnium incident?
Hafnium was a Chinese cyber espionage organization responsible for initiating a global wave of data breaches and cyberattacks on Exchange Servers in 2021. This was followed by attacks from other cybercrime groups.
How does this change benefit businesses using Exchange Servers?
This development reduces vulnerabilities in Exchange Servers, providing better security for customers’ personal data and sensitive information. It helps prevent cyberattacks that could potentially paralyze business operations.
Should businesses immediately start scanning these previously restricted files?
While scanning is now possible, it's advisable for IT and systems admins to proceed cautiously. They should monitor their servers closely and inspect files after scans to ensure there are no unexpected issues.
Does this mean all Exchange Server files can now be scanned?
No, there are still files, folders, and processes that should be excluded from antivirus scans. Microsoft maintains a list of these exclusions, which should be consulted for up-to-date information.
