Update on the Exchange Server Antivirus Exclusions

exchange server header

For years we have been saying how running antivirus (AV) software on your Exchange Servers can enhance the security and health of your Exchange organization. We’ve also said that if you are deploying file-level scanners on Exchange servers, make sure that the appropriate exclusions, such as directory exclusions, process exclusions, and file name extension exclusions, are in place for both scheduled and real-time scanning.

But times have changed, and so has the cybersecurity landscape. We’ve found that some existing exclusions, namely the Temporary ASP.NET Files and Inetsrv folders, and the PowerShell and w3wp processes – are no longer needed, and that it would be much better to scan these files and folders. Keeping these exclusions may prevent detections of IIS webshells and backdoor modules, which represent the most common security issues. So, we now recommend that you remove these exclusions from your file-level AV scanner:


%SystemRoot%Microsoft.NETFramework64v4.0.30319Temporary ASP.NET Files



We’ve validated that removing these processes and folders doesn’t affect performance or stability when using Microsoft Defender on Exchange Server 2019 running the latest Exchange Server updates.

We also believe that these exclusions can also be safely removed from servers running Exchange Server 2016 and Exchange Server 2013.  When running on Exchange Server 2013 (before decommissioning it in April, right?) or Exchange Server 2016, keep an eye on the server and watch for issues.  If any issues arise on any Exchange Server version, simply put the exclusions back in place, and report the issue to us.

The Exchange Server Team

Read full article (Microsoft Exchange Blog)

All content and images belong to their respected owners, this article is curated for informational purposes only.

Leave a Reply
Previous Post
citrix logo header

Notice of Change Announcement for Citrix ADC MPX 22040, MPX 22060, MPX 22080, MPX 22100, MPX 22120 MPX 24100, MPX 24150, SDX 22040, SDX 22060, SDX 22080, SDX 22100 and SDX 22120, SDX 24100, and SDX 24150

Next Post
citrix logo header

CVAD – How to create Monitor and Config Logging Database using powershell

Related Posts