Email security, Vulnerability Management

Antivirus exclusions for Exchange servers recommended

BleepingComputer reports that Microsoft has moved to strengthen Exchange Server security by advising the removal of formerly recommended antivirus exclusions for the Inetsrv and Temporary ASP.NET Files folders, as well as the w3wp and PowerShell processes. "Keeping these exclusions may prevent detections of IIS webshells and backdoor modules, which represent the most common security issues... We've validated that removing these processes and folders doesn't affect performance or stability when using Microsoft Defender on Exchange Server 2019 running the latest Exchange Server updates," said Microsoft's Exchange Team. Antivirus exclusions could also be done in Exchange Server 2016 and Exchange Server 2013 although admins have been urged to be prepared in mitigating any potential issues. Such a recommendation follows the targeting of vulnerable Microsoft Exchange servers with Internet Information Services backdoors. Microsoft has previously urged immediate application of the latest Cumulative Updates, as well as the execution of the Exchange Server Health Checker script to ensure the security of their systems.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.