This
software not only protects the Exchange Server, but also protects the
Operating system file system against viruses. Virus infected emails are
not protected by this software. Before using file level antivirus software, you must configure exclude the followings from being scanned by the software:-
1. Directory exclusions
2. File extension exclusions
3. Process exclusions
Directory Exclusion list
On Client Access Server
You should make sure that following directories must be excluded by the antivirus software:-
- The Internet Information Services (IIS) 6.0 compression folder
Default Value: %systemroot%\IIS Temporary Compressed Files - IIS system files
Default value: %SystemRoot%\System32\Inetsrv folder - Internet related files used by CAS
Default value: %Program Files%\Microsoft\Exchange Server\ClientAccess - Server’s Temporary folder that performs content conversion
Default Value: C:\Windows\Temp
On Mailbox Server
- Mailbox database directory
Get-MailboxDatabase –server <ServerName> | fl *path* - Public Folder database directory
Get-PublicFolderDatabase –server <ServerName> | fl *path* - Message Tracking and Log Path for Managed Folders directories
Get-MailboxServer <ServerName> | select *path* - Storage Group directory
Get-StrorageGroup –Server <ServerName> | fl *path* - Offline Address Book files
%Program Files%\Microsoft\Exchange Server\ExchangeOAB folder - Mailbox database temporary folder
%Program Files%\Microsoft\Exchange Server\Mailbox\MDBTEMP - The Internet Information Services (IIS) 6.0 compression folder
Default Value: %systemroot%\IIS Temporary Compressed Files - IIS system files
Default value: %SystemRoot%\System32\Inetsrv folder - Database Content indexes. We can get the Index Directory using the following script: getSearchIndexForDatabase.ps1 –all,
- Server’s TEMP folder which by default is used to perform content conversion (as shown in Figure 02)
- Directory used for OLE conversions
%Program Files%\Microsoft\Exchange Server\Working\OleConvertor folder - If you use any Exchange maintenance utility (eseutil, isinteg, and etc) make sure that the temporary folder is in the file-level antivirus software exclusion list.
Edge Transport and Hub Transport Server
In the Hub Transport Server we must exclude all the directories used by Message Tracking, message folders, etc. Use the cmdlet Get-TransportServer <ServerName> | select *path* to validate the directories.
- Server’s TEMP folder (
- OLE conversions folders %Program Files%\Microsoft\Exchange Server\Working\OleConvertor folder.
- Sender Reputation database files that can be found under the following directory %Program Files%\Microsoft\Exchange Server\TransportRoles\Data\SenderReputation
- ADAM database and log files (specific for Edge Transport): The default path is %Program Files%\Microsoft\Exchange Server\TransportRoles\Data\Adam but we can change or visualize through ConfigureAdam.ps1
Unified Messaging
The Unified Messaging role requires a few directories to be excluded from the file-level antivirus software:
- Grammar Files
%Program Files%\Microsoft\Exchange Server\UnifiedMessaging\grammars - Voice Prompts
%Program Files%\Microsoft\Exchange Server\UnifiedMessaging\Prompts - Voicemail
%Program Files%\Microsoft\Exchange Server\UnifiedMessaging\voicemail - Bad Voicemail
%Program Files%\Microsoft\Exchange Server\UnifiedMessaging\badvoicemail
File Exclusion List
Mailbox Servers use the following extensions:
- .chk
- .log
- .edb
- .jrs
- .que
Unified Messaging extensions:
- .cfg
- .grxml
Application related extensions,
- .config
- .dia
- .wsb
Offline Address Book-related extensions that can be found in Mailbox Servers:
- .lzx
Content Index-related extensions
- .ci
- .dir
- .wid
- .000
- .001
- .002
Process Exclusion List
|
Process
|
Exchange Server Role
|
|
Cdb.exe
|
common
|
|
Cidaemon.exe
|
Common
|
|
Cluster.exe
|
Mailbox
|
|
Dsamain.exe
|
Edge
|
|
Edgecredentialsvc.exe
|
Edge
|
|
Edgetransport.exe
|
Edge
|
|
Galgrammargenerator.exe
|
Unified Messaging
|
|
Inetinfo.exe
|
Mailbox and CAS
|
|
Mad.exe
|
Mailbox
|
|
Microsoft.Exchange.Antispamupdatesvc.exe
|
Hub, Edge
|
|
Microsoft.Exchange.Contentfilter.Wrapper.exe
|
|
|
Microsoft.Exchange.Cluster.Replayservice.exe
|
Mailbox
|
|
Microsoft.Exchange.Edgesyncsvc.exe
|
Hub
|
|
Microsoft.Exchange.Imap4.exe
|
CAS
|
|
Microsoft.Exchange.Imap4service.exe
|
CAS
|
|
Microsoft.Exchange.Infoworker.Assistants.exe
|
Mailbox
|
|
Microsoft.Exchange.Monitoring.exe
|
All Roles
|
|
Microsoft.Exchange.Pop3.exe
|
CAS
|
|
Microsoft.Exchange.Pop3service.exe
|
CAS
|
|
Microsoft.Exchange.Search.Exsearch.exe
|
Mailbox
|
|
Microsoft.Exchange.Servicehost.exe
|
CAS and Mailbox
|
|
Msexchangeadtopologyservice.exe
|
Mailbox, Hub, CAS, Unified Messaging
|
|
Msexchangefds.exe
|
CAS and Unified Messaging
|
|
Msexchangemailboxassistants.exe
|
Mailbox
|
|
Msexchangemailsubmission.exe
|
Mailbox
|
|
Msexchangetransport.exe
|
Hub Transport and Edge
|
|
Msexchangetransportlogsearch.exe
|
Mailbox, Hub Transport and Edge
|
|
Msftefd.exe
|
Mailbox Cluster
|
|
Msftesql.exe
|
Mailbox
|
|
Oleconverter.exe
|
Mailbox, Hub Transport
|
|
Powershell.exe
|
General
|
|
Sesworker.exe
|
|
|
Speechservice.exe
|
Unified Messaging
|
|
Store.exe
|
Mailbox
|
|
Transcodingservice.exe
|
|
|
Umservice.exe
|
Unified Messaging
|
|
Umworkerprocess.exe
|
Unified Messaging
|
|
W3wp.exe
|
IIS Service used by CAS and Mailbox
|
No comments:
Post a Comment