Viral Rathod Exchange Server 2016 Blog

Microsoft Exchange Server Blog

  • Click here to Register for Experts-Exchange Account

  • My Experts Exchange Profile

  • Disclaimer

    All information is provided "AS IS" with no warranties, and confer no rights, and as such you perform at your own risk.

    NOTE: You should always make a backup of your server or export the registry before making any changes to it.

  • Popular Articles

  • Counter

Antivirus Exclusions For Exchange Server

Posted by viralr on April 21, 2011

Exchange: Identifying File Level Antivirus Exclusions For Exchange Server Installations

Summary:

Protecting Exchange against malicious viruses is critical to ensure the health and availability of your messaging environment. However, it is also critical that some folders\files must be excluded from file level scanning. Scanning these critical folders\files can cause serious damage such as corruption, database not being able to mount, restore problems among other issues. According to Microsoft’s recommendation, it is critical that you exclude the following directories.

1. Exclude all directories that include your Exchange database files (EDB STM) For example in a default installation, the Exchange database is placed in your \Exchsrvr\Mdbdata folder. Exclude this entire directory.

2. Exclude your Exchsrvr\Mtadata folder

3. Exclude all logs such as message tracking, SMTP. Exclude the directory Exchsrvr\server_name.log

4. Exclude your Exchange queue directory. Exchsrvr\Mailroot

5. Exclude your directory where your IFS creates the streaming .tmp files. The IFS creates these .tmp files when a large object is streamed into the store and the .stm file is too fragmented to have the entire object written in it. For example, a large object can be a message or a file. During normal operation, when the Microsoft Exchange services are stopped, these files are removed from the Temp folder. By defualt, this folder is in the Exchsrvr\Mdbdata directory. However, they can also be in your %SYSTEMROOT%\TEMP directory.

6. Exclude your Exchsrvr\Bin directory

7. Exclude your IIS system files directory %SYSTEMROOT%\System32\Inetsrv

8. Exclude your Gather logs if running search indexing services. These log files contain log information or catalog for the indexing service.

You may elect to just exclude the entire Exchsrvr directory, however the above configuration will give you the best protection.

If you have ever scanned your Exchange directory where your database or logs were stored, your database may be corrupted. The level of corruption cannot be directly quantified. For example the longer your AV was scanning these directories may lead to more corruption but may not be necessarily true. It may also depend on the AV application as well. However, symptoms of corruption may not be immediately visible and may arise further down the road. Therefore, it is best practice to create a fresh database and move your users to the new database.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: