Microsoft Exchange Admins Told to Expand Antivirus Scanning

According to a recent article published on Help Net Security, Microsoft has advised Exchange administrators to expand the scope of antivirus scanning on Exchange servers. Attackers frequently target Microsoft Exchange servers due to their sensitive corporate information, including employee information that could be used for spear-phishing attacks.

Microsoft recommends using antivirus software, specifically Microsoft Defender, on Exchange servers, but some directories, processes, and file name extensions should be excluded from scanning. This exclusion list is extensive, but it no longer includes the Temporary ASP.NET Files and Inetsrv folders, the Powershell and w3wp processes, and other items.

However, Microsoft has warned that keeping these exclusions may prevent the detection of IIS webshells and backdoor modules, which are the most common security issues. Webshells and backdoors give attackers remote access and code execution capabilities on the server.

The article notes that the removal of these exclusions should not cause any stability issues on Exchange Server 2019, 2016, and 2013, but they can be put back into place if any issues arise.

Source: Help Net Security