Friday, September 30, 2016

Exchange Server 2016 AntiVirus Exclusions

File system Anti-Virus scanning is the very important for Exchange server. There are multiple issues arise if you allow file system AV to scan Exchange Server, this is not just for the mailbox database file, there are other locations that must also be exempted from the file system AV scanning.

File level scanning may scan a file when the file is being used or at a scheduled interval, this can cause the scanners to lock or quarantine an Exchange log file or Exchange Database when it is tries to use the files. This may cause of several Exchange server failure such as well-known -1018 ESE error.

What is File System Anti-Virus Scanning

Memory resident file level scanning refers to a part of the file level AV that is loaded in memory as all times and it checks all the files that are used on the local hard drive and in the Server memory. Another option is On-demand file level scanning as name indicate that we can configure to scan files on the hard drive manually or we can also schedule. Some of the antivirus can on-demand scan automatically after virus definition/signature update and it will make sure the signature/definition is latest up to date. On demand scan also like as On-Access if you are never  opened the any file than it will never scanned and if you open the file multiple time than it will likely get scan each time when you open the file.

Microsoft strongly recommended for exclusion directory, process and file for both memory-resident and file level scanning.

There are three types of the Exchange exclusion for Exchange server 2016



Once you complete the exclusion you can apply the same to other Exchange servers. If you want to generate a list of file, folder, process file extensions exclusion for antivirus software which is running you Exchange 2013/2016, you can use this Power Shell Script by Paul Cunningham, MCC, MVP and based on single server you can apply the same to other servers.

Reference: https://technet.microsoft.com/en-us/library/bb332342(v=exchg.160).aspx

No comments:

Post a Comment