Skip to content

Instantly share code, notes, and snippets.

@fluggelgleckheimlen

fluggelgleckheimlen/Exchnage Server Antimalware Exclusions.ps1

Last active October 13, 2023 11:35
Show Gist options
  • Save fluggelgleckheimlen/d4cd46a12b9b5ed166f0f7368419d428 to your computer and use it in GitHub Desktop.
Save fluggelgleckheimlen/d4cd46a12b9b5ed166f0f7368419d428 to your computer and use it in GitHub Desktop.
Download ZIP
Recommended exclusions for Windows Defender antivirus on Exchange servers
Raw
Exchnage Server Antimalware Exclusions.ps1
# Recommended exclusions for Windows antivirus programs on Exchange servers
# https://docs.microsoft.com/en-us/exchange/antispam-and-antimalware/windows-antivirus-software?view=exchserver-2019
Import-Module Defender
# Folder exclusions
Add-MpPreference -ExclusionPath '%SystemRoot%\Cluster'
Add-MpPreference -ExclusionPath '%SystemDrive%\DAGFileShareWitnesses\*'
Add-MpPreference -ExclusionPath '%ExchangeInstallPath%ClientAccess\OAB'
Add-MpPreference -ExclusionPath '%ExchangeInstallPath%FIP-FS'
Add-MpPreference -ExclusionPath '%ExchangeInstallPath%GroupMetrics'
Add-MpPreference -ExclusionPath '%ExchangeInstallPath%Logging'
Add-MpPreference -ExclusionPath '%ExchangeInstallPath%Mailbox'
Add-MpPreference -ExclusionPath '%ExchangeInstallPath%TransportRoles\Data\Adam'
Add-MpPreference -ExclusionPath '%ExchangeInstallPath%TransportRoles\Data\IpFilter'
Add-MpPreference -ExclusionPath '%ExchangeInstallPath%TransportRoles\Data\Queue'
Add-MpPreference -ExclusionPath '%ExchangeInstallPath%TransportRoles\Data\SenderReputation'
Add-MpPreference -ExclusionPath '%ExchangeInstallPath%TransportRoles\Data\Temp'
Add-MpPreference -ExclusionPath '%ExchangeInstallPath%TransportRoles\Logs'
Add-MpPreference -ExclusionPath '%ExchangeInstallPath%TransportRoles\Pickup'
Add-MpPreference -ExclusionPath '%ExchangeInstallPath%TransportRoles\Replay'
Add-MpPreference -ExclusionPath '%ExchangeInstallPath%UnifiedMessaging\Grammars'
Add-MpPreference -ExclusionPath '%ExchangeInstallPath%UnifiedMessaging\Prompts'
Add-MpPreference -ExclusionPath '%ExchangeInstallPath%UnifiedMessaging\Temp'
Add-MpPreference -ExclusionPath '%ExchangeInstallPath%UnifiedMessaging\Voicemail'
Add-MpPreference -ExclusionPath '%ExchangeInstallPath%Working\OleConverter'
Add-MpPreference -ExclusionPath '%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files'
Add-MpPreference -ExclusionPath '%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files'
Add-MpPreference -ExclusionPath '%SystemRoot%\System32\Inetsrv'
Add-MpPreference -ExclusionPath '%SystemRoot%\Temp\OICE_*'
# Process exclusions
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\ComplianceAuditService.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\EdgeTransport.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%FIP-FS\Bin\fms.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\Search\Ceres\HostController\hostcontrollerservice.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\Microsoft.Exchange.AntispamUpdateSvc.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%TransportRoles\agents\Hygiene\Microsoft.Exchange.ContentFilter.Wrapper.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\Microsoft.Exchange.Diagnostics.Service.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\Microsoft.Exchange.Directory.TopologyService.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\Microsoft.Exchange.EdgeCredentialSvc.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\Microsoft.Exchange.EdgeSyncSvc.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%FrontEnd\PopImap\Microsoft.Exchange.Imap4.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%ClientAccess\PopImap\Microsoft.Exchange.Imap4service.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\Microsoft.Exchange.Notifications.Broker.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%FrontEnd\PopImap\Microsoft.Exchange.Pop3.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%ClientAccess\PopImap\Microsoft.Exchange.Pop3service.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\Microsoft.Exchange.ProtectedServiceHost.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\Microsoft.Exchange.RPCClientAccess.Service.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\Microsoft.Exchange.Search.Service.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\Microsoft.Exchange.Servicehost.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\Microsoft.Exchange.Store.Service.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\Microsoft.Exchange.Store.Worker.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%FrontEnd\CallRouter\Microsoft.Exchange.UM.CallRouter.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\MSExchangeCompliance.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\MSExchangeDagMgmt.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\MSExchangeDelivery.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\MSExchangeFrontendTransport.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\MSExchangeHMHost.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\MSExchangeHMWorker.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\MSExchangeMailboxAssistants.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\MSExchangeMailboxReplication.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\MSExchangeRepl.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\MSExchangeSubmission.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\MSExchangeTransport.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\MSExchangeTransportLogSearch.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\MSExchangeThrottling.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\Search\Ceres\Runtime\1.0\Noderunner.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\OleConverter.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\Search\Ceres\ParserServer\ParserServer.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%FIP-FS\Bin\ScanEngineTest.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%FIP-FS\Bin\ScanningProcess.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\UmService.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\UmWorkerProcess.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%FIP-FS\Bin\UpdateService.exe'
Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\wsbexchange.exe'
Add-MpPreference -ExclusionProcess '%SystemRoot%\System32\Dsamain.exe'
Add-MpPreference -ExclusionProcess '%SystemRoot%\System32\WindowsPowerShell\v1.0\Powershell.exe'
Add-MpPreference -ExclusionProcess '%SystemRoot%\System32\inetsrv\inetinfo.exe'
Add-MpPreference -ExclusionProcess '%SystemRoot%\System32\inetsrv\W3wp.exe'
# File name extension exclusions
Add-MpPreference -ExclusionExtension '.config'
Add-MpPreference -ExclusionExtension '.chk'
Add-MpPreference -ExclusionExtension '.edb'
Add-MpPreference -ExclusionExtension '.jfm'
Add-MpPreference -ExclusionExtension '.jrs'
Add-MpPreference -ExclusionExtension '.log'
Add-MpPreference -ExclusionExtension '.que'
Add-MpPreference -ExclusionExtension '.dsc'
Add-MpPreference -ExclusionExtension '.txt'
Add-MpPreference -ExclusionExtension '.cfg'
Add-MpPreference -ExclusionExtension '.grxml'
Add-MpPreference -ExclusionExtension '.lzx'
@fluggelgleckheimlen
Copy link
Author

А лучший скрипт наверное тут, если закрыть глаза на оптимизации путей.

@fluggelgleckheimlen
Copy link
Author

В последних рекомендациях убрали IIS из исключений:
ExchangeAV

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment