Last active
October 13, 2023 11:35
-
-
Save fluggelgleckheimlen/d4cd46a12b9b5ed166f0f7368419d428 to your computer and use it in GitHub Desktop.
Recommended exclusions for Windows Defender antivirus on Exchange servers
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Recommended exclusions for Windows antivirus programs on Exchange servers | |
| # https://docs.microsoft.com/en-us/exchange/antispam-and-antimalware/windows-antivirus-software?view=exchserver-2019 | |
| Import-Module Defender | |
| # Folder exclusions | |
| Add-MpPreference -ExclusionPath '%SystemRoot%\Cluster' | |
| Add-MpPreference -ExclusionPath '%SystemDrive%\DAGFileShareWitnesses\*' | |
| Add-MpPreference -ExclusionPath '%ExchangeInstallPath%ClientAccess\OAB' | |
| Add-MpPreference -ExclusionPath '%ExchangeInstallPath%FIP-FS' | |
| Add-MpPreference -ExclusionPath '%ExchangeInstallPath%GroupMetrics' | |
| Add-MpPreference -ExclusionPath '%ExchangeInstallPath%Logging' | |
| Add-MpPreference -ExclusionPath '%ExchangeInstallPath%Mailbox' | |
| Add-MpPreference -ExclusionPath '%ExchangeInstallPath%TransportRoles\Data\Adam' | |
| Add-MpPreference -ExclusionPath '%ExchangeInstallPath%TransportRoles\Data\IpFilter' | |
| Add-MpPreference -ExclusionPath '%ExchangeInstallPath%TransportRoles\Data\Queue' | |
| Add-MpPreference -ExclusionPath '%ExchangeInstallPath%TransportRoles\Data\SenderReputation' | |
| Add-MpPreference -ExclusionPath '%ExchangeInstallPath%TransportRoles\Data\Temp' | |
| Add-MpPreference -ExclusionPath '%ExchangeInstallPath%TransportRoles\Logs' | |
| Add-MpPreference -ExclusionPath '%ExchangeInstallPath%TransportRoles\Pickup' | |
| Add-MpPreference -ExclusionPath '%ExchangeInstallPath%TransportRoles\Replay' | |
| Add-MpPreference -ExclusionPath '%ExchangeInstallPath%UnifiedMessaging\Grammars' | |
| Add-MpPreference -ExclusionPath '%ExchangeInstallPath%UnifiedMessaging\Prompts' | |
| Add-MpPreference -ExclusionPath '%ExchangeInstallPath%UnifiedMessaging\Temp' | |
| Add-MpPreference -ExclusionPath '%ExchangeInstallPath%UnifiedMessaging\Voicemail' | |
| Add-MpPreference -ExclusionPath '%ExchangeInstallPath%Working\OleConverter' | |
| Add-MpPreference -ExclusionPath '%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files' | |
| Add-MpPreference -ExclusionPath '%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files' | |
| Add-MpPreference -ExclusionPath '%SystemRoot%\System32\Inetsrv' | |
| Add-MpPreference -ExclusionPath '%SystemRoot%\Temp\OICE_*' | |
| # Process exclusions | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\ComplianceAuditService.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\EdgeTransport.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%FIP-FS\Bin\fms.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\Search\Ceres\HostController\hostcontrollerservice.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\Microsoft.Exchange.AntispamUpdateSvc.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%TransportRoles\agents\Hygiene\Microsoft.Exchange.ContentFilter.Wrapper.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\Microsoft.Exchange.Diagnostics.Service.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\Microsoft.Exchange.Directory.TopologyService.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\Microsoft.Exchange.EdgeCredentialSvc.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\Microsoft.Exchange.EdgeSyncSvc.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%FrontEnd\PopImap\Microsoft.Exchange.Imap4.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%ClientAccess\PopImap\Microsoft.Exchange.Imap4service.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\Microsoft.Exchange.Notifications.Broker.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%FrontEnd\PopImap\Microsoft.Exchange.Pop3.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%ClientAccess\PopImap\Microsoft.Exchange.Pop3service.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\Microsoft.Exchange.ProtectedServiceHost.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\Microsoft.Exchange.RPCClientAccess.Service.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\Microsoft.Exchange.Search.Service.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\Microsoft.Exchange.Servicehost.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\Microsoft.Exchange.Store.Service.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\Microsoft.Exchange.Store.Worker.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%FrontEnd\CallRouter\Microsoft.Exchange.UM.CallRouter.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\MSExchangeCompliance.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\MSExchangeDagMgmt.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\MSExchangeDelivery.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\MSExchangeFrontendTransport.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\MSExchangeHMHost.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\MSExchangeHMWorker.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\MSExchangeMailboxAssistants.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\MSExchangeMailboxReplication.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\MSExchangeRepl.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\MSExchangeSubmission.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\MSExchangeTransport.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\MSExchangeTransportLogSearch.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\MSExchangeThrottling.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\Search\Ceres\Runtime\1.0\Noderunner.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\OleConverter.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\Search\Ceres\ParserServer\ParserServer.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%FIP-FS\Bin\ScanEngineTest.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%FIP-FS\Bin\ScanningProcess.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\UmService.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\UmWorkerProcess.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%FIP-FS\Bin\UpdateService.exe' | |
| Add-MpPreference -ExclusionProcess '%ExchangeInstallPath%Bin\wsbexchange.exe' | |
| Add-MpPreference -ExclusionProcess '%SystemRoot%\System32\Dsamain.exe' | |
| Add-MpPreference -ExclusionProcess '%SystemRoot%\System32\WindowsPowerShell\v1.0\Powershell.exe' | |
| Add-MpPreference -ExclusionProcess '%SystemRoot%\System32\inetsrv\inetinfo.exe' | |
| Add-MpPreference -ExclusionProcess '%SystemRoot%\System32\inetsrv\W3wp.exe' | |
| # File name extension exclusions | |
| Add-MpPreference -ExclusionExtension '.config' | |
| Add-MpPreference -ExclusionExtension '.chk' | |
| Add-MpPreference -ExclusionExtension '.edb' | |
| Add-MpPreference -ExclusionExtension '.jfm' | |
| Add-MpPreference -ExclusionExtension '.jrs' | |
| Add-MpPreference -ExclusionExtension '.log' | |
| Add-MpPreference -ExclusionExtension '.que' | |
| Add-MpPreference -ExclusionExtension '.dsc' | |
| Add-MpPreference -ExclusionExtension '.txt' | |
| Add-MpPreference -ExclusionExtension '.cfg' | |
| Add-MpPreference -ExclusionExtension '.grxml' | |
| Add-MpPreference -ExclusionExtension '.lzx' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
В последних рекомендациях убрали IIS из исключений:
