What is the best way to get the mailbox database size and available space? Why…
Antivirus exclusions for Exchange Server
It is crucial to have the right Antivirus exclusions for Exchange Server 2013/2016/2019. Antivirus/Security will slow down the Exchange Server. Think about excluding the correct folders, processes, and extensions for Exchange Server. Yes, that is a bunch to exclude, but don’t you want the Exchange Server performing fast? In this article, you will learn which Antivirus exclusions need to be made on the Exchange Server.
Table of contents
Download Exchange Server Antivirus exclusions PowerShell script
Download the Set-ExchAVExclusions.ps1 PowerShell script from the official page (GitHub) that supports:
- Exchange Server 2013
- Exchange Server 2016
- Exchange Server 2019
Ensure the file is unblocked to prevent errors when running the script. Read more in the article Not digitally signed error when running PowerShell script.
Get Exchange Server Antivirus exclusions
Place the PowerShell script in path C:\scripts on the Exchange Server and not on any other server.
Run Exchange Management Shell as administrator and change the directory to the scripts folder.
[PS] C:\>cd C:\scripts\
Add the -ListRecommendedExclusions parameter to display the antivirus exclusions for Exchange Server on the screen without setting them.
[PS] C:\scripts>.\Set-ExchAVExclusions.ps1 -ListRecommendedExclusions
This is how it looks.
Add the -ListRecommendedExclusions and -FileName parameters to display the antivirus exclusions for Exchange Server on the screen without setting them and export them to a text file.
[PS] C:\scripts>.\Set-ExchAVExclusions.ps1 -ListRecommendedExclusions -FileName "C:\temp\Exclusions.txt"
Then browse to the C:\temp folder and find the Exclusions.txt generated file.
Open the Exclusions.txt file and check the exclusions that must be made for the Exchange Server. The text file will have three sections:
- Paths
- Extensions
- Processes
Set Exchange Server Antivirus exclusions (Windows Defender)
Exclude the paths of the directories, extensions, and the process that shows in the text file in the Antivirus/Security application.
Note: If you have a DAG configured, you should sign into the DAG witness server and exclude the DAG folder, as shown in the script output.
Suppose you have Windows Defender as your security product. You can run the script, and it will add the exclusions to Windows Defender.
[PS] C:\scripts>.\Set-ExchAVExclusions.ps1
The Exchange Server exclusions are successfully added in Windows Defender.
Do you already have exclusions in Windows Defender, and do you want to remove all the exclusions? Read the article Clear Windows Defender Antivirus exclusions with PowerShell.
Verify Exchange Server exclusions
After adding the exclusions to the Antivirus/Security product, Check Exchange Antivirus exclusions are set correctly.
Conclusion
You learned about Antivirus exclusions for Exchange 2013/2016/2019. Remember to add the exclusions in the Antivirus/Security product. Do this after installing the Exchange Server and configuring the mailbox databases. Do you already have an Exchange Server installed in production? Configure the Antivirus exclusions right now.
Did you enjoy this article? You may also like Turn off Windows Defender in Windows 11 permanently. Don’t forget to follow us and share this article.
Hello and I appreciate your information.
One question, I already ran the script for exchange 2019, and I already added the exclusions that it indicates, but I am having problems with the EDR SentinelOne, in the Autodiscover service, it suddenly stops responding and with testconnectivity.microsoft.com it indicates a problem with the autodiscover so the outlook client stops connecting, you will know what dependencies there are with that pool, so I suspect the issue is related to some dependency on C:\Windows, since that is how it works, you will have some idea about it
thank you so much
Greetings!!
I thought MDE for Windows was clever enough these days to understand the roles that are installed on a server and ignore/exclude by default?
These situations are associated with the windows defender side. If we are using a different EPP(KSC), is this still valid?
You should add the exclusions to your third-party security product that’s running on Exchange Server.
The script will add the Exchange Server exclusions to Windows Defender exclusions (optionally). But that doesn’t apply to your environment.
hello, i disable WindowsDefender on my server and installed kaspersky for OS Antivirus…what should i do?
do i remove the folders and tasks manualy?
If you have turned off Windows Defender, you don’t need to do anything with it.
I recommend Uninstalling Windows Defender on Windows Server if you use a third-party security product.
Ensure that the Exchange Server exclusions are set up in your third-party security product (Kaspersky).
Hello and thank you for this great article.
I have windows server 2012 r2 (still) and exchange standard 2013 in DAG mode. I am using eset mail security on db servers. Can I follow the instructions and exclude safely files and dirs? Or this article it’s only for windows.defender?
Thank you
Welcome, George.
The Exchange Server antivirus exclusions are important to be excluded for every security product you have running on Exchange Server.
You should add the exclusions to ESET Mail Security for Microsoft Exchange Server.