Antivirus and Exchange 2007

What folders should be excluded?

Mailbox Server Role:

You must exclude specific directories for each Exchange server or server role on which you run a file-level antivirus scanner. This section describes the directories that you should exclude from file-level scanning for each server or server role.

Mailbox server role

Clustered Mailbox Server Role:

All the items listed in the Mailbox server role list, and the following:

The quorum disk and the %Winnt%Cluster folder
The file share witness. This is located on another server in the environment, typically a Hub transport server.

Hub Transport Server Role:

General log files, for example, message tracking. These files are located in subfolders under the %Program Files%MicrosoftExchange ServerTransportRolesLogs folder. To determine the log paths being used, run the following command in the Exchange Management Shell: Get-TransportServer <servername>| fl *logpath*,*tracingpath*

The message folders that are located under the %Program Files%MicrosoftExchange ServerTransportRoles folder. To determine the paths being used, run the following command in the Exchange Management Shell: Get-TransportServer <servername>| fl *dir*path*

The transport server role queue database, checkpoint, and log files that are located in the %Program Files%MicrosoftExchange ServerTransportRolesDataQueue folder. For more information about how to obtain the directory location if the queue database files have been moved from the default location, see Working with the Queue Database on Transport Servers.

The transport server role Sender Reputation database, checkpoint, and log files that are located in the %Program Files%MicrosoftExchange ServerTransportRolesDataSenderReputation folder

The transport server role IP filter database, checkpoint, and log files that are located in the %Program Files%MicrosoftExchange ServerTransportRolesDataIpFilter folder

The temporary folders that are used to perform conversions:

Content conversions are performed in the server’s TMP folder.
OLE conversions are performed in %Program Files%MicrosoftExchange ServerWorkingOleConvertor folder.

Any Exchange-aware antivirus program folders

Edge Transport Server Role:

The Active Directory Application Mode (ADAM) database and log files that are located in the %Program Files%MicrosoftExchange ServerTransportRolesDataAdam folder. For more information about how to obtain the directory location if the ADAM database files have been moved from the default location, see How to Modify ADAM Configuration.

General log files, for example message tracking. These files are located in subfolders under the %Program Files%MicrosoftExchange ServerTransportRolesLogs folder. To determine the log paths being used, run the following command in the Exchange Management Shell: Get-TransportServer <servername>| fl *logpath*,*tracingpath*

The message folders that are located under the %Program Files%MicrosoftExchange ServerTransportRoles folder. To determine the log paths being used, run the following command in the Exchange Management Shell: Get-TransportServer <servername>| fl *dir*path*

The transport server role queue database, checkpoint, and log files that are located in the %Program Files%MicrosoftExchange ServerTransportRolesDataQueue folder. For more information about how to obtain the directory location if the queue database files have been moved from the default location, see Working with the Queue Database on Transport Servers.

The transport server role Sender Reputation database, checkpoint, and log files that are located in the %Program Files%MicrosoftExchange ServerTransportRolesDataSenderReputation folder

The transport server role IP filter database, checkpoint, and log files that are located in the %Program Files%MicrosoftExchange ServerTransportRolesDataIpFilter folder

The temporary folders that are used to perform conversions:

Content conversions are performed in the server’s TMP folder.
OLE conversions are performed in %Program Files%MicrosoftExchange ServerWorkingOleConvertor folder.

Any Exchange-aware antivirus program folders

Client Access Server Role:

The Internet Information Services (IIS) 6.0 compression folder that is used with Microsoft Outlook Web Access. By default, the compression folder in IIS 6.0 is located at %systemroot%IIS Temporary Compressed Files.
For more information, see the Microsoft Knowledge Base article, IIS 6.0: Antivirus Scanning of IIS Compression Directory May Result in 0-Byte File.

IIS system files in the %SystemRoot%System32Inetsrv folder

The Internet-related files that are stored in the sub-folders of the %Program Files%MicrosoftExchange ServerClientAccess folder

The temporary folder that is used to perform content conversion. By default, this is the server’s TMP folder.

Unified Messaging Server Role:

The grammar files that are stored in the subfolders in the %Program Files%MicrosoftExchange ServerUnifiedMessaginggrammars folder

The voice prompts that are stored in the subfolders in the %Program Files%MicrosoftExchange ServerUnifiedMessagingPrompts folder

The voicemail files that are stored in the %Program Files%MicrosoftExchange ServerUnifiedMessagingvoicemail folder

The bad voicemail files that are stored in the %Program Files%MicrosoftExchange ServerUnifiedMessagingbadvoicemail folder

Forefront Security Server for Exchange role:

The archived messages that are stored in the %Program Files%Microsoft ForeFront SecurityExchange ServerDataArchive folder

The quarantined files that are stored in the %Program Files%Microsoft ForeFront SecurityExchange ServerDataQuarantine folder

The antivirus engine files that are stored in the subfolders of %Program Files%Microsoft ForeFront SecurityExchange ServerDataEnginesx86 folder

The configuration files that are stored in the %Program Files%Microsoft ForeFront SecurityExchange ServerData folder

Microsoft Forefront Security for Exchange server on single copy clusters:

In addition to the directories that contain antivirus engine and configuration files, exclude the directory on the shared storage used for ForeFront data.To determine the path that ForeFront uses on an SCC, check the value of the following registry key:
HKEY_LOCAL_MACHINESOFTWAREWow6432NodeMicrosoftForefront Server SecurityExchange ServerDatabasePath
Incorrectly editing the registry can cause serious problems that may require you to reinstall your operating system. Problems resulting from editing the registry incorrectly may not be able to be resolved. Before editing the registry, back up any valuable data.

Which processes should be excluded?

Cdb.exe	Microsoft.Exchange.Search.Exsearch.exe
Cidaemon.exe	Microsoft.Exchange.Servicehost.exe
Cluster.exe	Msexchangeadtopologyservice.exe
Dsamain.exe	Msexchangefds.exe
Edgecredentialsvc.exe	Msexchangemailboxassistants.exe
Edgetransport.exe	Msexchangemailsubmission.exe
Galgrammargenerator.exe	Msexchangetransport.exe
Inetinfo.exe	Msexchangetransportlogsearch.exe
Mad.exe	Msftefd.exe
Microsoft.Exchange.Antispamupdatesvc.exe	Msftesql.exe
Microsoft.Exchange.Contentfilter.Wrapper.exe	Oleconverter.exe
Microsoft.Exchange.Cluster.Replayservice.exe	Powershell.exe
Microsoft.Exchange.Edgesyncsvc.exe	Sesworker.exe
Microsoft.Exchange.Imap4.exe	Speechservice.exe
Microsoft.Exchange.Imap4service.exe	Store.exe
Microsoft.Exchange.Infoworker.Assistants.exe	Transcodingservice.exe
Microsoft.Exchange.Monitoring.exe	Umservice.exe
Microsoft.Exchange.Pop3.exe	Umworkerprocess.exe
Microsoft.Exchange.Pop3service.exe	W3wp.exe

If Forefront is being deployed exclude these as well:

Adonavsvc.exe	Fscstatsserv.exe
Fsccontroller.exe	Fsctransportscanner.exe
Fscdiag.exe	Fscutility.exe
Fscexec.exe	Fsemailpickup.exe
Fscimc.exe	Fssaclient.exe
Fscmanualscanner.exe	Getenginefiles.exe
Fscmonitor.exe	Perfmonitorsetup.exe
Fscrealtimescanner.exe	Scanenginetest.exe
Fscstarter.exe	Semsetup.exe

Extensions that can also be excluded in case any of the above items are moved to another directory:

Application-related extensions

.config
.dia
.wsb

Database-related extensions

.chk
.log
.edb
.jrs
.que

Offline Address Book-related extensions:

.lzx

Content Index-related extensions

.ci	.wid	.001
.dir	.000	.002

Unified Messaging-related extensions

.cfg
.grxml

ForeFront Security for Exchange Server–related extensions

.avc	.dt	.lst
.cab	.fdb	.mdb
.cfg	.fdm	.ppl
.config	.ide	.set
.da1	.key	.v3d
.dat	.klb	.vdb
.def	.kli	.vdm

Antivirus and Exchange 2007

Using powershell to move offline address book to another server

Exchange Management Shell to create a new public folder database

jeremy.whittaker

Antivirus and Exchange 2007

Using powershell to move offline address book to another server

Exchange Management Shell to create a new public folder database

Using powershell to move offline address book to another server

Exchange Management Shell to create a new public folder database

Mailbox Server Role:

Clustered Mailbox Server Role:

Edge Transport Server Role:

Client Access Server Role:

jeremy.whittaker

Related posts

How to RDP into an Azure Active Directory-joined PC using a Microsoft account

How to bypass https on WordPress when you can’t access your site

Some Older Printer Drivers Are Vulnerable To Hackers