Do you use Exchange Server?

The Microsoft Exchange Server is an e-mail server developed exclusively for Windows OS users. It also offers collaboration functions like scheduling and calendaring.

One of the Exchange Server's biggest draws is its high availability features. These features ensure that outages and server failures won’t disrupt server operations.

But while the Exchange Server sounds like a dream for users, it also has limitations. Microsoft warned against performing antivirus scans on some Exchange Server’s files, folders, and processes.

Why exclude files from antivirus scans?

Microsoft explained that scanning certain Exchange Server files and processes could cause stability issues. A Windows antivirus program could lock an open database or log file that may cause severe Exchange Server failures.

The company also released a list of files, folders, and running processes that users should exclude from their scans.


No more scanning restrictions on some Exchange Server files

Recently, Microsoft announced some good news. According to the company, users can now remove some files and processes from the no-scan list. Scanning some of these processes no longer affects the Exchange Server's stability. Including these processes in your antivirus scans even has its benefits.

The files and processes that are no longer part of the exclusions are:

  • %SystemRoot%System32Inetsrv
  • %SystemRoot%Microsoft.NETFramework64v4.0.30319Temporary ASP.NET Files
  • %SystemRoot%System32inetsrvw3wp.exe
  • %SystemRoot%System32WindowsPowerShellv1.0PowerShell.exe

The Exchange team has confirmed that using Microsoft Defender to scan these files does not affect the server’s performance. But the team advised IT and systems admins to still be vigilant. Admins should monitor their servers and inspect their files after the scans.


The benefits of removing restrictions

Exchange Servers have become a popular hacking and cybercrime target in recent years because they are vulnerable and unprotected. A global wave of data breaches and cyberattacks on Exchange Servers began in 2021. The culprit was a Chinese cyber espionage organization called Hafnium. Attacks by other cybercrime groups followed.

These malicious attacks affected businesses and organizations and compromised their data and sensitive information. In a worst-case scenario, this could lead to business operations getting paralyzed.

Being able to scan certain Exchange Server files and processes will help prevent further
cyberattacks. The particular files that are no longer included in the list are usually the ones that attackers target. They inject malware or deploy malicious modules through these files. So, it is a significant improvement for Exchange Server’s security.


My perspective

Businesses and organizations using Exchange Servers will benefit from this new development. Being able to scan some of the files and processes means less vulnerability for them. This, in turn, means more security for customers’ personal data and sensitive information.


"Keep smiling, because life is a beautiful thing
and there's so much to smile about." -Marilyn Monroe


By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this post. I always take into mind that your time and attention are precious. And these posts need to be timely, to the point, and short. For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, YouTube, and Facebook

I am also a published author and speaker on cloud computing, work-from-anywhere, and cybersecurity. I work extensively with business and professional associations to provide small business technology education programs.


Contact me if you have any questions about the subject.
I'd be happy to spend 15 minutes discussing it with you.