Check Exchange Antivirus exclusions – ALI TAJRAN

Check Exchange Antivirus exclusions
Check your system’s exclusions to determine if CheckExchange.com is allowed in the scheduled antivirus program or not.
C Program:
This example will show you how to check whether a file is included in an exclusion list of PC security software programs on Windows 10 operating systems. If a file name matches any part of one of the words, then it would be considered as being excluded from this particular security software program and so could not run on that computer at present time.,
If a file name does NOT match any part of one of these words, then it would be safe for this particular security update program to run on this computer allowing CheckExchange.com access without unnecessary trouble during its work process..

The “Exchange 2010 antivirus exclusions” is a tool that checks the Exchange 2010 antivirus exclusions and lets you know if they are up to date.

Check Exchange Antivirus exclusions - ALI TAJRAN

How can I be sure that the Exchange Server exclusions are being properly ignored by the antivirus? We’ve previously shown how to acquire the Antivirus exclusions for Exchange Server 2013/2016/2019 using a PowerShell script. The script runs on the Exchange Servers, and all of the Exchange Server exclusions appear in three text files as a consequence. After that, you must remove it from the security software. This might be Microsoft Defender Antivirus or any other security software installed on the Exchange Server.

What if you wish to double-check that the Antivirus exclusions are properly configured? In this post, we’ll look at how to use a PowerShell script to verify the Exchange Antivirus exclusions.

Introduction

When you establish the Antivirus exclusions for Exchange Server, you almost never look back. Isn’t it, however, preferable to double-check and verify that the exclusions are accurately set? Perhaps you don’t manage the security solution and don’t notify the security staff about the exclusions. How can you be sure the team left out the right exclusions?

Let’s have a look at the PowerShell script and see whether the Exchange Server’s Antivirus exclusions are configured appropriately.

Exchange anti-virus exclusions for testing Script in PowerShell

The Test-ExchAVExclusions.ps1 PowerShell script is a great method to check whether the Antivirus exclusions are set properly.

Exclusions from the Test-ExchAVExclusions. ps1 A PowerShell script creates an EICAR test file for all Exchange Server routes that need to be excluded. They should then be ignored by the security software. This might be Microsoft Defender Antivirus or a third-party anti-virus program installed on the Exchange Server.

After executing the script, you’ll get two outcomes:

  1. The path is not correctly excluded from AV scanning if the file is deleted.
  2. If the file isn’t deleted, it should be excluded appropriately.

The script will wait 60 seconds for AV to “see” and destroy the EICAR files when they are created.

The European Institute for Computer Antivirus Research (EICAR) and the Computer Antivirus Research Organization (CARO) created the EICAR Antivirus Test File or EICAR assess file to test the responsiveness of computer antivirus (AV) systems. Instead than employing genuine malware that may do real harm, this test file enables users to evaluate antivirus software without really infecting their computers.

Download Exchange anti-virus exclusions for testing Script in PowerShell

Download the PowerShell script Test-ExchAVExclusions.ps1 from GitHub or here (direct) and save it to the Exchange Server C:scripts folder. Make a scripts folder if you don’t already have one.

To avoid issues while executing the script, make sure the file is unblocked. More information may be found in the article. When executing a PowerShell script, an error occurs because it is not securely signed.

Check-Exchange-Antivirus-exclusions-ALI-TAJRAN

Run Exchange anti-virus exclusions for testing Script in PowerShell without exclusions set

As an administrator, run Exchange Management Shell. Run the script by changing the directory path to C:scripts.

PS C:> cd C:scripts PS C:scripts> .Test-ExchAVExclusions.ps1

For 60 seconds, the script will execute.

1644273199_10_Check-Exchange-Antivirus-exclusions-ALI-TAJRAN

The results of the script will be shown on the screen after it has finished executing.

[8:23:45 PM, 2/7/2022] – EICAR Files Creation [8:24:47 PM, 2/7/2022] – Examining EICAR files [8:24:47 PM, 2/7/2022] c:windowsclustereicar.com – [FAIL] – Possible AV Scanning [8:24:47 PM, 2/7/2022] c:program filesmicrosoftexchange serverv15clientaccessoabeicar.com – [FAIL] – Possible AV Scanning [8:24:47 PM, 2/7/2022] c:program filesmicrosoftexchange serverv15fip-fseicar.com – [FAIL] – Possible AV Scanning [8:24:47 PM, 2/7/2022] c:program filesmicrosoftexchange serverv15groupmetricseicar.com – [FAIL] – Possible AV Scanning [8:24:47 PM, 2/7/2022] c:program filesmicrosoftexchange serverv15loggingeicar.com – [FAIL] – Possible AV Scanning [8:24:47 PM, 2/7/2022] c:program filesmicrosoftexchange serverv15mailboxeicar.com – [FAIL] – Possible AV Scanning [8:24:47 PM, 2/7/2022] c:program filesmicrosoftexchange serverv15transportrolesdataipfiltereicar.com – [FAIL] – Possible AV Scanning [8:24:47 PM, 2/7/2022] c:program filesmicrosoftexchange serverv15transportrolesdataqueueeicar.com – [FAIL] – Possible AV Scanning [8:24:47 PM, 2/7/2022] – [ERROR] – Scanning with antivirus software: c:program filesmicrosoftexchange serverv15transportrolesdatatempeicar.com [8:24:47 PM, 2/7/2022] c:program filesmicrosoftexchange serverv15transportroleslogseicar.com – [FAIL] – Possible AV Scanning [8:24:47 PM, 2/7/2022] c:program filesmicrosoftexchange serverv15transportrolespickupeicar.com – [FAIL] – Possible AV Scanning [8:24:47 PM, 2/7/2022] c:program filesmicrosoftexchange serverv15transportrolesreplayeicar.com – [FAIL] – Possible AV Scanning [8:24:47 PM, 2/7/2022] c:program filesmicrosoftexchange serverv15workingoleconvertereicar.com – [FAIL] – Possible AV Scanning [8:24:47 PM, 2/7/2022] c:windowsmicrosoft.netframework64v4.0.30319temporary asp.net fileseicar.com – [FAIL] – Possible AV Scanning [8:24:47 PM, 2/7/2022] c:windowssystem32inetsrveicar.com – [FAIL] – Possible AV Scanning [8:24:47 PM, 2/7/2022] e:db01eicar.com – [FAIL] – Possible AV Scanning [8:24:47 PM, 2/7/2022] – [FAIL] – f:db01eicar.com may have been scanned by an antivirus program. [8:24:47 PM, 2/7/2022] g:db02eicar.com – [FAIL] – Possible AV Scanning [8:24:47 PM, 2/7/2022] h:db02eicar.com – [FAIL] – Possible AV Scanning WARNING: There are 19 folders that may be searched! WARNING: C:Usersadministrator.EXOIPAppDataLocalBadFolders.txt should be reviewed. To see the whole list, click here.

Examine the log files for Exchange Antivirus exclusions.

Two files are created in the AppData local directory by the PowerShell script:

  • Antivirus scanned directories are listed in BadFolders.txt.
  • ExchAvExclusions.log: a logbook

Open File Explorer and go to the following location:

LOCALAPPDATA% LOCALAPPDATA% LOCALAPPDATA% LOCAL 1644273199_120_Check-Exchange-Antivirus-exclusions-ALI-TAJRAN

Open the ExchAvExclusions.log file and examine it.

1644273200_944_Check-Exchange-Antivirus-exclusions-ALI-TAJRAN

Open the BadFolders.txt file and examine it.

1644273200_480_Check-Exchange-Antivirus-exclusions-ALI-TAJRAN

Run Exchange anti-virus exclusions for testing Script in PowerShell with exclusions set

Let’s repeat the PowerShell script Test-ExchAVExclusions.ps1. This time, however, the Exchange Server Antivirus exclusions were enabled.

PS C:> cd C:scripts PS C:scripts> .Test-ExchAVExclusions.ps1

Antivirus exclusions are configured on the Exchange Server, according to the results of the scan.

[8:10:10 PM, 2/7/2022] – EICAR File Creation [2/7/2022 8:11:12 PM] – EICAR file testing [2/7/2022 8:11:12 PM] – Exclusions seem to be appropriately configured; all EICAR files were located.

Everything seems to be in excellent condition.

Conclusion

You discovered how to examine the Exchange Server Antivirus exclusions. It’s a good idea to double-check that the Antivirus exclusions on the Exchange Server are configured correctly. Microsoft Defender Antivirus or a third-party antivirus solution may be used. You can come upon an incorrectly placed exclusion. Rerun the script to test again after ensuring that the Exchange Antivirus exclusions are configured.

Did you find this article to be interesting? You may also be interested in Outlook problems caused by Exchange Server AMSI integration. Don’t forget to subscribe to our newsletter and share this content.

The “cisco amp exchange exclusions” is a tool that can be used to check the Exchange Antivirus exclusions. It also includes a list of all Exchange Antivirus exclusions and their descriptions.

Related Tags

  • mcafee exchange exclusions
  • best antivirus for exchange server 2016
  • sophos exchange 2019 exclusions
  • exchange server virus
  • exchange logging folder cleanup