Microsoft recently released a security advisory urging Exchange server administrators to review their antivirus and antimalware security products. The company has identified potential issues with the way some antivirus applications interact with Exchange, which can introduce security risks.
Understanding the Risk
Microsoft’s advisory warns that some Exchange servers may have been configured with antivirus and antimalware exclusions and settings. Despite the expected protection they provide, the exclusions can actually leave Exchange servers open to malicious actors.
For example, if an administrator configures an anti-malware scanner to not scan executable files in a certain directory, then a malicious executable file could be uploaded to that directory. The malicious file may then execute and be free to spread to other directories and computers within the network.
Microsoft’s Guidance
In order to ensure the security of Exchange servers, Microsoft recommends that admins review and remove any antivirus settings or exclusions that may be in effect. This includes file, folder, and process exclusions, and it applies to all anti-malware settings.
Additionally, admins should enable Real-Time protection on their antivirus applications. This will ensure that malicious files are immediately detected and blocked as soon as they are uploaded. Microsoft also suggests disabling “application optimization” features, as they can interfere with the way Exchange handles files.
Verifying Compliance
Given the importance of ensuring the security of Exchange, Microsoft recommends that admins regularly audit their environment to verify that the settings have been applied properly. This should include regular scans and checks to confirm that all antivirus exclusions have been removed and all settings are correct.
Conclusion
As Microsoft’s advisory states, ensuring the security of Exchange is of critical importance. It is essential for admins to review and remove any antivirus exclusions and settings that are configured for Exchange. By doing so, admins can protect their Exchange environment from malicious actors and ensure their networks are as secure as possible. Share this article on social media to help spread awareness and ensure Exchange servers are protected from potentially damaging security risks.