Skip to main content

Batch Add Microsoft Exchange 2016 exclusions to Windows Defender on Windows 2016

When you install Microsoft Exchange 2016 on Windows 2016 server it is suggested to add some exclusions to Windows Defender. Since the list is quite large, use PowerShell to add exclusions. Exclusion list can be found at https://technet.microsoft.com/en-us/library/bb332342(v=exchg.160).aspx

SECURITY PRECAUTION - Don't just blindly copy below commands and exclusions but check them. If anyone manipulated the below list on this site without my knowledge you will end adding exclusions you don't want to have.

  1. Run PowerShell on Windows 2016 Exchange 2016 server as administrator.
  2. Add Folder Exclusions
    3. Set-MpPreference -ExclusionPath $env:SystemRoot"\Cluster",$env:ExchangeInstallPath"ClientAccess\OAB",$env:ExchangeInstallPath"FIP-FS",$env:ExchangeInstallPath"GroupMetrics",$env:ExchangeInstallPath"Logging",$env:ExchangeInstallPath"Mailbox",$env:ExchangeInstallPath"TransportRoles\Data\Adam",$env:ExchangeInstallPath"TransportRoles\Data\IpFilter",$env:ExchangeInstallPath"TransportRoles\Data\Queue",$env:ExchangeInstallPath"TransportRoles\Data\SenderReputation",$env:ExchangeInstallPath"TransportRoles\Data\Temp",$env:ExchangeInstallPath"TransportRoles\Logs",$env:ExchangeInstallPath"TransportRoles\Pickup",$env:ExchangeInstallPath"TransportRoles\Replay",$env:ExchangeInstallPath"UnifiedMessaging\Grammars",$env:ExchangeInstallPath"UnifiedMessaging\Prompts",$env:ExchangeInstallPath"UnifiedMessaging\Temp",$env:ExchangeInstallPath"UnifiedMessaging\Voicemail",$env:ExchangeInstallPath"Working\OleConverter",$env:SystemDrive"\inetpub\temp\IIS Temporary Compressed Files",$env:SystemRoot"\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files",$env:SystemRoot"\System32\Inetsrv"
  3. Add Process exclusions
    4. Set-MpPreference -ExclusionProcess "ComplianceAuditService.exe","Dsamain.exe","EdgeTransport.exe","fms.exe","hostcontrollerservice.exe","inetinfo.exe","Microsoft.Exchange.AntispamUpdateSvc.exe","Microsoft.Exchange.ContentFilter.Wrapper.exe","Microsoft.Exchange.Diagnostics.Service.exe","Microsoft.Exchange.Directory.TopologyService.exe","Microsoft.Exchange.EdgeCredentialSvc.exe","Microsoft.Exchange.EdgeSyncSvc.exe","Microsoft.Exchange.Imap4.exe","Microsoft.Exchange.Imap4service.exe","Microsoft.Exchange.Notifications.Broker.exe","Microsoft.Exchange.Pop3.exe","Microsoft.Exchange.Pop3service.exe","Microsoft.Exchange.ProtectedServiceHost.exe","Microsoft.Exchange.RPCClientAccess.Service.exe","Microsoft.Exchange.Search.Service.exe","Microsoft.Exchange.Servicehost.exe","Microsoft.Exchange.Store.Service.exe","Microsoft.Exchange.Store.Worker.exe","Microsoft.Exchange.UM.CallRouter.exe","MSExchangeCompliance.exe","MSExchangeDagMgmt.exe","MSExchangeDelivery.exe","MSExchangeFrontendTransport.exe","MSExchangeHMHost.exe","MSExchangeHMWorker.exe","MSExchangeMailboxAssistants.exe","MSExchangeMailboxReplication.exe","MSExchangeRepl.exe","MSExchangeSubmission.exe","MSExchangeTransport.exe","MSExchangeTransportLogSearch.exe","MSExchangeThrottling.exe","Noderunner.exe","OleConverter.exe","ParserServer.exe","Powershell.exe","ScanEngineTest.exe","ScanningProcess.exe","UmService.exe","UmWorkerProcess.exe","UpdateService.exe","W3wp.exe","wsbexchange.exe"
  4. Add Extension exclusions
    5. Set-MpPreference -ExclusionExtension ".config",".chk",".edb",".jfm",".jrs",".log",".que",".dsc",".txt",".cfg",".grxml",".lzx"


Labels:

Comments

Post a Comment

Popular posts from this blog

Netscaler vs Exchange 2019 "time out during ssl handshake stage

If you are using Citrix Netscaler as load balancer in front of Exchange 2019 server you must know this: Microsoft Exchange 2019 is secured by default and allows only TLS 1.2. Therefore default schannel settings are as follows (using IISCrypto tool from Nartac Software): While Citrix Netscaler offers following Cipher Suites: TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 TLS_DH_anon_WITH_DES_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_AES_256_CBC_SHA TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA Now, you will fi
1 comment
Read more

Exchange Admin Center language

Depending on your computer language settings, Exchange Admin Center can take those and open in a language you actually don't want to use. You'll Google that this can be changed if administrator/ admin user has mailbox by openening OWA settings and changing Regional parameters. But usually Admin user does not have mailbox or you don't want her/him to have it. You will search again and find that you can add mkt=en-US (as an example) to the URL of the Exchange Admin Center (https://yourexchangehostname/ecp?ExchClientVer=15&mkt=en-US) Third option you have is opening Internet Explorer settings (I am using Windows 2016) Click languages Click Set Language Preferences Add language you want to use by clicking Add language Use Move up or Move Down options to put desired language on top Close Internet Explorer Open it again and login again to Exchange Admin Center
Post a Comment
Read more

Exchange queue 451 4.4.0 Primary target IP address responded with: "235 00000...

You might find messages staying in queue on your email server (mixed environment 2007/2010 Exchange) and Error showing: 451 4.4.0 Primary target IP address responded with: "23500000870YIIGUAYJKoZIhvcSAQICAQBuggY/MIIGO6ADAgEFoQMCAQ6iBwMFAAAAAACjggTEYYIwDCCBLygAwIBBaEPGw1JTkNPSVMuR09WLklOoigwJqADAgECoR8wHRsHU01UUFNWQxsSTUFJTC5pbmNvaXMuZ292Lmluo4IEeDCCBHSgAwIBEqEDAgFMooIEZgSCBGIjDRqyadXg4Y1GQAcMZKo9KfI/2l1JPauKHPjVxyi3sP+6PV8wXjzRn36QjnIsLu7OPtzWDRkJBR/VFnJMLT3wTpg0uEe4eAr7kAgJ+mo4vbuFdlYb+ns23tnLO2kyt3dfXgrPF5Ulm4C6me734JrfOrkT51UCliUMKmlcDAhcPEmDUagjCg9XmLatKNTn41sFZktRjFs8bXexAacl/Wil+gFI5qZbh9nrs922FUoLhmX1U7dS6xiyH2VHaxCAodcbNh14apN/rK0SvjQZi+L2bO2RSF3Rx5LO4zAPfn9LAlNQRwQo8U8NR7J1JACBUwe3t3InTRA0TXyJNCxVGZBM5QjgeJFgBRN6pqa6jZyT7tUgURrG1fHFs4fV77jyxgKjxcrUdc5n7MWT77sfLlb4Ao5HJukOnWlBVUyoDCDvVarc+8/5VJdWFxnNUkohaVUPnDYMMGiGsadDYy39omsSasFkLShLqE7vBGx3WdsvQQnH2kOTwS4mfbWsuulDUfgHOoBg4AW/fB1oxCUT5E3/siLDdurZX/LEjSCmwxbtzzLJ9IGhAlMb+WUUhlZiNb2mn3pZAUlQnDip0ZkXi2nYm71FaTnBb1chScpn
Post a Comment
Read more