Skip to main content

Batch Add Microsoft Exchange 2019 exclusions to Windows Defender on Windows 2019/2022

When you install Microsoft Exchange 2019 on Windows 2019 or 2022 server it is suggested to add some exclusions to Windows Defender. Since the list is quite large, use PowerShell to add exclusions. Exclusion list can be found at Running Windows antivirus software on Exchange servers | Microsoft Learn


SECURITY PRECAUTION - Don't just blindly copy below commands and exclusions but check them. If anyone manipulated the below list on this site without my knowledge you will end adding exclusions you don't want to have.

  1. Run PowerShell on Windows 2019/2022 Exchange 2019 server as administrator.
# Define the exclusion paths
    $folderExclusions = @(
          "$env:SystemRoot\Cluster",
            "$env:ExchangeInstallPath\ClientAccess\OAB",
              "$env:ExchangeInstallPath\FIP-FS",
                "$env:ExchangeInstallPath\GroupMetrics",
                  "$env:ExchangeInstallPath\Logging",
                    "$env:ExchangeInstallPath\Mailbox",
                      "$env:ExchangeInstallPath\TransportRoles\Data\Adam",
                        "$env:ExchangeInstallPath\TransportRoles\Data\IpFilter",
                          "$env:ExchangeInstallPath\TransportRoles\Data\Queue",
                            "$env:ExchangeInstallPath\TransportRoles\Data\SenderReputation",
                              "$env:ExchangeInstallPath\TransportRoles\Data\Temp",
                                "$env:ExchangeInstallPath\TransportRoles\Logs",
                                  "$env:ExchangeInstallPath\TransportRoles\Pickup",
                                    "$env:ExchangeInstallPath\TransportRoles\Replay",
                                      "$env:ExchangeInstallPath\UnifiedMessaging\Grammars",
                                        "$env:ExchangeInstallPath\UnifiedMessaging\Prompts",
                                          "$env:ExchangeInstallPath\UnifiedMessaging\Temp",
                                            "$env:ExchangeInstallPath\UnifiedMessaging\Voicemail",
                                              "$env:ExchangeInstallPath\Working\OleConverter",
                                                "$env:SystemDrive\inetpub\temp\IIS Temporary Compressed Files"
                                              )

                                                  # Add folder exclusions
                                                    foreach ($folder in $folderExclusions) {
                                                          Add-MpPreference -ExclusionPath $folder
                                                        }

                                                            # Define the exclusion processes
                                                              $processExclusions = @(
                                                                    "ComplianceAuditService.exe",
                                                                      "Dsamain.exe",
                                                                        "EdgeTransport.exe",
                                                                          "fms.exe",
                                                                            "hostcontrollerservice.exe",
                                                                              "inetinfo.exe",
                                                                                "Microsoft.Exchange.AntispamUpdateSvc.exe",
                                                                                  "Microsoft.Exchange.ContentFilter.Wrapper.exe",
                                                                                    "Microsoft.Exchange.Diagnostics.Service.exe",
                                                                                      "Microsoft.Exchange.Directory.TopologyService.exe",
                                                                                        "Microsoft.Exchange.EdgeCredentialSvc.exe",
                                                                                          "Microsoft.Exchange.EdgeSyncSvc.exe",
                                                                                            "Microsoft.Exchange.Imap4.exe",
                                                                                              "Microsoft.Exchange.Imap4service.exe",
                                                                                                "Microsoft.Exchange.Notifications.Broker.exe",
                                                                                                  "Microsoft.Exchange.Pop3.exe",
                                                                                                    "Microsoft.Exchange.Pop3service.exe",
                                                                                                      "Microsoft.Exchange.ProtectedServiceHost.exe",
                                                                                                        "Microsoft.Exchange.RPCClientAccess.Service.exe",
                                                                                                          "Microsoft.Exchange.Search.Service.exe",
                                                                                                            "Microsoft.Exchange.Servicehost.exe",
                                                                                                              "Microsoft.Exchange.Store.Service.exe",
                                                                                                                "Microsoft.Exchange.Store.Worker.exe",
                                                                                                                  "Microsoft.Exchange.UM.CallRouter.exe",
                                                                                                                    "MSExchangeCompliance.exe",
                                                                                                                      "MSExchangeDagMgmt.exe",
                                                                                                                        "MSExchangeDelivery.exe",
                                                                                                                          "MSExchangeFrontendTransport.exe",
                                                                                                                            "MSExchangeHMHost.exe",
                                                                                                                              "MSExchangeHMWorker.exe",
                                                                                                                                "MSExchangeMailboxAssistants.exe",
                                                                                                                                  "MSExchangeMailboxReplication.exe",
                                                                                                                                    "MSExchangeRepl.exe",
                                                                                                                                      "MSExchangeSubmission.exe",
                                                                                                                                        "MSExchangeTransport.exe",
                                                                                                                                          "MSExchangeTransportLogSearch.exe",
                                                                                                                                            "MSExchangeThrottling.exe",
                                                                                                                                              "Noderunner.exe",
                                                                                                                                                "OleConverter.exe",
                                                                                                                                                  "ParserServer.exe",
                                                                                                                                                    "ScanEngineTest.exe",
                                                                                                                                                      "ScanningProcess.exe",
                                                                                                                                                        "UmService.exe",
                                                                                                                                                          "UmWorkerProcess.exe",
                                                                                                                                                            "UpdateService.exe",
                                                                                                                                                              "wsbexchange.exe"
                                                                                                                                                            )

                                                                                                                                                                # Add process exclusions
                                                                                                                                                                  foreach ($process in $processExclusions) {
                                                                                                                                                                        Add-MpPreference -ExclusionProcess $process
                                                                                                                                                                      }

                                                                                                                                                                          # Define the file extension exclusions
                                                                                                                                                                            $extensionExclusions = @(
                                                                                                                                                                                  ".config",
                                                                                                                                                                                    ".chk",
                                                                                                                                                                                      ".edb",
                                                                                                                                                                                        ".jfm",
                                                                                                                                                                                          ".jrs",
                                                                                                                                                                                            ".log",
                                                                                                                                                                                              ".que",
                                                                                                                                                                                                ".dsc",
                                                                                                                                                                                                  ".txt",
                                                                                                                                                                                                    ".cfg",
                                                                                                                                                                                                      ".grxml",
                                                                                                                                                                                                        ".lzx"
                                                                                                                                                                                                      )

                                                                                                                                                                                                          # Add file extension exclusions
                                                                                                                                                                                                            foreach ($extension in $extensionExclusions) {
                                                                                                                                                                                                                  Add-MpPreference -ExclusionExtension $extension
                                                                                                                                                                                                                }
                                                                                                                                                                                                                  # Output current exclusions to verify
                                                                                                                                                                                                                    Get-MpPreference | Select-Object -Property ExclusionPath, ExclusionProcess, ExclusionExtension
                                                                                                                                                                                                                      And if this is somehow blocked from doing, you can add exclusions to Local Group Policy through registry:

                                                                                                                                                                                                                      # Define the exclusion paths with environment variables

                                                                                                                                                                                                                      $folderExclusions = @(

                                                                                                                                                                                                                          "%SystemRoot%\Cluster",

                                                                                                                                                                                                                          "%ExchangeInstallPath%\ClientAccess\OAB",

                                                                                                                                                                                                                          "%ExchangeInstallPath%\FIP-FS",

                                                                                                                                                                                                                          "%ExchangeInstallPath%\GroupMetrics",

                                                                                                                                                                                                                          "%ExchangeInstallPath%\Logging",

                                                                                                                                                                                                                          "%ExchangeInstallPath%\Mailbox",

                                                                                                                                                                                                                          "%ExchangeInstallPath%\TransportRoles\Data\Adam",

                                                                                                                                                                                                                          "%ExchangeInstallPath%\TransportRoles\Data\IpFilter",

                                                                                                                                                                                                                          "%ExchangeInstallPath%\TransportRoles\Data\Queue",

                                                                                                                                                                                                                          "%ExchangeInstallPath%\TransportRoles\Data\SenderReputation",

                                                                                                                                                                                                                          "%ExchangeInstallPath%\TransportRoles\Data\Temp",

                                                                                                                                                                                                                          "%ExchangeInstallPath%\TransportRoles\Logs",

                                                                                                                                                                                                                          "%ExchangeInstallPath%\TransportRoles\Pickup",

                                                                                                                                                                                                                          "%ExchangeInstallPath%\TransportRoles\Replay",

                                                                                                                                                                                                                          "%ExchangeInstallPath%\UnifiedMessaging\Grammars",

                                                                                                                                                                                                                          "%ExchangeInstallPath%\UnifiedMessaging\Prompts",

                                                                                                                                                                                                                          "%ExchangeInstallPath%\UnifiedMessaging\Temp",

                                                                                                                                                                                                                          "%ExchangeInstallPath%\UnifiedMessaging\Voicemail",

                                                                                                                                                                                                                          "%ExchangeInstallPath%\Working\OleConverter",

                                                                                                                                                                                                                          "%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files"

                                                                                                                                                                                                                      )

                                                                                                                                                                                                                       

                                                                                                                                                                                                                      # Define the exclusion processes

                                                                                                                                                                                                                      $processExclusions = @(

                                                                                                                                                                                                                          "ComplianceAuditService.exe",

                                                                                                                                                                                                                          "Dsamain.exe",

                                                                                                                                                                                                                          "EdgeTransport.exe",

                                                                                                                                                                                                                          "fms.exe",

                                                                                                                                                                                                                          "hostcontrollerservice.exe",

                                                                                                                                                                                                                          "inetinfo.exe",

                                                                                                                                                                                                                          "Microsoft.Exchange.AntispamUpdateSvc.exe",

                                                                                                                                                                                                                          "Microsoft.Exchange.ContentFilter.Wrapper.exe",

                                                                                                                                                                                                                          "Microsoft.Exchange.Diagnostics.Service.exe",

                                                                                                                                                                                                                          "Microsoft.Exchange.Directory.TopologyService.exe",

                                                                                                                                                                                                                          "Microsoft.Exchange.EdgeCredentialSvc.exe",

                                                                                                                                                                                                                          "Microsoft.Exchange.EdgeSyncSvc.exe",

                                                                                                                                                                                                                          "Microsoft.Exchange.Imap4.exe",

                                                                                                                                                                                                                          "Microsoft.Exchange.Imap4service.exe",

                                                                                                                                                                                                                          "Microsoft.Exchange.Notifications.Broker.exe",

                                                                                                                                                                                                                          "Microsoft.Exchange.Pop3.exe",

                                                                                                                                                                                                                          "Microsoft.Exchange.Pop3service.exe",

                                                                                                                                                                                                                          "Microsoft.Exchange.ProtectedServiceHost.exe",

                                                                                                                                                                                                                          "Microsoft.Exchange.RPCClientAccess.Service.exe",

                                                                                                                                                                                                                          "Microsoft.Exchange.Search.Service.exe",

                                                                                                                                                                                                                          "Microsoft.Exchange.Servicehost.exe",

                                                                                                                                                                                                                          "Microsoft.Exchange.Store.Service.exe",

                                                                                                                                                                                                                          "Microsoft.Exchange.Store.Worker.exe",

                                                                                                                                                                                                                          "Microsoft.Exchange.UM.CallRouter.exe",

                                                                                                                                                                                                                          "MSExchangeCompliance.exe",

                                                                                                                                                                                                                          "MSExchangeDagMgmt.exe",

                                                                                                                                                                                                                          "MSExchangeDelivery.exe",

                                                                                                                                                                                                                          "MSExchangeFrontendTransport.exe",

                                                                                                                                                                                                                          "MSExchangeHMHost.exe",

                                                                                                                                                                                                                          "MSExchangeHMWorker.exe",

                                                                                                                                                                                                                          "MSExchangeMailboxAssistants.exe",

                                                                                                                                                                                                                          "MSExchangeMailboxReplication.exe",

                                                                                                                                                                                                                          "MSExchangeRepl.exe",

                                                                                                                                                                                                                          "MSExchangeSubmission.exe",

                                                                                                                                                                                                                          "MSExchangeTransport.exe",

                                                                                                                                                                                                                          "MSExchangeTransportLogSearch.exe",

                                                                                                                                                                                                                          "MSExchangeThrottling.exe",

                                                                                                                                                                                                                          "Noderunner.exe",

                                                                                                                                                                                                                          "OleConverter.exe",

                                                                                                                                                                                                                          "ParserServer.exe",

                                                                                                                                                                                                                          "ScanEngineTest.exe",

                                                                                                                                                                                                                          "ScanningProcess.exe",

                                                                                                                                                                                                                          "UmService.exe",

                                                                                                                                                                                                                          "UmWorkerProcess.exe",

                                                                                                                                                                                                                          "UpdateService.exe",

                                                                                                                                                                                                                          "wsbexchange.exe"

                                                                                                                                                                                                                      )

                                                                                                                                                                                                                       

                                                                                                                                                                                                                      # Define the exclusion extensions

                                                                                                                                                                                                                      $extensionExclusions = @(

                                                                                                                                                                                                                          ".config",

                                                                                                                                                                                                                          ".chk",

                                                                                                                                                                                                                          ".edb",

                                                                                                                                                                                                                          ".jfm",

                                                                                                                                                                                                                          ".jrs",

                                                                                                                                                                                                                          ".log",

                                                                                                                                                                                                                          ".que",

                                                                                                                                                                                                                          ".dsc",

                                                                                                                                                                                                                          ".txt",

                                                                                                                                                                                                                          ".cfg",

                                                                                                                                                                                                                          ".grxml",

                                                                                                                                                                                                                          ".lzx"

                                                                                                                                                                                                                      )

                                                                                                                                                                                                                       

                                                                                                                                                                                                                      # Registry paths for exclusions

                                                                                                                                                                                                                      $regPathFolders = "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths"

                                                                                                                                                                                                                      $regPathProcesses = "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Processes"

                                                                                                                                                                                                                      $regPathExtensions = "HKLM:\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions"

                                                                                                                                                                                                                       

                                                                                                                                                                                                                      # Add folder exclusions as REG_SZ with a value of 0

                                                                                                                                                                                                                      foreach ($folder in $folderExclusions) {

                                                                                                                                                                                                                          New-ItemProperty -Path $regPathFolders -Name $folder -Value 0 -PropertyType String -Force

                                                                                                                                                                                                                      }

                                                                                                                                                                                                                       

                                                                                                                                                                                                                      # Add process exclusions as REG_SZ with a value of 0

                                                                                                                                                                                                                      foreach ($process in $processExclusions) {

                                                                                                                                                                                                                          New-ItemProperty -Path $regPathProcesses -Name $process -Value 0 -PropertyType String -Force

                                                                                                                                                                                                                      }

                                                                                                                                                                                                                       

                                                                                                                                                                                                                      # Add extension exclusions as REG_SZ with a value of 0

                                                                                                                                                                                                                      foreach ($extension in $extensionExclusions) {

                                                                                                                                                                                                                          New-ItemProperty -Path $regPathExtensions -Name $extension -Value 0 -PropertyType String -Force

                                                                                                                                                                                                                      }

                                                                                                                                                                                                                       

                                                                                                                                                                                                                      Write-Host "Exclusions added to Local Group Policy as REG_SZ with value 0."


                                                                                                                                                                                                                      Popular posts from this blog

                                                                                                                                                                                                                      Reason: [{LED=250 2.1.5 RESOLVER.GRP.Expanded; distribution list expanded};{MSG=};{FQDN=};{IP=};{LRT=}]

                                                                                                                                                                                                                       If you got this error checking the mail flow for a distribution group, it means the distribution group is closed and only internal senders can send e-mail to this group. When outside user sends e-mail to this group you get  Reason: [{LED=250 2.1.5 RESOLVER.GRP.Expanded; distribution list expanded};{MSG=};{FQDN=};{IP=};{LRT=}] Set Delivery for this group to internal and external users and your problem will be solved. 

                                                                                                                                                                                                                      Netscaler vs Exchange 2019 "time out during ssl handshake stage

                                                                                                                                                                                                                      If you are using Citrix Netscaler as load balancer in front of Exchange 2019 server you must know this: Microsoft Exchange 2019 is secured by default and allows only TLS 1.2. Therefore default schannel settings are as follows (using IISCrypto tool from Nartac Software): While Citrix Netscaler offers following Cipher Suites: TLS_RSA_WITH_AES_256_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_256_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_256_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA TLS_RSA_WITH_DES_CBC_SHA TLS_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 TLS_DHE_DSS_WITH_DES_CBC_SHA TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_DHE_RSA_WITH_DES_CBC_SHA TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA TLS_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 TLS_DH_anon_WITH_DES_CBC_SHA TLS_DH_anon_WITH_AES_128_CBC_SHA TLS_DH_anon_WITH_AES_256_CBC_SHA TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHA Now, you will fi...

                                                                                                                                                                                                                      Apple iPhone Text responses go to wrong country code

                                                                                                                                                                                                                      A user wrote: Recently I went to Portugal and when I was there I bought a sim card and put it in my iPhone 11 Pro, with my primary e-sim still in it. When I got home to Australia, I deactivated the Portugal sim-card, deleted it and took the sim card out. Now when someone call me I respond with text, my iPhone changes the calling numbers country code to +31. I had the same problem. Despite turning "Dial assist" on/off, checking Country, Language and all the suggested stuff it did not work for me. What I did at the end was deleting country prefix from contact numbers --> Save --> Added country prefix again . It works now.