Wednesday 18 February 2015

Using an anti-malware solution with Exchange 2013

There are three main options available for anti-malware protection with Exchange 2013:

- Built-in protection: Exchange has it's ownc built-in feature.
- Exchange Online (or another cloud provider): Microsoft's own cloud based anti-malware solution.
- Local protection: For example Avira AntiVir Server Security hosted on the Exchange server itself.

In order to enable the built-in anti-malware feature you can use the following commands:

Enable-Antimalwarescanning.ps1
Disable-Antimalwarescanning.ps1
The anti-malware engine will download additional updates from Microsoft every hour (by default.)

Dependent on configuation if malware is found within an email, the following actions can be taken - Delete the email, remove the attachement and add a custom warning message.

All of this can be managed from the ECP by selecting "Protection" on the left hand pane:




Exchange Online Proection (EOP - formally known as FOBE / Forfront Protection for Exchange) is a cloud based solution that has been designed to by easily integrated into your existing environment. It works by you pointing your domains MX records to Microsoft's (where the anti-malware scanning is performed) and then relays the mail to your client access / edge transport server.

File-level anti-malware soluions: Care must be taken when using a file-level based solution with Exchange, as if an antivirus locks a file that is part of Exchange it can cause data corruption and/or prevent Exchange from woking properly. To help emit this problem Microsoft has published information about which file types should be ommited from being scanned.

0 comments:

Post a Comment