File level antivirus exclusions exchange 2010

Servers with POP Temporary Folders for Conversions:. Unified Messaging Server Role. Grammer Files for different locales. Forefront Protection for Exchange. Process Exclusions. Process exclusions. Set these for all Server Roles. Forefront Protection for Exchange Server. Friday, August 13, Exchange — Antivirus Exclusions. Posted by Rick Skalitzky at PM.

Labels: Exchange , FCS. Thomas Poett November 22, at AM. When you deploy a Windows antivirus program on an Exchange server, make sure that the folder exclusions, process exclusions, and file name extension exclusions that are described in these sections are configured for both memory-resident and file-level scanning.

The locations of many of these Exchange folders are configurable in the Exchange Management Shell. Exclude the following folders from file-level scanning and memory-resident scanning on Exchange servers. By default, these files are located in subfolders based on the name of the database. Mailbox servers Process exclusions Many antivirus programs support the scanning of processes, which can adversely affect Microsoft Exchange if the incorrect processes are scanned.

Therefore, you should exclude the following Exchange or related processes from process scanning. Edge Transport servers fms. Mailbox servers hostcontrollerservice. Mailbox servers ParserServer. When you run anti-spam filters, there is always a risk that the filters detect false positives. To reduce the risk of mishandling legitimate email messages, you should enable anti-spam agents to run only on messages from potentially untrusted and unknown sources. You can use the Add-ContentFilterPhrase cmdlet to add both allowed and blocked words and phrases.

The value of the Influence parameter determines if the word or phrase is allowed or blocked. Figure 3 and Figure 4 show the output from these commands. Sometimes you do not want to apply content filtering to email messages sent to a specific recipient or received from a specific sender.

You can also bypass content filtering for all messages received from specific domains. The following EMS command creates an exception for the domain contoso. The following EMS command creates an exception for the domain fabricam.

After analyzing the content of a message, the content filter assigns an SCL rating to the message. How those messages are treated depends on the configuration. The Delete action takes precedence over the Reject action, and the Reject action takes precedence over the Quarantine action. For example, you may want messages that have an SCL rating of 5 or 6 to be forwarded to the quarantine mailbox, messages that have an SCL rating of 7 or 8 to be rejected, and messages with an SCL rating of 9 to be deleted.

The difference between rejection and deletion is that the sender is informed when a message is rejected. In the case of deletion, the sender receives no response. Note that the command to enable the Quarantine action works only if a quarantine mailbox has been specified, as described in the next section of this lesson. If you enable the Reject action, you can customize the response sent to the message originator when a message is rejected. Your rejection response should not exceed characters.

If you enable message quarantine, you need to specify a quarantine mailbox. This is a specially created mailbox to which all messages that meet the SCL quarantine levels are forwarded. You should place the quarantine mailbox in a separate mailbox database. If you are going to use quarantine, you need to ensure that someone checks the quarantine mailbox on a regular basis to see how much legitimate email and how much spam it contains.

By assessing the contents of the quarantine mailbox, you can determine whether your SCL levels are correctly configured. You can also, when appropriate, release legitimate messages to their intended recipients by using the Send Again feature in Microsoft Office Outlook.

The following EMS command ensures that all incoming messages that have an SCL rating of 5 or higher are forwarded to the mailbox spamquarantine adatum. Recipient filtering allows you to block messages based on whom they are sent to. This technology is most often used to block messages sent to recipients that are not listed in the global address list GAL. Some spammers send messages to common names at a particular address, hoping to get a hit.

If recipient filtering is enabled, messages will be forwarded from an Edge Transport server to an internal Hub Transport server only if the recipient is listed in the GAL. If this setting is not enabled, the Hub Transport server will reject the invalid address. When recipient filtering is enabled on a server, it filters all messages that come through all Receive connectors on that server. Recipient filtering is enabled by default on an Edge Transport server for inbound messages that come from the Internet but are not authenticated.

The following EMS command disables recipient filtering:. For example, the following EMS cmdlet configures the recipient filter agent to block recipients on the Recipients block list:.

If you want to specify multiple SMTP addresses, you can separate them with commas. However, you need to be careful when using this type of command. To preserve the existing list, you can use a temporary Shell variable to add an address to the Recipient block list. You add the new address temp adatum. The following EMS command blocks messages to recipients that do not exist in your organization:.

The Sender Filter agent is an anti-spam filter that is enabled by default on Edge Transport servers. When sender filtering functionality is enabled on an Edge Transport server, it filters all messages that come through all Receive connectors on that computer.

For example, you can filter the sender address KimAkers adatum. Sender filtering is often used to block incoming email from email domains that provide free addresses. It is also possible to configure the blocked senders list to automatically block messages that have no sender information. The following EMS command disables sender filtering:. The following EMS command enables sender filtering if it has previously been disabled:. You use the Set-SenderFilterConfig cmdlet to manage sender filtering.

You can configure two actions for messages whose sender appears on the blocked senders list. These actions are the following:. Reject Message The message is deleted. The following EMS command configures the Sender Filter agent to block messages from the specific domain treyresearch. Thursday, November 1, PM. Marked as answer by emma. So if i install AVG antivirus, i need to exlude that folder aswell.

Including Any Exchange-aware antivirus program folders. If you ever use a different dir for offline maint of some sort, exclude that as well. What about Any Exchange-aware antivirus program folders? You can always check your antivirus product documentation for details.