• Home
  • Topics
    • Office 365
    • Teams
    • SharePoint Online
    • Exchange 2019
    • Exchange 2016
    • Exchange 2013
    • Hybrid
    • Certificates
    • PowerShell
    • Migration
    • Security
    • Azure
  • Blog
  • Podcast
  • Webinars
  • Books
  • About
  • Videos
    • Interview Videos
    • How To Guide Videos
  • Subscribe
    • Facebook
    • Twitter
    • RSS
    • YouTube

Practical 365

You are here: Home / Exchange Server / PowerShell Script to Generate Antivirus Exclusions List for Exchange Server 2013

PowerShell Script to Generate Antivirus Exclusions List for Exchange Server 2013

July 22, 2015 by Paul Cunningham 24 Comments

Antivirus software that is not correctly configured is a fairly common cause of many performance and stability issues with Exchange. It’s a good idea to run antivirus software on your Exchange 2013 servers to help prevent malware, and I always recommend it to customers. But if you do install antivirus software you need to configure it with the correct exclusions so that it doesn’t interfere with Exchange Server’s operations.

Microsoft has published a list of file/folder, process, and file type exclusions that should be applied to antivirus software running on an Exchange 2013 server. It’s quite long, and you might notice some duplication of effort. For example, Microsoft recommends excluding the path of the database files (eg, F:\DB01\DB01.edb) but also the file type .edb. Why both? Well it’s just a precaution in case a database is moved to a different path without updating the exclusions list, or if the antivirus software you’re using needs to handle the exclusions a specific way.

Since the exclusions list is so long and relies on a number of variables (eg the Exchange install path is something you can choose during setup, so it won’t always be C:\Program Files…), working out the actual list of exclusions is a very long and tedious task.

That’s why I’ve written a PowerShell script to generate the list quickly and easily.

Get-Exchange2013AVExclusions.ps1 can be downloaded from the TechNet Script Gallery.

The script is run directly on an Exchange 2013 server using the Exchange Management Shell. If you’re deploying multiple servers with the same configuration (eg members of a database availability group) you can use the script to generate the exclusions list off one server and then use your antivirus software’s policy-based management to deploy the same settings to all of your servers.

Simply run the script with no parameters to generate the exclusions lists.

1
2
[PS] C:\Scripts\av>.\Get-Exchange2013AVExclusions.ps1
Done.


The result is three text files; one for the file/folder paths, one for the processes, and one for the file extensions.

exchange-2013-antivirus-exclusions-01

exchange-2013-antivirus-exclusions-02

Feedback and questions are welcome in the comments below.

Exchange Server Antivirus, Exchange 2013, PowerShell, Scripts

Comments

  1. Kathaleen Gerste says

    September 18, 2019 at 8:15 pm

    Good write-up, I am regular visitor of one’s web
    site, maintain up the nice operate, and It’s going to be a regular visitor for a lengthy time.

    Reply
  2. Roxanna Marchand says

    September 4, 2019 at 7:33 pm

    I really like your writing style, good information, thanks for putting up :D.

    Reply
  3. Quyen Wagstaff says

    July 26, 2019 at 12:43 am

    Unquestionably believe that which you said. Your favorite reason appeared to be
    on the net the simplest thing to be aware of. I say to you, I certainly
    get annoyed while people consider worries that they plainly
    don’t know about. You managed to hit the nail upon the top as well as defined out the whole thing without having side-effects , people can take a
    signal. Will likely be back to get more. Thanks

    Reply
  4. Janine Carrillo says

    June 18, 2019 at 4:50 am

    Hi to ebery body, it’s my first visit of this blog;
    this website carries awesome and in fact excellent stuff in support of readers.

    Reply
  5. Michael says

    December 24, 2017 at 12:20 am

    After running Get-Exchange2013AVExclusions.ps1 , the powershell output “File not found” and only the path file was created. The other 2 files were failed to create.

    Reply
  6. Xcom3 says

    August 24, 2016 at 1:43 am

    Hi, great script!
    But the output cannot bulk-added to System Center Endpoint Protection (SCEP). For that you need to add a ; after each line. No big deal, just takes some extra time.

    Reply
  7. rino19ny says

    July 11, 2016 at 5:13 pm

    i’m getting an error on line 267:

    The operation couldn’t be performed because ‘MB2’ couldn’t be found.
    + CategoryInfo : NotSpecified: (:) [Get-FrontendTransportService], ManagementObjectNotFoundException
    + FullyQualifiedErrorId : [Server=MB2,RequestId=e9da3998-0b7b-4e5d-aae7-846a3a8b4662,TimeStamp=7/11/2016 7:08:
    24 AM] [FailureCategory=Cmdlet-ManagementObjectNotFoundException] 7B21FB8C,Microsoft.Exchange.Management.SystemCon
    figurationTasks.GetFrontendTransportService
    + PSComputerName : mb2.acme.com

    Get-Member : You must specify an object for the Get-Member cmdlet.
    At C:usersxxxxxGet-Exchange2013AVExclusions.ps1:267 char:27
    + $names = @($fetransport | Get-Member | Where {$_.membertype -eq “NoteProperty”})
    + ~~~~~~~~~~
    + CategoryInfo : CloseError: (:) [Get-Member], InvalidOperationException
    + FullyQualifiedErrorId : NoObjectInGetMember,Microsoft.PowerShell.Commands.GetMemberCommand

    Reply
  8. Srikanth says

    March 28, 2016 at 9:23 pm

    Hi Paul,
    The script works great and collects all details as it is meant to. I am trying to contribute to make sure the script is updated if the following information is correct as per the MS TechNet links.
    Looking at Exchange 2013 Content conversion(as published in https://technet.microsoft.com/en-us/library/bb332342(v=exchg.150).aspx#Directory) I see the content conversion uses %TMP% which is a system variable. During any system operations, system variable used will be configured in System variable and in this case it will be C:temp folder.
    As per the codes under “Content Conversion” section I see it is hardcoded to C:windowstemp, which I believe may be used for few temp operations but not for content conversion in Exch2013.
    I am working with MS on the same and will update the results.

    Looking at the below article, it is applied to Exchange 2016 where content conversions are used in “%ExchangeInstallPath%TransportRolesDataTemp”

    I am working on this to make sure if C:temp to be excluded or not in Exchange 2013 and if you have any more information about content conversion , please share.

    Thanks,
    Srikanth Rao K

    Reply
  9. Allied says

    February 29, 2016 at 2:14 pm

    When i ran the script i get C:Windowstemp. My AV already finds virus in here. The above example doesnt show this folder. i was wondering how it got on the exception list.

    thanks

    Reply
    • Paul Cunningham says

      February 29, 2016 at 3:48 pm

      Due to content conversions by Transport services. According to the TechNet link in the article…. “by default, content conversions are performed in the Exchange server’s %TMP% folder.”

      Reply
      • RedCatRockets says

        May 4, 2016 at 7:07 pm

        Hi Paul,

        this is (as usual) an excellent resource and very much appreciated, thank you.

        If we change TemporaryStoragePath in EdgeTransport.exe.config (for example by using MoveTransportDatabase.ps1 with the -TemporaryStoragePath switch) then I guess the need to scan c:temp is removed (our AV guys were really concerned about configuring that one…)

        If we make this change then I think the script won’t realise we’ve changed the path as it just reads the %TMP% variable at line 185?

        Again, many thanks for publishing this.

        Reply
        • Paul Cunningham says

          May 4, 2016 at 10:02 pm

          Sounds reasonable. Just make sure that change isn’t overwritten with each new CU you apply. Or if it is, that you re-apply the change.

          Reply
  10. Brandon says

    February 17, 2016 at 7:13 am

    Really useful. Thanks!

    Reply
  11. Dhillan says

    February 5, 2016 at 6:14 pm

    Hi Paul

    With this work fine for Exchange 2016?

    Reply
    • Paul Cunningham says

      February 8, 2016 at 11:30 pm

      Probably yes, but I haven’t gone through the 2016 article here (https://technet.microsoft.com/en-us/library/bb332342(v=exchg.160).aspx) to confirm yet.

      Reply
      • Matt K. says

        April 27, 2016 at 1:20 am

        So in reviewing Microsoft’s AV Exclusion list for Exchange Server 2016 (https://technet.microsoft.com/en-us/library/bb332342(v=exchg.160).aspx) there are a few things that I found are missing after running the Get-Exchange2013AvExclusion.ps1
        -File Extensions
        .jfm
        – Processes
        ComplianceAuditService.exe
        MSExchangeCompliance.exe
        Microsoft.Exchange.Notifications.Broker.exe
        wsbexchange.exe
        -File Paths
        %ExchangeInstallPath%TransportRolesDataTemp
        %ExchangeInstallPath%TransportRolesDataSenderReputation
        %SystemRoot%Microsoft.NETFramework64v4.0.30319Temporary ASP.NET Files
        %ExchangeInstallPath%TransportRolesLogs
        – Get-TransportService -Identity | FL *Logpath,*Tracingpath
        C:Program FilesMicrosoftExchange ServerV15TransportRolesLogsHubLatencyLog
        C:Program FilesMicrosoftExchange ServerV15TransportRolesLogsHubGeneralLog
        C:Program FilesMicrosoftExchange ServerV15TransportRolesLogsHubTransportHttp
        C:Program FilesMicrosoftExchange ServerV15TransportRolesLogsMailboxPipelineTracing

        Reply
  12. Dave Stork says

    August 7, 2015 at 10:43 pm

    Please note that these are exclusions only for Exchange. If you install other software on the same server (which IMHO should only be Exchange related), they might require exclusions as well.
    I’ve seen corrupt backups due to the agent process not being excluded…

    Reply
  13. Jiri says

    July 24, 2015 at 7:18 am

    Great idea, thanks! How did we live without it? 🙂

    Reply
  14. RVoogt says

    July 23, 2015 at 4:12 pm

    Thanks Great script !

    Reply
  15. Stéphane says

    July 23, 2015 at 1:27 am

    Rob,

    i wrote a similar script for Exchange 2010 long time ago
    Should do the job.

    http://www.weeta.net/page/scripts

    Rgds
    Stéphane

    Reply
    • Shaun vt says

      May 28, 2019 at 6:18 pm

      Any idea of where I can get his now as the link is Invalid ?

      Many thanks

      Shaun

      Reply
  16. shafeeque says

    July 23, 2015 at 12:54 am

    great script!!!!

    Reply
  17. Rob says

    July 22, 2015 at 11:51 pm

    any idea whether this would work with exchange 2010?

    Reply
    • Paul Cunningham says

      July 23, 2015 at 11:36 am

      The same sort of thing would work but Microsoft publishes a different set of AV exclusion recommendations for each different version of Exchange.

      Reply

Leave a Reply Cancel reply

You have to agree to the comment policy.

Recent Articles

  • Changes in Microsoft 365 Apps Channels and Why You Should Care
  • A New Tool to Manage Exchange-related Attributes Without Exchange Server
  • Microsoft Launches Group Ownership Governance Policy
  • Making the Case for Identity Governance in Azure Active Directory
  • Prepare an Office 365 migration plan assessment using PowerShell

Copyright © 2022 Quadrotech Solutions AG · Disclosure · Privacy Policy
Alpenstrasse 15, 6304 Zug, Switzerland