Исключения Windows Defender на серверах с Exchange

Никита ИванькоExchange, Windows Server

Microsoft в этой статье рекомендует настроить исключения проверки директорий, процессов и расширений файлов на серверах с Exchange Server и Exchange Edge.

Чтобы не вбивать весь этот список руками, особенно, если почтовых серверов несколько и нет централизованного управления антивирусом, я набросал небольшой «скрипт» на PowerShell. Достаточно просто его скопировать отсюда и выполнить на серверах с Eexchange и Edge.

#Exchange Mailbox Server
#Folder exclusions
$ExclPaths = "C:\Windows\Cluster","C:\Program Files\Microsoft\Exchange Server\V15\ClientAccess\OAB","C:\Program Files\Microsoft\Exchange Server\V15\FIP-FS","C:\Program Files\Microsoft\Exchange Server\V15\GroupMetrics","C:\Program Files\Microsoft\Exchange Server\V15\Logging","C:\Program Files\Microsoft\Exchange Server\V15\Mailbox","C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Data\Queue","C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Data\SenderReputation","C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Data\Temp","C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs","C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Pickup","C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Replay","C:\Program Files\Microsoft\Exchange Server\V15\UnifiedMessaging\Grammars","C:\Program Files\Microsoft\Exchange Server\V15\UnifiedMessaging\Prompts","C:\Program Files\Microsoft\Exchange Server\V15\UnifiedMessaging\Temp","C:\Program Files\Microsoft\Exchange Server\V15\UnifiedMessaging\Voicemail","C:\Program Files\Microsoft\Exchange Server\V15\Working\OleConverter","C:\inetpub\temp\IIS Temporary Compressed Files","C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files","C:\Windows\System32\Inetsrv"
 foreach ($ExclPath in $ExclPaths ) {
     Add-MpPreference -ExclusionPath $ExclPath
 }

#Process exclusions
$ExclProcesses = "ComplianceAuditService.exe","EdgeTransport.exe","fms.exe","hostcontrollerservice.exe","inetinfo.exe","Microsoft.Exchange.AntispamUpdateSvc.exe","Microsoft.Exchange.ContentFilter.Wrapper.exe","Microsoft.Exchange.Diagnostics.Service.exe","Microsoft.Exchange.Directory.TopologyService.exe","Microsoft.Exchange.EdgeSyncSvc.exe","Microsoft.Exchange.Imap4.exe","Microsoft.Exchange.Imap4service.exe","Microsoft.Exchange.Notifications.Broker.exe","Microsoft.Exchange.Pop3.exe","Microsoft.Exchange.Pop3service.exe","Microsoft.Exchange.ProtectedServiceHost.exe","Microsoft.Exchange.RPCClientAccess.Service.exe""Microsoft.Exchange.Search.Service.exe","Microsoft.Exchange.Servicehost.exe","Microsoft.Exchange.Store.Service.exe","Microsoft.Exchange.Store.Worker.exe","Microsoft.Exchange.UM.CallRouter.exe","MSExchangeCompliance.exe","MSExchangeDagMgmt.exe","MSExchangeDelivery.exe","MSExchangeFrontendTransport.exe","MSExchangeHMHost.exe","MSExchangeHMWorker.exe","MSExchangeMailboxAssistants.exe","MSExchangeMailboxReplication.exe","MSExchangeRepl.exe","MSExchangeSubmission.exe","MSExchangeTransport.exe","MSExchangeTransportLogSearch.exe","MSExchangeThrottling.exe","Noderunner.exe","OleConverter.exe","ParserServer.exe","Powershell.exe","ScanEngineTest.exe","ScanningProcess.exe","UmService.exe","UmWorkerProcess.exe","UpdateService.exe","W3wp.exe","wsbexchange.exe"
 foreach ($ExclProcess in $ExclProcesses) {
     Add-MpPreference -ExclusionProcess $ExclProcess
 }

#File name extension exclusions
 $ExclExtensions = ".config",".chk",".edb",".jfm",".jrs",".log",".que",".dsc",".txt",".grxml",".lzx"
 foreach ($ExclExtension in $ExclExtensions) {
     Add-MpPreference -ExclusionExtension $ExclExtension
 }

#Exchange Edge Server
#Folder exclusions
$ExclEdgePaths = "C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Data\Adam","C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Data\IpFilter","C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Data\Queue"    ,"C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Data\SenderReputation","C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Data\Temp","C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Logs","C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Pickup","C:\Program Files\Microsoft\Exchange Server\V15\TransportRoles\Replay","C:\Program Files\Microsoft\Exchange Server\V15\Working\OleConverter"
 foreach ($ExclEdgePath in $ExclEdgePaths ) {
     Add-MpPreference -ExclusionPath $ExclEdgePath
 }

#Process exclusions
$ExclEdgeProcesses = "Dsamain.exe","EdgeTransport.exe","Microsoft.Exchange.AntispamUpdateSvc.exe","Microsoft.Exchange.ContentFilter.Wrapper.exe","Microsoft.Exchange.Diagnostics.Service.exe","Microsoft.Exchange.EdgeCredentialSvc.exe","Microsoft.Exchange.ProtectedServiceHost.exe","Microsoft.Exchange.Servicehost.exe","MSExchangeHMHost.exe","MSExchangeHMWorker.exe","MSExchangeTransport.exe","MSExchangeTransportLogSearch.exe","Powershell.exe"
 foreach ($ExclEdgeProcess in $ExclEdgeProcesses) {
     Add-MpPreference -ExclusionProcess $ExclEdgeProcess
 }

#File name extension exclusions
 $ExclEdgeExtensions = ".config",".chk",".edb",".jfm",".jrs",".log",".que"
 foreach ($ExclEdgeExtension in $ExclEdgeExtensions) {
     Add-MpPreference -ExclusionExtension $ExclEdgeExtension
 }

Добавить комментарий