Scanning of Exchange server 2016 processes can adversely affect Microsoft Exchange if the incorrect processes are scanned. Hence we should exclude the following Exchange or related processes from process scanning by antivirus solutions.
Mailbox Server:
Process | Path |
ComplianceAuditService.exe | %ExchangeInstallPath%Bin |
EdgeTransport.exe | %ExchangeInstallPath%Bin |
fms.exe | %ExchangeInstallPath%FIP-FS\Bin |
hostcontrollerservice.exe | %ExchangeInstallPath%Bin\Search\Ceres\HostController |
inetinfo.exe | %SystemRoot%\System32\inetsrv |
Microsoft.Exchange.AntispamUpdateSvc.exe | %ExchangeInstallPath%Bin |
Microsoft.Exchange.ContentFilter.Wrapper.exe | %ExchangeInstallPath%TransportRoles\agents\Hygiene |
Microsoft.Exchange.Diagnostics.Service.exe | %ExchangeInstallPath%Bin |
Microsoft.Exchange.Directory.TopologyService.exe | %ExchangeInstallPath%Bin |
Microsoft.Exchange.EdgeSyncSvc.exe | %ExchangeInstallPath%Bin |
Microsoft.Exchange.Imap4.exe | ExchangeInstallPath%FrontEnd\PopImap |
Microsoft.Exchange.Imap4service.exe | %ExchangeInstallPath%ClientAccess\PopImap |
Microsoft.Exchange.Notifications.Broker.exe | %ExchangeInstallPath%Bin |
Microsoft.Exchange.Pop3.exe | %ExchangeInstallPath%FrontEnd\PopImap |
Microsoft.Exchange.Pop3service.exe | %ExchangeInstallPath%ClientAccess\PopImap |
Microsoft.Exchange.ProtectedServiceHost.exe | %ExchangeInstallPath%Bin |
Microsoft.Exchange.RPCClientAccess.Service.exe | %ExchangeInstallPath%Bin |
Microsoft.Exchange.Search.Service.exe | %ExchangeInstallPath%Bin |
Microsoft.Exchange.Servicehost.exe | %ExchangeInstallPath%Bin |
Microsoft.Exchange.Store.Service.exe | %ExchangeInstallPath%Bin |
Microsoft.Exchange.Store.Worker.exe | %ExchangeInstallPath%Bin |
Microsoft.Exchange.UM.CallRouter.exe | %ExchangeInstallPath%FrontEnd\CallRouter |
MSExchangeCompliance.exe | %ExchangeInstallPath%Bin |
MSExchangeDagMgmt.exe | %ExchangeInstallPath%Bin |
MSExchangeDelivery.exe | %ExchangeInstallPath%Bin |
MSExchangeFrontendTransport.exe | %ExchangeInstallPath%Bin |
MSExchangeHMHost.exe | %ExchangeInstallPath%Bin |
MSExchangeHMWorker.exe | %ExchangeInstallPath%Bin |
MSExchangeMailboxAssistants.exe | %ExchangeInstallPath%Bin |
MSExchangeMailboxReplication.exe | %ExchangeInstallPath%Bin |
MSExchangeRepl.exe | %ExchangeInstallPath%Bin |
MSExchangeSubmission.exe | %ExchangeInstallPath%Bin |
MSExchangeTransport.exe | %ExchangeInstallPath%Bin |
MSExchangeTransportLogSearch.exe | %ExchangeInstallPath%Bin |
MSExchangeThrottling.exe | %ExchangeInstallPath%Bin |
Noderunner.exe | %ExchangeInstallPath%Bin\Search\Ceres\Runtime\1.0 |
OleConverter.exe | %ExchangeInstallPath%Bin |
ParserServer.exe | %ExchangeInstallPath%Bin\Search\Ceres\ParserServer |
Powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0 |
ScanEngineTest.exe | %ExchangeInstallPath%FIP-FS\Bin |
ScanningProcess.exe | %ExchangeInstallPath%FIP-FS\Bin |
UmService.exe | %ExchangeInstallPath%Bin |
UmWorkerProcess.exe | %ExchangeInstallPath%Bin |
UpdateService.exe | %ExchangeInstallPath%FIP-FS\Bin |
W3wp.exe | %SystemRoot%\System32\inetsrv |
wsbexchange.exe | %ExchangeInstallPath%Bin |
Edge Transport Server:
Process | Path |
Dsamain.exe | %SystemRoot%\System32 |
EdgeTransport.exe | %ExchangeInstallPath%Bin |
Microsoft.Exchange.AntispamUpdateSvc.exe | %ExchangeInstallPath%Bin |
Microsoft.Exchange.ContentFilter.Wrapper.exe | %ExchangeInstallPath%TransportRoles\agents\Hygiene |
Microsoft.Exchange.Diagnostics.Service.exe | %ExchangeInstallPath%Bin |
Microsoft.Exchange.EdgeCredentialSvc.exe | %ExchangeInstallPath%Bin |
Microsoft.Exchange.ProtectedServiceHost.exe | %ExchangeInstallPath%Bin |
Microsoft.Exchange.Servicehost.exe | %ExchangeInstallPath%Bin |
MSExchangeHMHost.exe | %ExchangeInstallPath%Bin |
MSExchangeHMWorker.exe | %ExchangeInstallPath%Bin |
MSExchangeTransport.exe | %ExchangeInstallPath%Bin |
MSExchangeTransportLogSearch.exe | %ExchangeInstallPath%Bin |
Powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0 |