Recommended Exchange Server 2016 process exclusions from antivirus solutions


Scanning of Exchange server 2016 processes can adversely affect Microsoft Exchange if the incorrect processes are scanned. Hence we should exclude the following Exchange or related processes from process scanning by antivirus solutions.

Mailbox Server:

Process Path
ComplianceAuditService.exe %ExchangeInstallPath%Bin
EdgeTransport.exe %ExchangeInstallPath%Bin
fms.exe %ExchangeInstallPath%FIP-FS\Bin
hostcontrollerservice.exe %ExchangeInstallPath%Bin\Search\Ceres\HostController
inetinfo.exe %SystemRoot%\System32\inetsrv
Microsoft.Exchange.AntispamUpdateSvc.exe %ExchangeInstallPath%Bin
Microsoft.Exchange.ContentFilter.Wrapper.exe %ExchangeInstallPath%TransportRoles\agents\Hygiene
Microsoft.Exchange.Diagnostics.Service.exe %ExchangeInstallPath%Bin
Microsoft.Exchange.Directory.TopologyService.exe %ExchangeInstallPath%Bin
Microsoft.Exchange.EdgeSyncSvc.exe %ExchangeInstallPath%Bin
Microsoft.Exchange.Imap4.exe ExchangeInstallPath%FrontEnd\PopImap
Microsoft.Exchange.Imap4service.exe %ExchangeInstallPath%ClientAccess\PopImap
Microsoft.Exchange.Notifications.Broker.exe %ExchangeInstallPath%Bin
Microsoft.Exchange.Pop3.exe %ExchangeInstallPath%FrontEnd\PopImap
Microsoft.Exchange.Pop3service.exe %ExchangeInstallPath%ClientAccess\PopImap
Microsoft.Exchange.ProtectedServiceHost.exe %ExchangeInstallPath%Bin
Microsoft.Exchange.RPCClientAccess.Service.exe %ExchangeInstallPath%Bin
Microsoft.Exchange.Search.Service.exe %ExchangeInstallPath%Bin
Microsoft.Exchange.Servicehost.exe %ExchangeInstallPath%Bin
Microsoft.Exchange.Store.Service.exe %ExchangeInstallPath%Bin
Microsoft.Exchange.Store.Worker.exe %ExchangeInstallPath%Bin
Microsoft.Exchange.UM.CallRouter.exe %ExchangeInstallPath%FrontEnd\CallRouter
MSExchangeCompliance.exe %ExchangeInstallPath%Bin
MSExchangeDagMgmt.exe %ExchangeInstallPath%Bin
MSExchangeDelivery.exe %ExchangeInstallPath%Bin
MSExchangeFrontendTransport.exe %ExchangeInstallPath%Bin
MSExchangeHMHost.exe %ExchangeInstallPath%Bin
MSExchangeHMWorker.exe %ExchangeInstallPath%Bin
MSExchangeMailboxAssistants.exe %ExchangeInstallPath%Bin
MSExchangeMailboxReplication.exe %ExchangeInstallPath%Bin
MSExchangeRepl.exe %ExchangeInstallPath%Bin
MSExchangeSubmission.exe %ExchangeInstallPath%Bin
MSExchangeTransport.exe %ExchangeInstallPath%Bin
MSExchangeTransportLogSearch.exe %ExchangeInstallPath%Bin
MSExchangeThrottling.exe %ExchangeInstallPath%Bin
Noderunner.exe %ExchangeInstallPath%Bin\Search\Ceres\Runtime\1.0
OleConverter.exe %ExchangeInstallPath%Bin
ParserServer.exe %ExchangeInstallPath%Bin\Search\Ceres\ParserServer
Powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0
ScanEngineTest.exe %ExchangeInstallPath%FIP-FS\Bin
ScanningProcess.exe %ExchangeInstallPath%FIP-FS\Bin
UmService.exe %ExchangeInstallPath%Bin
UmWorkerProcess.exe %ExchangeInstallPath%Bin
UpdateService.exe %ExchangeInstallPath%FIP-FS\Bin
W3wp.exe %SystemRoot%\System32\inetsrv
wsbexchange.exe %ExchangeInstallPath%Bin


Edge Transport Server:

Process Path
Dsamain.exe %SystemRoot%\System32
EdgeTransport.exe %ExchangeInstallPath%Bin
Microsoft.Exchange.AntispamUpdateSvc.exe %ExchangeInstallPath%Bin
Microsoft.Exchange.ContentFilter.Wrapper.exe %ExchangeInstallPath%TransportRoles\agents\Hygiene
Microsoft.Exchange.Diagnostics.Service.exe %ExchangeInstallPath%Bin
Microsoft.Exchange.EdgeCredentialSvc.exe %ExchangeInstallPath%Bin
Microsoft.Exchange.ProtectedServiceHost.exe %ExchangeInstallPath%Bin
Microsoft.Exchange.Servicehost.exe %ExchangeInstallPath%Bin
MSExchangeHMHost.exe %ExchangeInstallPath%Bin
MSExchangeHMWorker.exe %ExchangeInstallPath%Bin
MSExchangeTransport.exe %ExchangeInstallPath%Bin
MSExchangeTransportLogSearch.exe %ExchangeInstallPath%Bin
Powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0

 

Leave a Reply