Avoid common causes of Exchange D/R- Part 2: Correctly configure your File System (File level) anti-virus on Exchange Server 2007 Mailbox Servers
So in my last article we looked at configuring the File Level Virus Scanners for Exchange 2003, but what about 2007? Is it the same? Well not really.
As we already know Exchange 2007 revolutionized the way we design, deploy & maintain our messaging environments. The new Roles Based architecture ensures that our messaging platform remains scalable, secure & efficient but also means that we need to consider the ways in which the different roles operate in order to effectively configure the File Level virus scanners in our organization.
In this article, I will endeavour to list the necessary Directory, Process & File Extention exclusions which you should set for each server role in your environment in order to ensure integrity & reliability of your Exchange messaging solution.
Of course, the recommendation still stands of running Exchange Aware Antivirus along with your file level scanners to secure the traffic that passes through Exchange.
Mailbox Server Role
Directory Level Exclusions:
As we already know Exchange 2007 revolutionized the way we design, deploy & maintain our messaging environments. The new Roles Based architecture ensures that our messaging platform remains scalable, secure & efficient but also means that we need to consider the ways in which the different roles operate in order to effectively configure the File Level virus scanners in our organization.
In this article, I will endeavour to list the necessary Directory, Process & File Extention exclusions which you should set for each server role in your environment in order to ensure integrity & reliability of your Exchange messaging solution.
Of course, the recommendation still stands of running Exchange Aware Antivirus along with your file level scanners to secure the traffic that passes through Exchange.
Mailbox Server Role
Directory Level Exclusions:
- Mailbox Database Directory (Powershell: Get-MailboxDatabase -Server "ServerName" | Format-List *Path*)
- Mailbox Database Temporary Folder (Default: %Program Files%\Microsoft\Exchange Server\Mailbox\MDBTemp)
- Public Folder Database Directories (Powershell: Get-PublicFolderDatabase -Server "ServerName" | Format-List *Path*)
- Database Content Indexes (Powershell: %Program Files%\Microsoft\Exchange Server\Scripts\GetSearchIndexForDatabase.ps1)
- Storage Group Directory (Powershell: Get-StorageGroup -Server "ServerName" | Format-List *Path*)
- Message Tracking & Managed Folders Log Directory (Powershell: Get-MailboxServer -Server "ServerName" | Format-List *Path*)
- Offline-Address Book Directory (Default: %Program Files%\Microsoft\Exchange Server\ExchangeOAB)
- OLE Content Conversion Directory (Default: %Program Files%\Microsoft\Exchange Server\Working\OleConvertor)
- IIS System Files (%Windir%\System32\InetSrv)
- Server's Temp folder (%Windir%\Temp)
Process Level Exceptions:
- Store.exe
- CDB.exe
- CiDaemon.exe
- Cluster.exe
- InetInfo.exe
- Mad.exe
- Microsoft.Exchange.Cluster.ReplayService.exe
- Microsoft.Exchange.InfoWorker.Assistants.exe
- Microsoft.Exchange.Search.ExSearch.exe
- Microsoft.Exchange.ServiceHost.exe
- MicrosoftExchangeADTopologyService.exe
- MicrosoftExchangeTransportLogSearch.exe
- MsfteSQL.exe
- OleConverter.exe
- PowerShell.exe
File Level Exceptoions
- .chk
- .log
- .edb
- .jrs
- .que
- .lzx
- .ci
- .dir
- .wid
- .000
- .001
- .002
- .dia
- .wsb
- .config
Phew, thats a lot more than we had to do in Exchange 2003, but wait for it.... This is ONLY for the mailbox servers, what about the Hub, CAS, UM & Edge? Well, those are different & Will be covered in follow-on articles.
Comments