Revised Endpoint Protection Automatic Exclusions for Microsoft Exchange
search cancel

Revised Endpoint Protection Automatic Exclusions for Microsoft Exchange

book

Article ID: 263506

calendar_today

Updated On:

Products

Endpoint Security Complete

Issue/Introduction

Microsoft published on February 23rd a document saying that admins should remove some previously recommended antivirus exclusions for Exchange servers to boost the servers' security:


Symantec Endpoint Protection (SEP) does not add Automatic Exclusions for processes powershell.exe and w3wp.exe, but we do add Automatic Exclusions for the folders %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files and 
%SystemRoot%\System32\Inetsrv.

 

Environment

14.3 RU7 and below

Cause

Microsoft advised removing the following exclusions on Exchange Servers:

%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files
%SystemRoot%\System32\Inetsrv
%SystemRoot%\System32\WindowsPowerShell\v1.0\PowerShell.exe
%SystemRoot%\System32\inetsrv\w3wp.exe

Resolution

Our Engineering team is investigating this issue and will update this document when a solution becomes available. The exclusions for %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files and
%SystemRoot%\System32\Inetsrv will be removed in an upcoming release.

To remove these exclusions manually:

1. Download ExchangeExclusionHelper64.zip from this document
2. Extract and copy the file to C:\Program Files\Symantec\Symantec Endpoint Protection\CurrentVersion\Bin64
3. Open Command Prompt as Administrator and CD to the Bin64 directory
4. Run the command ExchangeExclusionHelper.exe -ld to list the directory exclusions
5. Run the command ExchangeExclusionHelper.exe -rm to remove the exclusions.
6. Run the command ExchangeExclusionHelper.exe -ld again to verify %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files and
%SystemRoot%\System32\Inetsr have been removed.

Additional Information

CRE-13276

Attachments

1685030229428__ExchangeExclusionHelper64.zip get_app