Customer can use the Test-ExchAVExclusions powershell script to check and see if the Microsoft Exchange Server paths and processes are properly excluded from AV; however, the script also checks for loaded AMSI providers and if the AV has an AMSI integration, it will show up as a failed test even if policy permission rules and event reporting exclusions are put in place.

• Carbon Black Cloud Console: Current Version
• Carbon Black Cloud Windows Sensor: Supported Versions
• Microsoft Windows OS: Supported Versions
• Exchange Server 2013/2016/2019

The Test-ExchAVExclusions powershell script has logic that will search the registry to find AMSI providers, but if they only exclude Oracle and Microsoft AMSI dlls and dont' take into consideration other AV tools that can integrate with AMSI.

If CbAMSI.dll is the only result coming back from the test script and policy permission rules and event reporting rules are in place, then the script results can be safely ignored and the Exchange Server processes will not be subject to interop issues or AV scanning.