Security News > 2023 > February > Microsoft urges Exchange admins to remove some antivirus exclusions
Microsoft says admins should remove some previously recommended antivirus exclusions for Exchange servers to boost the servers' security.
"Keeping these exclusions may prevent detections of IIS webshells and backdoor modules, which represent the most common security issues," the Exchange Team said.
"We've validated that removing these processes and folders doesn't affect performance or stability when using Microsoft Defender on Exchange Server 2019 running the latest Exchange Server updates."
You can also safely remove these exclusions from servers running Exchange Server 2016 and Exchange Server 2013 but you should monitor them and be ready to mitigate any issues that might come up.
This comes after threat actors have been using malicious Internet Information Services web server extensions and modules to backdoor unpatched Microsoft Exchange servers worldwide.
As security researchers at the Shadowserver Foundation found in January, tens of thousands of Internet-exposed Microsoft Exchange servers are still vulnerable to attacks leveraging ProxyNotShell exploits.