Microsoft has recommended that Exchange administrators remove some previously recommended antivirus exclusions for Exchange servers in order to boost their security. The previously recommended exclusions are as follows:
- %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files
These were previously recommended to help with performance and stability when using Microsoft Defender on Exchange servers, but Microsoft has confirmed that removing these will no longer impact performance or stability. This recommendation comes after threat actors have been using malicious Internet Information Services (IIS) web server extensions and modules to backdoor unpatched Exchange servers worldwide. On top of removing these exclusions, Microsoft also recommends that administrators keep Exchange servers up to date and frequently run the Exchange Server Health Checker script.