• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
it admins notified as microsoft revokes previously recommended exchange antivirus

IT admins notified as Microsoft revokes previously recommended Exchange antivirus exclusions

You are here: Home / General Cyber Security News / IT admins notified as Microsoft revokes previously recommended Exchange antivirus exclusions
February 24, 2023

Getty Pictures

Microsoft has urged admins to eliminate antivirus exclusions it beforehand suggested to enhance security.

Giving an organisation’s IT estate is employing Microsoft Defender on a absolutely up-to-date Trade Server 2019, then the guidelines it formerly encouraged can be removed with no risk to efficiency or stability.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


“We also believe that that these exclusions can also be properly taken out from servers functioning Trade Server 2016 and Trade Server 2013,” it claimed in a weblog article.

“When working on Trade Server 2013 or Exchange Server 2016, retain an eye on the server and watch for issues. If any issues crop up on any Trade Server edition, just set the exclusions back in place, and report the issue to us.”

The exclusions in issue exclusively relate to Temporary ASP.NET Information and Inetsrv folders, and PowerShell and w3wp procedures. Now, “it would be a great deal far better, Microsoft claimed, for IT admins to as a substitute scan the data files and folders.

The folders that are affected are:

  • %SystemRoot%Microsoft.NETFramework64v4..30319Momentary ASP.NET Data files
  • %SystemRoot%Technique32Inetsrv

The procedures that are impacted are:

  • %SystemRoot%System32WindowsPowerShellv1.0PowerShell.exe
  • %SystemRoot%System32inetsrvw3wp.exe

Retaining the exclusions in location could even avoid detections of backdoor malware and IIS webshells, Microsoft extra. Cyber criminals turned to destructive IIS modules in droves past year as a way to obtain a far more secure foothold in a target’s IT setting.

“In most situations, the precise backdoor logic is small and can’t be regarded malicious devoid of a broader comprehending of how legitimate IIS extensions work, which also tends to make it tricky to ascertain the source of an infection,” explained Hardik Suri, senior security researcher at Microsoft, at the time.

A year previously in August 2021, researchers discovered malware which was capable to set up a backdoor on Microsoft’s IIS.

The malware, IISpy, was able to evade detection and manipulate the server’s logging to carry out espionage. It was discovered current on IIS servers in the US, Canada, and the Netherlands, and was suspected to have afflicted additional servers.


Some areas of this write-up are sourced from:
www.itpro.co.uk

Previous Post: «Cyber Security News Russian IT “Brain Drain” Decentralizes Cybercrime
Next Post: Paying ransomware gangs could fund up to ten additional attacks ransomware gang is selling intel to traders to extort victims»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials
  • Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business
  • Malicious npm Packages Infect 3,200+ Cursor Users With Backdoor, Steal Credentials
  • Beyond Vulnerability Management – Can You CVE What I CVE?
  • Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android
  • Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell
  • 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
  • SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root
  • Qilin Leads April 2025 Ransomware Spike with 45 Breaches Using NETXLOADER Malware
  • Security Tools Alone Don’t Protect You — Control Effectiveness Does

Copyright © TheCyberSecurity.News, All Rights Reserved.