Exchange Server 2016 CU21 and Exchange Server 2019 CU10 introduces include new Exchange Server integration with AMSI.
Exchange Team Blog on additional information on AMSI and Exchange
More about AMSI integration with Exchange Server
How the Antimalware Scan Interface (AMSI) helps you defend against malware
Additional information
- Antimalware Scan Interface is a feature in Windows 2016 (and newer) used by Microsoft Defender Antivirus (MDAV) and 3rd party AV solutions
- Defender needs to be configured for Real Time Scanning for it to use AMSI
- Microsoft supports other AMSI Providers with Exchange Server
- AMSI integration is on by default and no configuration is needed
- Signatures distributed to MDAV can help block malicious Exchange activity
- Exchange will rely on AMSI to scan HTTP requests before processing them
- Only HTTP Traffic is scanned
- No perceptible performance hit is expected
- Detections are logged by the AV component
- No changes are needed in AV Exclusions
- Adjusting exclusions for AMSI is not needed starting from Defender AV Engine Version 1.1.18300.4 (released 6/24/21)
- To check the Engine Version for Windows: Click Start > Type Security > Click on Settings (bottom left) > Click About (center pane), and look for the Engine Version
- Adjusting exclusions for AMSI is not needed starting from Defender AV Engine Version 1.1.18300.4 (released 6/24/21)
- Exchange logging at:
C:\Program Files\Microsoft\Exchange Server\V15\Logging\HttpRequestFiltering
- New entry in web.config for all protocols (in all IIS vDirs):
<add name="HttpRequestFilteringModule" type="Microsoft.Exchange. HttpRequestFiltering.HttpRequestFilteringModule, Microsoft.Exchange. HttpRequestFiltering, Version=15.0.0.0, Culture=neutral, PublicKeyToken= 31bf3856ad364e35" />
Craig's Exchange Server Tips - Home Page 