No Stupid Questions: Should I run Anti-Virus on my Exchange Server?

Well… YES! I would highly recommend running some form of antivirus software on your Exchange servers. It increases security for your Exchange organization. However, it isn’t as simple as just installing the AV software on your server. If you don’t take the time to correctly configure the antivirus software to run with Exchange, you are going to cause performance and stability issues.

To try and help simplify the configuration, Microsoft provides a list of exclusions for each version of Exchange. These list are helpful in understanding what files and processes need to be excluded from scanning. I should also point out that you should be sure to use the exclusions for the correct version of Exchange. Each version of Exchange server requires different exclusions. Because taking the time to accurately configure the exclusions manually can be time consuming, Microsoft MVP Paul Cunningham created a great PowerShell script to create the exclusions lists for you. The script only supports Exchange 2013 and Exchange 2016, but is definitely worth checking it out. I have found it to be very useful.

Why Exclusions are Needed

To help us understand why exclusions are needed, lets take an extremely high level look at how typical windows antivirus software works. Antivirus software usually consists of two functions, file-level scanning and real-time scanning. File-level scanning checks files on the server for possible viruses or malware. And real-time scanning checks all files and processes that are loaded into active memory. What we need to avoid, is the potential for a database or log file to become unavailable to Exchange because the antivirus software has it locked or even quarantined. By configuring the correct exclusions, we can ensure that the antivirus software doesn’t scan any files or processes that are needed by Exchange. Keeping your Exchange server running smoothly and interruption free.