Share via

Exchange Server 2013 - Configuring Antimalware

  • Article

In Exchange Server 2013, Microsoft has integrated anti-malware capabilities into the product, providing administrators with a "free" option for protecting Exchange.

In this article I will show how to configure Anti Malware and testing in Exchange Server 2013

In my LAB I use three computers

- DC2012 : Domain Controller (domain mcthub.local) running Windows Server 2012

- EXCHANGE1: Domain Member running Windows Server 2012 and Exchange Server 2013 (Mailbox Role and Client Access Role)

- CLIENT1: Domain Member running Windows 8 and Outlook 2013

Enable antimalware features in Exchange Server 2013

- On EXCHANGE1, open Exchange Management Shell, change current folder to “C:\Program Files\Microsoft

\Exchange Server\V15\Scripts” by typing the following cmdlet cd “C:\Program Files\Microsoft\Exchange Server\V15\Scripts”

Then enable antimalware scanning by typing following script, and then press Enter.

.\Enable-AntimalwareScanning.ps1

http://mcthub.com/images/ContentLab/AntiMalware-En_files/image001.jpg

- Restart the Microsoft Exchange Transport Service by typing following cmdlet

http://mcthub.com/images/ContentLab/AntiMalware-En_files/image002.jpg

- Verify that the following antimalware agent is listed: Malware Agent. Note that the status of Malware Agent is Enabled True if the script was allowed to complete.

http://mcthub.com/images/ContentLab/AntiMalware-En_files/image003.jpg

Configure the default antimalware policy in Exchange Server 2013

- Open Internet Explorer, type the following address in the address bar, https://exchange1.mcthub.local/ecp. In the Exchange Admin center , on the feature pane, click on protection..clickmalware filter tab, click Default rule and click Edit button on the toolbar.

http://mcthub.com/images/ContentLab/AntiMalware-En_files/image004.jpg

 

- Click on settings. Under Malware Detection Response, select Delete all attachments and use custom alert text. In the Custom alert text box, type the following text: The attachment has been deleted because it contained malware

http://mcthub.com/images/ContentLab/AntiMalware-En_files/image005.jpg

 

- Under Notifications, select both Notify internal senders and Notify external senders check boxes.

http://mcthub.com/images/ContentLab/AntiMalware-En_files/image006.jpg

 

- Under Administrator Notifications, select the both Notify administrator about undelivered messages from internal senders and Notify administrator about undelivered messages from external senders check box. In the Administrator email address box, type administrator@mcthub.local.

- Click save button

http://mcthub.com/images/ContentLab/AntiMalware-En_files/image007.jpg

 

- Switch to CLIENT1. Logon any user (user phuongnam). Download a file contained malware (eicar.com.txt) from the link http://www.eicar.org/85-0-Download.html

http://mcthub.com/images/ContentLab/AntiMalware-En_files/image008.jpg

 

- Open Outlook, compose a message to another (manhtrong) and attach file eircar.com.txt

http://mcthub.com/images/ContentLab/AntiMalware-En_files/image009.jpg

 

- Logon on user manhtrong, open Outlook, open the new message from phuongnam. Double-click the

attachment and verify that the code that was in the file has been deleted and replaced by the custom text you configured.

http://mcthub.com/images/ContentLab/AntiMalware-En_files/image010.jpg

http://mcthub.com/images/ContentLab/AntiMalware-En_files/image011.jpg

References

To view this article in Vietnamese, click here mcthub.com