Managing Exchange 2013 Anti Malware Scanning – Part 1

Last week I wrote about A closer look at Exchange 2013 anti malware scanning. Anti Malware scanning replaces the Microsoft Forefront Protection for Exchange (FPE) but uses a similar engine for scanning and providing protection against viruses or other malicious code.

In this article we are going to take a look at how to manage a new anti malware protection feature that Exchange 2013 ships with.

As an administrator you can configure anti malware protection (I am going to call it AMP, writing anti malware protection every time irritates a little bit 😛 ) settings using EAC and powershell both. EAC provides a little limited interface for additional configuration and that should be good enough unless you are involved in a troubleshooting case.

Traditional Way

Several administrators are still scared of that black and white window of powershell and do not prefer to use it because they think remembering all those cmdlets is a really a big deal. No worries, EAC (Exchange Administration Center) does have some help for those who do not like powershell much.

To open anti malware protection settings:

Logon to Exchange Admin Center –> Click on Protection –> Select Default and click on image button.

image

In malware filter properties page you will be able configure most of the settings and customize the responses as per your need. You may have noticed, there is no option to create a new malware filter in EAC. We’ll see how to do that in next post.

So, when you get the properties page open, you will see a lot of options. All these options can be used to tell the engine about how to handle an incident and what responses should be sent when an incident occurs.

1. First option is infected attachments response. Here you can specify what to be done when an email has an infected or harmful attachment in it. In my case, I want to delete all attachments and send a custom notification to internal and external senders to let them know about a harmful attachment detection in an email that they were trying to send and those have been deleted.

Choosing either of these three options does not delete an email. It just removes all the infected / harmful attachments. Sender notifications are triggered only when an entire message is deleted.

image

 

2. Scrolling further on the same page, you will also see Administrator Notification. Well, that’s not much to be talked about. You as an administrator certainly want to know (maybe do not want to know Smile) what happened to emails when they were sent from the server. You can configure all these settings to receive alerts / notifications when an incident occurs and email notifications are sent. In above setting email notifications will be sent to intended recipient or sender. Administrator notifications will be used for notifying an administrator

image

 

You may ask a question, Why do I need these notifications coming to me or to any mailbox? As far as the filter has worked, deleted and notified all required recipients why do I need bother?

Best answer that I have is, if someone is trying to flood your system with spam or there is a specific pattern in the kind of notifications you receive, you can easily take necessary steps to stop these emails and save your servers from getting bogged down.

That is all for now. In next part I will take this talk little further and deeper. Stay tuned and stay away from spam Winking smile

One thought on “Managing Exchange 2013 Anti Malware Scanning – Part 1”

Comments are closed.