back to article Microsoft: For better security, scan more Exchange server objects

Microsoft is recommending that Exchange server users scan certain objects for viruses and other threats that until now had been excluded. In particular, the software giant said this week that sysadmins should now include the Temporary ASP.NET files, Inetsrv folders, and the PowerShell and w3wp processes on the list of files …

  1. Richard 12 Silver badge
    FAIL

    I'm amused that Defender still insists on rescanning the identical, unchanged data multiple times a second during compilation.

    Clang hasn't changed in the previous 10 milliseconds, don't check it again.

    Ah, no, the word is "annoyed". Yes, that's right.

    1. b0llchit Silver badge
      Mushroom

      You are using Clang... that is the problem. You should be using the VS* stuff that they try to shove through your throat all the time.

      Just like they annoy users who want another browser than edge, they insist on making it difficult to move outside the "garden".

    2. that one in the corner Silver badge

      Compiling? Hah, child's play.

      Using Doxygen[1] to create HTML docs, that is when Defender really shows what it is capable of: when I forget to flick the "temporarily disable" switch, Defender's scans of the SSD will swamp a 24-core Threadripper and make the Windows 10 GUI stop responding. No way will it let go enough to allow access to Control Panel and that disable switch! Ctrl-Alt-Del will let Task Manager be started, fat lot of use as it is then as unresponsive as every other part of the GUI.

      Running a slew of VMs or Stable Diffusion in CPU mode or a few other favourite things can push this desk PC, but letting Defender guard against documentation is, so far, the only thing that has left it unresponsive: getting flashbacks of Windows 2 or 3 with a stuck event loop.

      1. Nick Ryan Silver badge

        Ah, the wonders of pre-emptive multi-tasking, Microsoft style.

  2. Anonymous Coward
    Anonymous Coward

    Why not remove the root cause?

    A proper virus scanner should mark the whole of Exchange as a virus and recommend deletion. It's been a security problem from the day it was introduced and, like all other Microsoft products, has only become more complicated but not more secure.

    Once you open your mind to the fact that there are actually other Operating Systems out there you will discover there are more products that do the job, but with far less risk. Given that the threat of malware and breaches is ever increasing, it may be worth starting to look for other options.

    1. This post has been deleted by its author

    2. gryphon

      Re: Why not remove the root cause?

      it really depends what you are wanting from an on-prem mail server.

      If it's simple mail relay then yes there are lots of other options, problem being that relatively speaking there will probably be far more people know Exchange than the various flavours of Sendmail, QMail etc. and can keep it running. Message appliances like Broadcom gateways or Ironports are a better option there.

      And Exchange these days is a massive resource hog if you go with MS recommended levels of RAM etc.

      If you want all the collaboration bells and whistles that Exchange gives then there aren't really any other enterprise level options.

      Notes is still kicking around of course. Have they improved the email client any recently.

      It's simply the case that there are still some environments where it is simply not possible to use the cloud for mail, collaboration etc. and that's where the MS stack of Exchange, Skype and SharePoint still has value.

  3. chivo243 Silver badge
    Coat

    New MS meet Old MS

    I remember way back in the day, studying for the MCS* certs, and I found many instances where MS contradicts itself. Aren't there religious books that contradict themselves?

  4. jo.wemans

    link to MS-article

    https://techcommunity.microsoft.com/t5/exchange-team-blog/update-on-the-exchange-server-antivirus-exclusions/ba-p/3751464

  5. Anonymous Coward
    Anonymous Coward

    "That includes corporate mailboxes to address books, which can hold such information as employee titles and contact information and organizational structures, all of which can be useful in phishing and similar attacks."

    In related news, I received an unsolicited email and call from a supplier I've never heard from, trying to get me to set up an in-person meeting to convince me to buy stuff through them. They had my preferred name, work phone number, and work email, despite this information not being published anywhere outside my company. (I use work phone and email STRICTLY for work.) Apparently they got it off of Zoominfo, who (I suspect) got it by scraping my signature from an email to a different third party, very likely a supplier. Zoominfo *CLAIMS* to notify people that they've acquired their contact info, but since my first warning was the unsolicited supplier contact...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like