Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the google-analytics-dashboard-for-wp domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in C:\inetpub\vhosts\gck.org.uk\httpdocs\c7solutions\wp-includes\functions.php on line 6114
Configuring Trend OfficeScan for Exchange Server – Brian Reid – Microsoft 365 Subject Matter Expert

Configuring Trend OfficeScan for Exchange Server


There are lots of articles on configuring Trend OfficeScan on an Exchange Server. They should all be based on the definitive article at http://technet.microsoft.com/en-us/library/bb332342(v=exchg.141).aspx which covers the exclusions needed, but one thing I found typically missing from the configuration.

If you use mount points to map the Exchange database disks to the server, then you need to configure OfficeScan to avoid scanning the \Device\ path. This covers all mount points and is needed in addition to the above exclusions such as C:\Program Files\Microsoft\Exchange Server etc. The path \Device\ is needed and not the longer \Device\HardDiskVolume1\ as it is not always possible to know what number will be used.

At my current client there are 10 mount points into C:\ExchangeDatabases, and on some servers this is seen by Trend OfficeScan as  \Device\HardDiskVolume1\ through \Device\HardDiskVolume10\ but on other servers this is seen as every even number between \Device\HardDiskVolume30\ and \Device\HardDiskVolume48\. So rather than exclude every individual path from \Device\HardDiskVolume1\ to \Device\HardDiskVolume48\ we tested \Device\ and found that to do the same. Adding \Device\ does not include volumes that are mapped to drive letters, so if I had a virus in C:\Users\administrator\Desktop then it would still get picked up.

Finally, and here is a tip I recommend – go to www.eicar.com and get the string that you can use to create a test virus. Create this “virus” and place it in folders that should be excluded from scanning. The test virus should not be deleted/quarantined etc. Now you know that your Exchange Server databases logs etc are not being scanned as well and its a great way to prove that the scan configuration that you the Exchange administrator requested from the security team is actually correct and working.   


Posted

in

,

by

Tags:

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.