Scanning of Exchange server 2016 processes can adversely affect Microsoft Exchange if the incorrect processes are scanned. Hence we should exclude the following Exchange or related processes from process scanning by antivirus solutions.
Mailbox Server:
| Process | Path |
| ComplianceAuditService.exe | %ExchangeInstallPath%Bin |
| EdgeTransport.exe | %ExchangeInstallPath%Bin |
| fms.exe | %ExchangeInstallPath%FIP-FS\Bin |
| hostcontrollerservice.exe | %ExchangeInstallPath%Bin\Search\Ceres\HostController |
| inetinfo.exe | %SystemRoot%\System32\inetsrv |
| Microsoft.Exchange.AntispamUpdateSvc.exe | %ExchangeInstallPath%Bin |
| Microsoft.Exchange.ContentFilter.Wrapper.exe | %ExchangeInstallPath%TransportRoles\agents\Hygiene |
| Microsoft.Exchange.Diagnostics.Service.exe | %ExchangeInstallPath%Bin |
| Microsoft.Exchange.Directory.TopologyService.exe | %ExchangeInstallPath%Bin |
| Microsoft.Exchange.EdgeSyncSvc.exe | %ExchangeInstallPath%Bin |
| Microsoft.Exchange.Imap4.exe | ExchangeInstallPath%FrontEnd\PopImap |
| Microsoft.Exchange.Imap4service.exe | %ExchangeInstallPath%ClientAccess\PopImap |
| Microsoft.Exchange.Notifications.Broker.exe | %ExchangeInstallPath%Bin |
| Microsoft.Exchange.Pop3.exe | %ExchangeInstallPath%FrontEnd\PopImap |
| Microsoft.Exchange.Pop3service.exe | %ExchangeInstallPath%ClientAccess\PopImap |
| Microsoft.Exchange.ProtectedServiceHost.exe | %ExchangeInstallPath%Bin |
| Microsoft.Exchange.RPCClientAccess.Service.exe | %ExchangeInstallPath%Bin |
| Microsoft.Exchange.Search.Service.exe | %ExchangeInstallPath%Bin |
| Microsoft.Exchange.Servicehost.exe | %ExchangeInstallPath%Bin |
| Microsoft.Exchange.Store.Service.exe | %ExchangeInstallPath%Bin |
| Microsoft.Exchange.Store.Worker.exe | %ExchangeInstallPath%Bin |
| Microsoft.Exchange.UM.CallRouter.exe | %ExchangeInstallPath%FrontEnd\CallRouter |
| MSExchangeCompliance.exe | %ExchangeInstallPath%Bin |
| MSExchangeDagMgmt.exe | %ExchangeInstallPath%Bin |
| MSExchangeDelivery.exe | %ExchangeInstallPath%Bin |
| MSExchangeFrontendTransport.exe | %ExchangeInstallPath%Bin |
| MSExchangeHMHost.exe | %ExchangeInstallPath%Bin |
| MSExchangeHMWorker.exe | %ExchangeInstallPath%Bin |
| MSExchangeMailboxAssistants.exe | %ExchangeInstallPath%Bin |
| MSExchangeMailboxReplication.exe | %ExchangeInstallPath%Bin |
| MSExchangeRepl.exe | %ExchangeInstallPath%Bin |
| MSExchangeSubmission.exe | %ExchangeInstallPath%Bin |
| MSExchangeTransport.exe | %ExchangeInstallPath%Bin |
| MSExchangeTransportLogSearch.exe | %ExchangeInstallPath%Bin |
| MSExchangeThrottling.exe | %ExchangeInstallPath%Bin |
| Noderunner.exe | %ExchangeInstallPath%Bin\Search\Ceres\Runtime\1.0 |
| OleConverter.exe | %ExchangeInstallPath%Bin |
| ParserServer.exe | %ExchangeInstallPath%Bin\Search\Ceres\ParserServer |
| Powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0 |
| ScanEngineTest.exe | %ExchangeInstallPath%FIP-FS\Bin |
| ScanningProcess.exe | %ExchangeInstallPath%FIP-FS\Bin |
| UmService.exe | %ExchangeInstallPath%Bin |
| UmWorkerProcess.exe | %ExchangeInstallPath%Bin |
| UpdateService.exe | %ExchangeInstallPath%FIP-FS\Bin |
| W3wp.exe | %SystemRoot%\System32\inetsrv |
| wsbexchange.exe | %ExchangeInstallPath%Bin |
Edge Transport Server:
| Process | Path |
| Dsamain.exe | %SystemRoot%\System32 |
| EdgeTransport.exe | %ExchangeInstallPath%Bin |
| Microsoft.Exchange.AntispamUpdateSvc.exe | %ExchangeInstallPath%Bin |
| Microsoft.Exchange.ContentFilter.Wrapper.exe | %ExchangeInstallPath%TransportRoles\agents\Hygiene |
| Microsoft.Exchange.Diagnostics.Service.exe | %ExchangeInstallPath%Bin |
| Microsoft.Exchange.EdgeCredentialSvc.exe | %ExchangeInstallPath%Bin |
| Microsoft.Exchange.ProtectedServiceHost.exe | %ExchangeInstallPath%Bin |
| Microsoft.Exchange.Servicehost.exe | %ExchangeInstallPath%Bin |
| MSExchangeHMHost.exe | %ExchangeInstallPath%Bin |
| MSExchangeHMWorker.exe | %ExchangeInstallPath%Bin |
| MSExchangeTransport.exe | %ExchangeInstallPath%Bin |
| MSExchangeTransportLogSearch.exe | %ExchangeInstallPath%Bin |
| Powershell.exe | C:\Windows\System32\WindowsPowerShell\v1.0 |
Virtual Maestro 
Leave a comment