Capture Client-Interoperability with Microsoft Exchange servers

1) Go to https://captureclient.sonicwall.com and login to using your MysonicWALL credentials

2) Navigate to Security Policies>capture client policies and add a custom capture client policy (if there are not custom policies already)  and also add one custom threat protection policy (Ex:Exchange Exclusions).

 3) Navigate to Security Policies>Threat Protection policy>click on edit button on that custom policy and elect exclusion type as Path and specify Exchange path, type in description and select OS type and click on Add. Turn Off Monitor option for each of the Exclusions added.

4) Repeat the step 3 to add all the following Exchange folders under exclusions.

A summary of the recommendations is to exclude these files and processes for all Exchange Servers:

• C:\Windows\System32\Dsamain.exe
• C:\Windows\System32\inetsrv\inetinfo.exe
• C:\Windows\System32\inetsrv\W3wp.exe
• (If it exists) C:\Windows\Temp\ExchangeSetup\
• (If it exists) C:\Windows\Temp\OICE_*\

Exclude these files based on your version:

Exchange 2007 -

C:\Program Files\Microsoft\Exchange Server\ (including subfolders)

Exchange 2010 -

C:\Program Files\Microsoft\Exchange Server\V14\ (including subfolders)

C:\Program Files\Exchsrvr\ (including subfolders)

Exchange 2013 -

C:\Program Files\Microsoft\Exchange Server\V15\ (including subfolders)

C:\Program Files\Exchsrvr\ (including subfolders)

Exchange 2016 - C:\Program Files\Microsoft\Exchange Server\V15\ (including subfolders)

Granular, more secure (less aggressive) list for each version:

Exchange 2016:

• C:\Program File*\Microsoft\Exchange Server\V14\Bin\msftesql.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\store.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\mad.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\exfba.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\msftefd.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeADTopologyService.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.AddressBook.Service.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.AntispamUpdateSvc.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.EdgeSyncSvc.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\MsExchangeFDS.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeMailboxAssistants.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeMailboxReplication.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeMailSubmission.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.ProtectedServiceHost.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\msexchangerepl.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.RpcClientAccess.Service.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.Search.ExSearch.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.ServiceHost.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeThrottling.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeTransport.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\EdgeTransport.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeTransportLogSearch.exe

Exchange 2013:

• C:\Wndows\System32\Dsamain.exe
• C:\Windows\System32\inetsrv\inetinfo.exeC:\Windows\System32\inetsrv\W3wp.exe
• C:\Program Files\Microsoft\Exchange Server\v15\Bin\EdgeTransport.exe
• C:\Program Files\Microsoft\Exchange Server\v15\FIP-FS\Bin\fms.exe
• C:\Program Files\Microsoft\Exchange Server\v15\Bin\Search\Ceres\HostController\hostcontrollerservice.exe
• C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.AntispamUpdateSvc.exe
• C:\Program Files\Microsoft\Exchange Server\v15\TransportRoles\agents\Hygiene\Microsoft.Exchange.ContentFilter.Wrapper.exe
• C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.Diagnostics.Service.exe
• C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.Directory.TopologyService.exe
• C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.EdgeCredentialSvc.exe
• C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.EdgeSyncSvc.exe
• C:\Program Files\Microsoft\Exchange Server\v15\FrontEnd\PopImap\Microsoft.Exchange.Imap4.exe
• C:\Program Files\Microsoft\Exchange Server\v15\ClientAccess\PopImap\Microsoft.Exchange.Imap4service.exe
• C:\Program Files\Microsoft\Exchange Server\v15\FrontEnd\PopImap\Microsoft.Exchange.Pop3.exe
• C:\Program Files\Microsoft\Exchange Server\v15\ClientAccess\PopImap\Microsoft.Exchange.Pop3service.exe
• C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.ProtectedServiceHost.exe
• C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.RPCClientAccess.Service.exe
• C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.Search.Service.exeC:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.Servicehost.exe
• C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.Store.Service.exe
• C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.Store.Worker.exe
• C:\Program Files\Microsoft\Exchange Server\v15\FrontEnd\CallRouter\Microsoft.Exchange.UM.CallRouter.exe
• C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeDagMgmt.exe
• C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeDelivery.exe
• C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeFrontendTransport.exe
• C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeHMHost.exe
• C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeHMWorker.exe
• C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeMailboxAssistants.exe
• C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeMailboxReplication.exe
• C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeMigrationWorkflow.exe
• C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeRepl.exe
• C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeSubmission.exe
• C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeTransport.exeC:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeTransportLogSearch.exe
• C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeThrottling.exe
• C:\Program Files\Microsoft\Exchange Server\v15\Bin\Search\Ceres\Runtime\1.0\Noderunner.exe
• C:\Program Files\Microsoft\Exchange Server\v15\Bin\OleConverter.exe
• C:\Program Files\Microsoft\Exchange Server\v15\Bin\Search\Ceres\ParserServer\ParserServer.exe
• C:\Program Files\Microsoft\Exchange Server\v15\FIP-FS\Bin\ScanEngineTest.exe
• C:\Program Files\Microsoft\Exchange Server\v15\FIP-FS\Bin\ScanningProcess.exe
• C:\Program Files\Microsoft\Exchange Server\v15\ClientAccess\Owa\Bin\DocumentViewing\TranscodingService.exe
• C:\Program Files\Microsoft\Exchange Server\v15\Bin\UmService.exe
• C:\Program Files\Microsoft\Exchange Server\v15\Bin\UmWorkerProcess.exe
• C:\Program Files\Microsoft\Exchange Server\v15\FIP-FS\Bin\UpdateService.exe

Exchange 2010:

• C:\Program File*\Microsoft\Exchange Server\V14\Bin\msftesql.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\store.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\mad.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\exfba.exeC:\Program File*\Microsoft\Exchange Server\V14\Bin\msftefd.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeADTopologyService.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.AddressBook.Service.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.AntispamUpdateSvc.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.EdgeSyncSvc.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\MsExchangeFDS.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeMailboxAssistants.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeMailboxReplication.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeMailSubmission.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.ProtectedServiceHost.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\msexchangerepl.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.RpcClientAccess.Service.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.Search.ExSearch.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.ServiceHost.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeThrottling.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeTransport.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\EdgeTransport.exe
• C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeTransportLogSearch.exe

5) Navigate to Secutity Policies>Threat Protection and click edit button on the policy you have added (Ex: Exchange Exclusions) and associate the capture client policy to which you would like to have the exclusions applied.

6) Navigate to Protect>Devices and update the policy to which you would like to have the exclusion policy pushed.