1) Go to https://captureclient.sonicwall.com and login to using your MysonicWALL credentials
2) Navigate to Security Policies>capture client policies and add a custom capture client policy (if there are not custom policies already) and also add one custom threat protection policy (Ex:Exchange Exclusions).
3) Navigate to Security Policies>Threat Protection policy>click on edit button on that custom policy and elect exclusion type as Path and specify Exchange path, type in description and select OS type and click on Add. Turn Off Monitor option for each of the Exclusions added.
4) Repeat the step 3 to add all the following Exchange folders under exclusions.
A summary of the recommendations is to exclude these files and processes for all Exchange Servers:
- C:\Windows\System32\Dsamain.exe
- C:\Windows\System32\inetsrv\inetinfo.exe
- C:\Windows\System32\inetsrv\W3wp.exe
- (If it exists) C:\Windows\Temp\ExchangeSetup\
- (If it exists) C:\Windows\Temp\OICE_*\
Exclude these files based on your version:
Exchange 2007 -
C:\Program Files\Microsoft\Exchange Server\ (including subfolders)
Exchange 2010 -
C:\Program Files\Microsoft\Exchange Server\V14\ (including subfolders)
C:\Program Files\Exchsrvr\ (including subfolders)
Exchange 2013 -
C:\Program Files\Microsoft\Exchange Server\V15\ (including subfolders)
C:\Program Files\Exchsrvr\ (including subfolders)
Exchange 2016 - C:\Program Files\Microsoft\Exchange Server\V15\ (including subfolders)
Granular, more secure (less aggressive) list for each version:
Exchange 2016:
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\msftesql.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\store.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\mad.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\exfba.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\msftefd.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeADTopologyService.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.AddressBook.Service.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.AntispamUpdateSvc.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.EdgeSyncSvc.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MsExchangeFDS.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeMailboxAssistants.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeMailboxReplication.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeMailSubmission.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.ProtectedServiceHost.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\msexchangerepl.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.RpcClientAccess.Service.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.Search.ExSearch.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.ServiceHost.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeThrottling.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeTransport.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\EdgeTransport.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeTransportLogSearch.exe
Exchange 2013:
- C:\Wndows\System32\Dsamain.exe
- C:\Windows\System32\inetsrv\inetinfo.exeC:\Windows\System32\inetsrv\W3wp.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\EdgeTransport.exe
- C:\Program Files\Microsoft\Exchange Server\v15\FIP-FS\Bin\fms.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Search\Ceres\HostController\hostcontrollerservice.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.AntispamUpdateSvc.exe
- C:\Program Files\Microsoft\Exchange Server\v15\TransportRoles\agents\Hygiene\Microsoft.Exchange.ContentFilter.Wrapper.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.Diagnostics.Service.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.Directory.TopologyService.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.EdgeCredentialSvc.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.EdgeSyncSvc.exe
- C:\Program Files\Microsoft\Exchange Server\v15\FrontEnd\PopImap\Microsoft.Exchange.Imap4.exe
- C:\Program Files\Microsoft\Exchange Server\v15\ClientAccess\PopImap\Microsoft.Exchange.Imap4service.exe
- C:\Program Files\Microsoft\Exchange Server\v15\FrontEnd\PopImap\Microsoft.Exchange.Pop3.exe
- C:\Program Files\Microsoft\Exchange Server\v15\ClientAccess\PopImap\Microsoft.Exchange.Pop3service.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.ProtectedServiceHost.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.RPCClientAccess.Service.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.Search.Service.exeC:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.Servicehost.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.Store.Service.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.Store.Worker.exe
- C:\Program Files\Microsoft\Exchange Server\v15\FrontEnd\CallRouter\Microsoft.Exchange.UM.CallRouter.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeDagMgmt.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeDelivery.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeFrontendTransport.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeHMHost.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeHMWorker.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeMailboxAssistants.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeMailboxReplication.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeMigrationWorkflow.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeRepl.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeSubmission.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeTransport.exeC:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeTransportLogSearch.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeThrottling.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Search\Ceres\Runtime\1.0\Noderunner.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\OleConverter.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Search\Ceres\ParserServer\ParserServer.exe
- C:\Program Files\Microsoft\Exchange Server\v15\FIP-FS\Bin\ScanEngineTest.exe
- C:\Program Files\Microsoft\Exchange Server\v15\FIP-FS\Bin\ScanningProcess.exe
- C:\Program Files\Microsoft\Exchange Server\v15\ClientAccess\Owa\Bin\DocumentViewing\TranscodingService.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\UmService.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\UmWorkerProcess.exe
- C:\Program Files\Microsoft\Exchange Server\v15\FIP-FS\Bin\UpdateService.exe
Exchange 2010:
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\msftesql.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\store.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\mad.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\exfba.exeC:\Program File*\Microsoft\Exchange Server\V14\Bin\msftefd.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeADTopologyService.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.AddressBook.Service.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.AntispamUpdateSvc.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.EdgeSyncSvc.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MsExchangeFDS.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeMailboxAssistants.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeMailboxReplication.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeMailSubmission.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.ProtectedServiceHost.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\msexchangerepl.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.RpcClientAccess.Service.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.Search.ExSearch.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.ServiceHost.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeThrottling.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeTransport.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\EdgeTransport.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeTransportLogSearch.exe
5) Navigate to Secutity Policies>Threat Protection and click edit button on the policy you have added (Ex: Exchange Exclusions) and associate the capture client policy to which you would like to have the exclusions applied.
6) Navigate to Protect>Devices and update the policy to which you would like to have the exclusion policy pushed.
Next Generation FirewallNext-generation firewall for SMB, Enterprise, and Government
Security ServicesComprehensive security for your network security solution
Capture Security applianceAdvanced Threat Protection for modern threat landscape
Network Security ManagerModern Security Management for today’s security landscape
Secure Mobile AccessRemote, best-in-class, secure access
Wireless Access PointsEasy to manage, fast and secure Wi-FI
SwitchesHigh-speed network switching for business connectivity
Cloud App SecurityVisibility and security for Cloud Apps
Cloud Firewall (NSv)Next-generation firewall capabilities in the cloud
Capture ClientStop advanced threats and rollback the damage caused by malware
Content Filtering ClientControl access to unwanted and unsecure web content
03/26/2020
12
7886
NOTE: 