- Products
- Network Security
- Threat Protection
- Secure Access Service Edge (SASE)
- Cloud Security
- Endpoint Security
- Email Security
- Secure Access
-
Wi-Fi 6 Access Points
SonicWall SonicWave 600 series access points provide always-on, always-secure connectivity for complex, multi-device environments.
Read More
- Solutions
- Industries
- Use Cases
- Solutions Widgets
- Solutions Content Widgets
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
- Solutions Image Widgets
-
- Partners
- SonicWall Partners
- Partner Resources
- Partner Widgets
- Custom HTML : Partners Content WIdgets
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
- Partners Image Widgets
-
- Support
- Support
- Resources
- Capture Labs
- Support Widget
- Custom HTML : Support Content WIdgets
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
- Support Image Widgets
-
- COMPANY
- PROMOTIONS
- MANAGED SERVICES
- Contact Sales
-
- Menu
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
- Solutions
- Solutions Widgets
- Solutions Image Widgets
-
- Solutions Widgets
- Partners
- Partner Widgets
- Partners Image Widgets
-
- Partner Widgets
- Support
- Support Widget
- Support Image Widgets
-
- Support Widget
Capture Client-Interoperability with Microsoft Exchange servers
01/27/2022 
15 People found this article helpful
195,781 Views
Description
This is a workaround to address Capture client Interoperability issues with Microsoft Exchange Servers.
NOTE: If you deploy this solution, the Capture client (S1 Agent) will not be able to protect the affected endpoints from exploits directed at the application vulnerabilities.
Resolution
Below are the steps to add exclusions for the Microsoft Domain Controller to a specific Device:
- Go to https://captureclient-36.sonicwall.com and login using your MysonicWALL credentials .
- Navigate to Assets>Groups>Click on Add .
- Create a Static Group as below specific to the Device thats needs the exclusion to be applied
Group Name: Microsoft Exchange server exclusion
Group Type: Device Group
Group Category:Static
- Click Nect to Apply.
- In the ADD Devices/Rules page choose the specific device that needs the exclusion to be applied.
- Click Next to Apply.
- Validate the settings on the Summary Page and click confirm to review the policy inherited.
- The Static Group is successfully created , click Done to complete.
- Click on assigned policy for the particular group and you will lead to the policies page .
- Navigate to Exclusions under Policy and click '+' on the top right of the exclusion page add the Path as required and click Add.
- Repeat the step 10 to add all the following Exchange folders under exclusions
A summary of the recommendations is to exclude these files and processes for all Exchange Servers:- C:\Windows\System32\Dsamain.exe
- C:\Windows\System32\inetsrv\inetinfo.exe
- C:\Windows\System32\inetsrv\W3wp.exe
- (If it exists) C:\Windows\Temp\ExchangeSetup\
- (If it exists) C:\Windows\Temp\OICE_*\
Exchange 2007 -
C:\Program Files\Microsoft\Exchange Server\ (including subfolders
Exchange 2010 -- C:\Program Files\Microsoft\Exchange Server\V14\ (including subfolder
C:\Program Files\Exchsrvr\ (including subfolders)
Exchange 2013 -- C:\Program Files\Microsoft\Exchange Server\V15\ (including subfolders
- C:\Program Files\Exchsrvr\ (including subfolders)
Exchange 2016 - - C:\Program Files\Microsoft\Exchange Server\V15\ (including subfolders)
Granular, more secure (less aggressive) list for each version:
Exchange 2016:
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\msftesql.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\store.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\mad.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\exfba.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\msftefd.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeADTopologyService.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.AddressBook.Service.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.AntispamUpdateSvc.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.EdgeSyncSvc.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MsExchangeFDS.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeMailboxAssistants.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeMailboxReplication.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeMailSubmission.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.ProtectedServiceHost.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\msexchangerepl.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.RpcClientAccess.Service.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.Search.ExSearch.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.ServiceHost.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeThrottling.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeTransport.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\EdgeTransport.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeTransportLogSearch.exe
Exchange 2013:
- C:\Wndows\System32\Dsamain.exe
- C:\Windows\System32\inetsrv\inetinfo.exeC:\Windows\System32\inetsrv\W3wp.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\EdgeTransport.exe
- C:\Program Files\Microsoft\Exchange Server\v15\FIP-FS\Bin\fms.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Search\Ceres\HostController\hostcontrollerservice.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.AntispamUpdateSvc.exe
- C:\Program Files\Microsoft\Exchange Server\v15\TransportRoles\agents\Hygiene\Microsoft.Exchange.ContentFilter.Wrapper.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.Diagnostics.Service.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.Directory.TopologyService.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.EdgeCredentialSvc.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.EdgeSyncSvc.exe
- C:\Program Files\Microsoft\Exchange Server\v15\FrontEnd\PopImap\Microsoft.Exchange.Imap4.exe
- C:\Program Files\Microsoft\Exchange Server\v15\ClientAccess\PopImap\Microsoft.Exchange.Imap4service.exe
- C:\Program Files\Microsoft\Exchange Server\v15\FrontEnd\PopImap\Microsoft.Exchange.Pop3.exe
- C:\Program Files\Microsoft\Exchange Server\v15\ClientAccess\PopImap\Microsoft.Exchange.Pop3service.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.ProtectedServiceHost.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.RPCClientAccess.Service.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.Search.Service.exeC:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.Servicehost.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.Store.Service.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.Store.Worker.exe
- C:\Program Files\Microsoft\Exchange Server\v15\FrontEnd\CallRouter\Microsoft.Exchange.UM.CallRouter.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeDagMgmt.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeDelivery.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeFrontendTransport.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeHMHost.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeHMWorker.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeMailboxAssistants.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeMailboxReplication.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeMigrationWorkflow.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeRepl.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeSubmission.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeTransport.exeC:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeTransportLogSearch.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeThrottling.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Search\Ceres\Runtime\1.0\Noderunner.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\OleConverter.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Search\Ceres\ParserServer\ParserServer.exe
- C:\Program Files\Microsoft\Exchange Server\v15\FIP-FS\Bin\ScanEngineTest.exe
- C:\Program Files\Microsoft\Exchange Server\v15\FIP-FS\Bin\ScanningProcess.exe
- C:\Program Files\Microsoft\Exchange Server\v15\ClientAccess\Owa\Bin\DocumentViewing\TranscodingService.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\UmService.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\UmWorkerProcess.exe
- C:\Program Files\Microsoft\Exchange Server\v15\FIP-FS\Bin\UpdateService.exe
Exchange 2010:
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\msftesql.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\store.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\mad.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\exfba.exeC:\Program File*\Microsoft\Exchange Server\V14\Bin\msftefd.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeADTopologyService.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.AddressBook.Service.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.AntispamUpdateSvc.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.EdgeSyncSvc.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MsExchangeFDS.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeMailboxAssistants.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeMailboxReplication.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeMailSubmission.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.ProtectedServiceHost.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\msexchangerepl.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.RpcClientAccess.Service.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.Search.ExSearch.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.ServiceHost.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeThrottling.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeTransport.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\EdgeTransport.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeTransportLogSearch.ex
- Navigate to Asset>Device>Choose the specific Device>Settings>Update Policy.
- Also make sure the Policy is updated on the end client as well.
Related Articles
- Capture Client - system requirements
- SentinelOne agent version availability with SonicWall Capture Client
- New Features, Enhancements and Resolved Issues in SentinelOne Agents
YES
NO