Capture Client-Interoperability with Microsoft Exchange servers
01/27/2022
15 People found this article helpful
195,781 Views
Description
This is a workaround to address Capture client Interoperability issues with Microsoft Exchange Servers.
NOTE: If you deploy this solution, the Capture client (S1 Agent) will not be able to protect the affected endpoints from exploits directed at the application vulnerabilities.
Resolution
Below are the steps to add exclusions for the Microsoft Domain Controller to a specific Device:
- Go to https://captureclient-36.sonicwall.com and login using your MysonicWALL credentials .
- Navigate to Assets>Groups>Click on Add .

- Create a Static Group as below specific to the Device thats needs the exclusion to be applied
Group Name: Microsoft Exchange server exclusion
Group Type: Device Group
Group Category:Static

- Click Nect to Apply.
- In the ADD Devices/Rules page choose the specific device that needs the exclusion to be applied.

- Click Next to Apply.
- Validate the settings on the Summary Page and click confirm to review the policy inherited.

- The Static Group is successfully created , click Done to complete.

- Click on assigned policy for the particular group and you will lead to the policies page .

- Navigate to Exclusions under Policy and click '+' on the top right of the exclusion page add the Path as required and click Add.

- Repeat the step 10 to add all the following Exchange folders under exclusions
A summary of the recommendations is to exclude these files and processes for all Exchange Servers:
Granular, more secure (less aggressive) list for each version:
Exchange 2016:
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\msftesql.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\store.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\mad.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\exfba.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\msftefd.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeADTopologyService.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.AddressBook.Service.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.AntispamUpdateSvc.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.EdgeSyncSvc.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MsExchangeFDS.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeMailboxAssistants.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeMailboxReplication.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeMailSubmission.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.ProtectedServiceHost.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\msexchangerepl.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.RpcClientAccess.Service.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.Search.ExSearch.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.ServiceHost.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeThrottling.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeTransport.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\EdgeTransport.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeTransportLogSearch.exe
Exchange 2013:
- C:\Wndows\System32\Dsamain.exe
- C:\Windows\System32\inetsrv\inetinfo.exeC:\Windows\System32\inetsrv\W3wp.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\EdgeTransport.exe
- C:\Program Files\Microsoft\Exchange Server\v15\FIP-FS\Bin\fms.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Search\Ceres\HostController\hostcontrollerservice.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.AntispamUpdateSvc.exe
- C:\Program Files\Microsoft\Exchange Server\v15\TransportRoles\agents\Hygiene\Microsoft.Exchange.ContentFilter.Wrapper.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.Diagnostics.Service.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.Directory.TopologyService.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.EdgeCredentialSvc.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.EdgeSyncSvc.exe
- C:\Program Files\Microsoft\Exchange Server\v15\FrontEnd\PopImap\Microsoft.Exchange.Imap4.exe
- C:\Program Files\Microsoft\Exchange Server\v15\ClientAccess\PopImap\Microsoft.Exchange.Imap4service.exe
- C:\Program Files\Microsoft\Exchange Server\v15\FrontEnd\PopImap\Microsoft.Exchange.Pop3.exe
- C:\Program Files\Microsoft\Exchange Server\v15\ClientAccess\PopImap\Microsoft.Exchange.Pop3service.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.ProtectedServiceHost.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.RPCClientAccess.Service.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.Search.Service.exeC:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.Servicehost.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.Store.Service.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Microsoft.Exchange.Store.Worker.exe
- C:\Program Files\Microsoft\Exchange Server\v15\FrontEnd\CallRouter\Microsoft.Exchange.UM.CallRouter.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeDagMgmt.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeDelivery.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeFrontendTransport.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeHMHost.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeHMWorker.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeMailboxAssistants.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeMailboxReplication.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeMigrationWorkflow.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeRepl.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeSubmission.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeTransport.exeC:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeTransportLogSearch.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\MSExchangeThrottling.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Search\Ceres\Runtime\1.0\Noderunner.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\OleConverter.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\Search\Ceres\ParserServer\ParserServer.exe
- C:\Program Files\Microsoft\Exchange Server\v15\FIP-FS\Bin\ScanEngineTest.exe
- C:\Program Files\Microsoft\Exchange Server\v15\FIP-FS\Bin\ScanningProcess.exe
- C:\Program Files\Microsoft\Exchange Server\v15\ClientAccess\Owa\Bin\DocumentViewing\TranscodingService.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\UmService.exe
- C:\Program Files\Microsoft\Exchange Server\v15\Bin\UmWorkerProcess.exe
- C:\Program Files\Microsoft\Exchange Server\v15\FIP-FS\Bin\UpdateService.exe
Exchange 2010:
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\msftesql.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\store.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\mad.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\exfba.exeC:\Program File*\Microsoft\Exchange Server\V14\Bin\msftefd.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeADTopologyService.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.AddressBook.Service.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.AntispamUpdateSvc.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.EdgeSyncSvc.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MsExchangeFDS.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeMailboxAssistants.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeMailboxReplication.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeMailSubmission.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.ProtectedServiceHost.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\msexchangerepl.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.RpcClientAccess.Service.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.Search.ExSearch.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\Microsoft.Exchange.ServiceHost.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeThrottling.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeTransport.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\EdgeTransport.exe
- C:\Program File*\Microsoft\Exchange Server\V14\Bin\MSExchangeTransportLogSearch.ex
- Navigate to Asset>Device>Choose the specific Device>Settings>Update Policy.

- Also make sure the Policy is updated on the end client as well.

Related Articles
Categories
Was This Article Helpful?
YES
NO