Intelligent Message Filter, Content Filter, can do more...

WinDeveloper IMF Tune
WinDeveloper IMF Tune

Exchange 2013 Malware Protection - Part 2

Alexander Zammit

Alexander Zammit Photo

Software Development Consultant. Involved in the development of various Enterprise software solutions. Today focused on Blockchain and DLT technologies.

Cast your Vote
Poor Excellent

The Exchange 2013 Management Shell provides a number of scripts and cmdlets for administering Malware Protection. When it comes to managing filter updates or enabling/disabling the filter the shell is our only administrative interface.

To force a filter update we have a dedicated script:
Update-MalwareFilteringServer.ps1

This wraps the Forefront cmdlet Start-EngineUpdate that we already met when discussing Enable-AntimalwareScanning.ps1

Sometimes we may need to check if the automatic updating service is working. This is when we need the Forefront cmdlet:
Get-EngineUpdateInformation

Get-EngineUpdateInformation

Most importantly it provides us with the last update date/time and the current update version.

Another cmdlet encountered on enabling/disabling the filter was:
Get-AntiVirusScanSettings
Set-AntiVirusScanSettings

Get-AntiVirusScanSettings

You may find the Enabled property useful when verifying the enablement status of the filter.

Malware Filtering Policy

The Malware Filtering Policy discussed in Exchange 2013 Malware Protection - Part 1 is configurable using the MalwareFilterPolicy Exchange cmdlets:
Get-MalwareFilterPolicy
Set-MalwareFilterPolicy

Get-MalwareFilterPolicy

Again this is an Exchange cmdlet so loading the Forefront snap-in is not necessary. Looking closely at the returned properties we can see that almost all of them are configurable at: Exchange Administrative Centre | Protection | Malware | Default Policy, with the exception of:
BypassInboundMessages
BypassOutboundMessages

These allow us to disable filtering for inbound and outbound messages.

Final Tips

Although many would have preferred Microsoft to continue providing on-premises Forefront, others will be happy to get an important piece of this product out-of-the-box in Exchange 2013.

Today we used the shell to manage the Malware Filter. This is the administrative interface of choice whenever managing updates. Amongst others we saw how to enable/disable the filter, start an immediate filter update, configure the updating frequency and verify the current update version.

References

Exchange 2013 Malware Protection - Part 1

User Comments - Page 1 of 1

Adwait 5 Jun 2016 00:04
WHat is the pattern how Malware agents considers the message as a spam and deletes the same.

Is there any configuration of malware agent or any algorithm for the same like we had in Forefront Security Agent.
VISWANATHAN 15 Jun 2015 03:00
HI all , i want to schedule the " Get-EngineUpdateInformation " reports for all our Exchange servers updated with Latest AntiMalware Definitions , Is there any PS1 file available to fetch this information in MAIL format every day and send it to our EXCHANGE admins.
Thom 3 Oct 2013 06:03
How can I set Proxy-Settings for the updates?
Stephan 28 Jun 2013 01:41
But how to obtain a report of numbers of blocked mail?
amit shinde 23 Apr 2013 21:59
Good one
Charles Derber 17 Feb 2013 16:58
Thanks & It is informative.
Copyright © 2005 - 2024 All rights reserved. ExchangeInbox.com is not affiliated with Microsoft Corporation