As of the June 2021 quarterly updates, Exchange Server supports integration with AMSI. This provides the ability for an AMSI-capable antivirus/antimalware solution to scan content in HTTP requests sent to the Exchange Server and block a malicious request before it is handled by Exchange. The scan is performed in real-time as the server begins to process the request. AMSI, as implemented in June 2021 Cumulative Updates (CUs), only scans the HTTP protocol, and is not meant to be a replacement to existing server-level or message hygiene protections.
Jan1 2022 bug :
To bypass antimalware on all servers:
Get-ExchangeServer | % {Set-MalwareFilteringServer -BypassFiltering $true -Identity $_.Name}
Verify if disbaled : (bypass filtering = True)
Get-MalwareFilteringServer
then
restart transport service
&
iisreset
Commands to turn off full AMSI :
Turn off AMSI integration with Exchange Server 2016 & 2019 if your antivirus already has such features.
Open Exchange Management Shell as administrator and use the following:
1. New-SettingOverride -Name "DisablingAMSIScan" -Component Cafe -Section HttpRequestFiltering -Parameters ("Enabled=False") -Reason "Testing"
2. Get-ExchangeDiagnosticInfo -Process Microsoft.Exchange.Directory.TopologyService -Component VariantConfiguration -Argument Refresh
3. Restart-Service -Name W3SVC, WAS -Force
4. iisreset
To re-enable AMSI integration in Microsoft Exchange:
1. Remove-SettingOverride -Identity DisablingAMSIScan -Confirm:$false
2. Get-ExchangeDiagnosticInfo -Process Microsoft.Exchange.Directory.TopologyService -Component VariantConfiguration -Argument Refresh
3. Restart-Service -Name W3SVC, WAS -Force
4. iisreset
![](https://i.ytimg.com/vi/QqAa4g-qyy4/maxresdefault.jpg)