As of the June 2021 quarterly updates, Exchange Server supports integration with AMSI. This provides the ability for an AMSI-capable antivirus/antimalware solution to scan content in HTTP requests sent to the Exchange Server and block a malicious request before it is handled by Exchange. The scan is performed in real-time as the server begins to process the request. AMSI, as implemented in June 2021 Cumulative Updates (CUs), only scans the HTTP protocol, and is not meant to be a replacement to existing server-level or message hygiene protections.

Jan1 2022 bug :
To bypass antimalware on all servers:
Get-ExchangeServer | % {Set-MalwareFilteringServer -BypassFiltering $true -Identity $_.Name}

Verify if disbaled : (bypass filtering = True)
Get-MalwareFilteringServer
then
restart transport service
&
iisreset


Commands to turn off full AMSI :
Turn off AMSI integration with Exchange Server 2016 & 2019 if your antivirus already has such features.

Open Exchange Management Shell as administrator and use the following:

1. New-SettingOverride -Name "DisablingAMSIScan" -Component Cafe -Section HttpRequestFiltering -Parameters ("Enabled=False") -Reason "Testing"
2. Get-ExchangeDiagnosticInfo -Process Microsoft.Exchange.Directory.TopologyService -Component VariantConfiguration -Argument Refresh
3. Restart-Service -Name W3SVC, WAS -Force
4. iisreset


To re-enable AMSI integration in Microsoft Exchange:

1. Remove-SettingOverride -Identity DisablingAMSIScan -Confirm:$false
2. Get-ExchangeDiagnosticInfo -Process Microsoft.Exchange.Directory.TopologyService -Component VariantConfiguration -Argument Refresh
3. Restart-Service -Name W3SVC, WAS -Force
4. iisreset

свернуть