The Windows Antimalware Scan Interface (AMSI) is a versatile standard that allows applications and services to integrate with any antimalware product present on a machine. AMSI is vendor agnostic and...
Updated Sep 01, 2021
Version 3.0
Blog Post
Cannot believe that Microsoft would introduce AMSI for Exchange 2016 and 2019 servers in CU21 with little to no fanfare then have it cripple server around the world who have their own protection like Sophos!
Days of stress with the prospect of building a new Exchange VM over the weekend but after patching would still have been the same!!!
Annoyingly the recently released CU22 did not fix even though its pretty much a new install.
Thanks to Sophos who figured it out and issued the Powershell CLI to disable.
Turn off AMSI integration with Exchange Server 2016 & 2019 (recommended)
You can do so by opening Exchange Management Shell and create a new server override:
New-SettingOverride -Name "DisablingAMSIScan" -Component Cafe -Section HttpRequestFiltering -Parameters ("Enabled=False") -Reason "Testing"Get-ExchangeDiagnosticInfo -Process Microsoft.Exchange.Directory.TopologyService -Component VariantConfiguration -Argument RefreshRestart-Service -Name W3SVC, WAS -Force
On the 3rd command I ignored and just rebooted and now all ok.