We typically release our quarterly Cumulative Updates (CUs) for Exchange Server on the third Tuesday of a month. In June 2021, that would be June 15 th . Today we want to let you know that the June C...
Updated Jun 29, 2021
Version 5.0
Blog Post
ScottSchnoll, The_Exchange_Team
Satyajit321 has a good point. He is referring to the Transport Agent that is disabled by DEFAULT when installing Exchange 2016. I don't believe he is referring to Windows Defender in his question. Defender (MDAV per the article) being OS only - originally not interactive with Exchange.
Excluding the MDAV side of the house - we are talking Exchange only. What happens after the install of CU 21 if the Malware Agent is not enabled (again, it is disabled by default - oddly enough, we even have security requirements to keep it disabled*)? Will the AMSI function/feature still work? Does the Malware Agent Transport Agent in Exchange need to be enabled in order for AMSI to integrate with MDAV?
*if the Malware Agent is required to be enabled for AMSI to work, maybe with this new feature we no longer will be required to have it disabled.
A follow up question, and I apologize if this flew over my head - but does this new feature remove the need for 3rd party SMTP mail scanning as well? I recognize that this AMSI article is talking HTTP requests, but will it scan incoming mail items? For example, lets say an email comes into the environment with a trojan attached. Does this new marriage of ASMI and MDAV catch this mail item and pull it out of the mail item to quarantine it? If so, how does this new feature access the database in order to manipulate the mail data (either stripping the attachment, or other action) and where would it put the offending item?
Or are we talking HTTP requests only?
Thanks for your time.