Email Stuck in Exchange On-premises Transport Queues

@Ricardo Costa da Silva Thanks I will try restarting once things settle down a bit...

@Nino Bilic  Thank you for the info.

@MSchwe do not utilize any kind of proxy service, our servers are permanently banned from connecting to Internet. ( I guess for the safety of the servers :) )

@AhmadBilal  Yes we did multiple restarts to confirm. We tried the manuel steps before and after placing the dll file. I can confirm, that the folders

"D:\ExchangeServer\FIP-FS\Data\Engines\amd64" does not contain a folder named "Microsoft"

"D:\ExchangeServer\FIP-FS\Data\Engines\metadata" is empty

Before running the engine update we confirmed that the services "FMS" and "MSExchangeTransport" are running

Both the manual steps and the automatic script fail at the point of updating the engine, with the error:

Unable to process update request because engine metadata is not available. Attempting to synchronize
metadata. Please try to run the cmdlet again later.

Any ideas?

Microsoft,

First off thank you all for coming up with quick workarounds and a solution to this unfortunate issue.  It has been a long year of emergency fixes/security patches for Exchange.

This brings up the question about the retirement of Exchange hybrid servers.  We've heard for a very long time of a future replacement for Exchange hybrid so we don't have to maintain an on-premise Exchange server which is required for O365 support with Azure AD Connect.    We are tired of patching these hybrid servers and we see customers retiring such servers even though they move to an "unsupported" state.

When will there be another supported way to manage Exchange attributes on-premise and a substitute to more easily allow systems/devices to relay off an internal email server?

It is long overdue Microsoft and hoping someone from the Exchange team can comment on the plans to simplify our IT lives so we don't have have to upgrade/patch Exchange hybrid servers every 2 to 6 months to stay in support and stay secure.

thank you,

Larry Heier

Download errors observed - notice the difference in time stamps of engine updates and in UpdateVersions post-update (on my first run) what is on the system and what is available online:

<...>
--------
Attempted to divide by zero.
At C:\Reset-ScanEngineVersion.ps1:102 char:25
+ ... $percentComplete = ($transfer.BytesTransferred * 100 / $t ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [], RuntimeException
+ FullyQualifiedErrorId : RuntimeException

[PS] C:\>
[PS] C:\>Get-EngineUpdateInformation

Engine : Microsoft
LastChecked : 01/03/2022 01:01:14 PM -05:00
LastUpdated : 01/01/2022 03:03:04 AM -05:00
EngineVersion : 1.1.18800.4
SignatureVersion : 1.355.1224.0
SignatureDateTime : 12/31/2021 08:03:32 PM -05:00
UpdateVersion : 2201010004
UpdateStatus : UpdateAttemptNoUpdate

[PS] C:\>

Rerunning the script:

<...>
[D] Do not run [R] Run once [S] Suspend [?] Help (default is "D"): R

<server-name> UpdateVersion: 2112330003
<server-name> This server is not impacted. Add -Force to proceed anyway.

Oh yes, it is.

[PS] C:\>.\Reset-ScanEngineVersion.ps1 -force

<server-name> Downloading scan engines
0 / 0
[oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo]

I can see where the Divide by zero error is coming from when download was timing out.

<server-name> Downloading scan engines
0 / 179030563
[                                                                ]

And then download restarted at around 11,4xx,xxx out of 179,xxx,xxx engine updates on the counter.

Check your UpdateVersion after update run for LastChecked and LastUpdated to match, and your UpdateVersion to be at least 2112330003.

This "fix" has worked on the messages trapped and undelivered in the queues, but none of my mobile users are receiving Email to their Outlook mobile apps. Is there another "fix" for that? All users could send and receive mail on Outlook mobile before the incident that caused the mail queue transport failure.

@Marcus0115 Sending / receiving email from Outlook mobile clients is completely unrelated to this issue, as far as I know. What we are talking about is that the transport queues on servers get backed up because transport service crashes.

We came back from vacation to realize we had no emails since 01/01/2022. We're executing the script and doing the update now. Hopefully, we'll be back running this afternoon.

We have a hybrid server being used only for SMTP relaying for on premise devices such as scanners, as well as object/attribute management.

Checking our version, we look to be on something really old (1603190004).

We therefore don't look to be having any issues with mail flow, but given the version, I'm not sure if;

A. The AV engine is even relevant in our scenario

B. We should follow the guidance to apply this fix and update our version

Thanks

James

Can we expect a formal patch anytime soon?  Or is this workaround going to be the only solution going forward?

@Eds1989 Which version of server is this? Bottom line is - if you are not seeing crashes and you do not have the version starting with 22... on Exchange 2013, then you do not need to worry about this.

@Ericwa999 This is considered a "permanent solution". We plan to eventually address the sequence (this will take time) but using the antimalware with version 211233... is the way forward. That is the only version that will keep getting antimalware updates.

For anyone getting the error "Cannot stop process" in relation to the updateservice.exe located in the FIP-FS. The solution for me was to make sure the account I was using had "Debug programs" rights under the Local Group Policy, otherwise the process will not terminate and the script fails to run.

@Nino Bilic It's Exchange 2016.

If the scanning engine is involved even during simple SMTP relaying, it feels like I should probably follow the mitigation steps, so we get a more up to date version of the engine but also avoid this issue after an update?

Cheers

James

We have mail flow monitoring and we didn't get any alert.  I do see some 5300/1106 errors on 12/31/2021 but nothing after that and the queues look good.    We disabled the malware agent, so the problem should not affect us?   Do we need to do anything manually or the Microsoft will soon push out the fix from the update?

[PS] C:\windows\system32>Get-transportagent

Identity Enabled Priority
-------- ------- --------
ScanMail Routing Agent True 1
ScanMail SMTP Receive Agent True 2
Transport Rule Agent True 3
DLP Policy Agent True 4
Retention Policy Agent True 5
Supervisory Review Agent True 6
Malware Agent False 7
Text Messaging Routing Agent True 8
Text Messaging Delivery Agent True 9
System Probe Drop Smtp Agent True 10
System Probe Drop Routing Agent True 11

After installing new antimalware engine and enable antimalware scanning with script enable-antimalwarescanning.ps1 I have to restart Microsoft Filtering Management Service and MSExchangeTransport Service. This solved my problem with stucking emails in queue.

YOU WILL GET A TIMEOUT IF YOU DO NOT USE THESE COMMANDS.

copy the Reset-ScanEngineVersion.ps1 into the folder C:\Program Files\Microsoft\Exchange Server\V15\Scripts
Run as Administrator Power Shell
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned
cd "C:\Program Files\Microsoft\Exchange Server\V15\Scripts"
.\Reset-ScanEngineVersion.ps1

Should look like this when you type it:
C:\Program Files\Microsoft\Exchange Server\V15\Scripts>.\Reset-ScanEngineVersion.ps1

Same problem here.   Exchange 2016 hybrid setup with centralized transport enabled.

The filtering service is stopping with the presented error but my mail flow is not impacted. The service will start but then stops about 5 minutes later.

We are using a third party scanning service on the on-premises so that is why I am thinking my mail queues are not impacted.

What did you end up doing? 

I have a client with a DAG of two servers, I applied the Fix,  re-enable the Malware agent, and have a lot of errors related,  the emails get stucks in submission queue like for 15 minutes then finally released, so i think the fix really isn´t fixing the all problem, still i see a lot of FIPFS and antimalware errores in the event viewer, i did roll back and disable the malware agent again an the server goes back to normal performance.

MS need to go deep on this and release a fix the really solve the issue.

This was my fix that was the alternative fix.  - I have the way to reverse it too.  REPLACE SERVERNAME.DOMAIN.LOCAL WITH YOUR FQDNSERVERNAME

We used AppRiver for an email filter and did not use the Microsoft Spam filter in addition to the filtering process.  Test it and undo it if this does not work for you.

To break local email filtering do this, but it allows the emails to come through because the emails contain a date that cannot be recognized after 12312021

Run Exchange Management Shell as Administrator
Set-MalwareFilteringServer SERVERNAME.DOMAIN.LOCAL -BypassFiltering $true
Restart-Service MSExchangeTransport

To put it back do this
Run Exchange Management Shell as Administrator
Set-MalwareFilteringServer SERVERNAME.DOMAIN.LOCAL -BypassFiltering $false
Restart-Service MSExchangeTransport

This was my fix that was the alternative fix.  - I have the way to reverse it too.  REPLACE SERVERNAME.DOMAIN.LOCAL WITH YOUR FQDNSERVERNAME

We used AppRiver for an email filter and did not use the Microsoft Spam filter in addition to the filtering process.  Test it and undo it if this does not work for you.

To break local email filtering do this, but it allows the emails to come through because the emails contain a date that cannot be recognized after 12312021

Run Exchange Management Shell as Administrator
Set-MalwareFilteringServer SERVERNAME.DOMAIN.LOCAL -BypassFiltering $true
Restart-Service MSExchangeTransport

To put it back do this
Run Exchange Management Shell as Administrator
Set-MalwareFilteringServer SERVERNAME.DOMAIN.LOCAL -BypassFiltering $false
Restart-Service MSExchangeTransport

I found issue causing messages to be stuck in queues 2k more items
my site effected on Jan 3/2022 around 3 pm.

I follow  Using the Automated Solution

Problem has been resolved.

Thank you

rkghothotmailcom are you using anti-malware based transport rule by any chance? If yes, check if disabling such transport rule helps

I tried the Automated Solution 

Using the Automated Solution

• Download the script here: https://aka.ms/ResetScanEngineVersion 
• Before running the script, change the execution policy for PowerShell scripts by running Set-ExecutionPolicy -ExecutionPolicy RemoteSigned.
• Run the script on each Exchange mailbox server that downloads antimalware updates in your organization (use elevated Exchange Management Shell).

Edge Transport servers are unaffected by this issue. You can run this script on multiple servers in parallel. After the script has completed, you will see the following output:

[PS] C:\Program Files\Microsoft\Exchange Server\V15\Scripts>.\Reset-ScanEngineVersion.ps1
EXCH1 Stopping services...
EXCH1 Removing Microsoft engine folder...
EXCH1 Emptying metadata folder...
EXCH1 Starting services...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to start...
EXCH1 Starting engine update...
Running as EXCH1-DOM\Administrator.
--------

Connecting to EXCH1.CONTOSO.com.
Dispatched remote command. Start-EngineUpdate -UpdatePath http://amupdatedl.microsoft.com/server/amupdate
--------

till this step and I didn't apply this command 

[PS] C:\Program Files\Microsoft\Exchange Server\V15\Scripts>Get-EngineUpdateInformation
but it works for me and the exchange send and receive now 

many thanks 

After restarting both the services:

- Microsoft Filtering Management

- Microsoft Exchange Transport

It still didn’t work (even after waiting 15 minutes).

After restarting the Exchange Server it worked.

This post helped me:

https://www.alitajran.com/exchange-mail-flow-breaks/

Disable-AntimalwareScanning.ps1 has been used on all servers to make the mail flow. In the download script, I do not see a function referencing enable-antimauwarescaning.ps1. Is it necessary to enable the Antimalware Scanning with Enable-AntimalwareScanning.ps1 first before applying the downloads patch script? 

@azuser We did the same here and as far as I can see you need to run the enable script to re-enable antimalware scanning. I ran the downloaded reset script to resolve the issue first and then ran the enable-antimalware after just to be sure. I then also had to manually restart the transport service. Beware the enable script appears to cause a re-download of the signatures in the background and so sits with no output for a good 30 mins. 

Hi team,

If on server execution policy was set to unrestricted, then I got 2 errors.

Would you please assist, if it was ok to have this policy and why I got 2nd error:

You cannot call a method on a null-valued expression. (on line 32)

[PS] C:\Program Files\Microsoft\Exchange Server\V15\Scripts>.\Reset-ScanEngineVersion.ps1
******server****** UpdateVersion: 2201010001
******server****** Stopping MSExchangeTransport, FMS, and updateservice...
******server****** Removing Microsoft engine folder...
******server****** Emptying metadata folder...
******server****** Starting services...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to start...
WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to start...
******server****** Starting engine update...
Running as *****
Set-ExecutionPolicy : Windows PowerShell updated your execution policy successfully, but the setting is overridden by
a policy defined at a more specific scope.  Due to the override, your shell will retain its current effective
execution policy of Unrestricted. Type "Get-ExecutionPolicy -List" to view your execution policy settings. For more
information please see "Get-Help Set-ExecutionPolicy".
At C:\Program Files\Microsoft\Exchange Server\V15\Scripts\Update-MalwareFilteringServer.ps1:85 char:34
+ ... Invoke-Command -ScriptBlock {Set-ExecutionPolicy RemoteSigned}  -Erro ...
+                                  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (:) [Set-ExecutionPolicy], SecurityException
    + FullyQualifiedErrorId : ExecutionPolicyOverride,Microsoft.PowerShell.Commands.SetExecutionPolicyCommand
--------
Connecting to ******server******.*****.
Dispatched remote command. Start-EngineUpdate -UpdatePath http://amupdatedl.microsoft.com/server/amupdate
--------
You cannot call a method on a null-valued expression.
At C:\Program Files\Microsoft\Exchange Server\V15\Scripts\Reset-ScanEngineVersion.ps1:110 char:25
+                     if ($null -ne $transfer.BytesTotal -and
+                         ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [], RuntimeException
    + FullyQualifiedErrorId : InvokeMethodOnNull

[PS] C:\Program Files\Microsoft\Exchange Server\V15\Scripts>Get-EngineUpdateInformation


Engine            : Microsoft
LastChecked       : 01/04/2022 10:50:13 AM +02:00
LastUpdated       : 01/04/2022 10:50:24 AM +02:00
EngineVersion     : 1.1.18800.4
SignatureVersion  : 1.355.1377.0
SignatureDateTime : 01/03/2022 11:36:20 PM +02:00
UpdateVersion     : 2112330013
UpdateStatus      : UpdateAttemptSuccessful

@Andrejs Soboļevs 

In line 26 there is a PermissionDenied

Do you run the EMS in elevated mode?

I continue to have problems with my server exchange 2019.

After running the fix, even though everything went well, you still don't get mail.
I am able to send to both internal and external users but I cannot receive from external contacts. Mail stops in the queue and cannot be distributed to individual mailboxes

I don't know what to feel anymore. The version of the malware update is the latest available to date.

This is error relayed in logs file:
Message or connection acked with status Fail and response 554 5.4.4 SMTPSEND.DNS.NonExistentDomain; nonexistent domain internalproxy -> DnsDomainDoesNotExist: InfoDomainNonexistent
451 4.7.0 Temporary server error. Please try again later. PRX2

Can you help me?

@HansH yes, in elevated. Only execution policy is managed via GPO and set to unrestricted. Therefore ran it as is.

We got our servers running back to normal yesterday, only one of the laptops had to remove the exchange email account and reapply it. All PCs are fully functional now. 

@Andrejs Soboļevs 

If you run the following command after the script stops, does the cmdlet retuns anything?

I tried both automate solution and manual solution, but on one server I still got the error “WARNING: Unable to process update request because engine metadata is not available. Attempting to synchronize” 

We do not use Proxy.

Copy System32 msvcr110.dll in the 2 Exchange folders does not change anything, after a server restart, I still got exactly same error during update attempt.

Did anybody encountered same issue ?

I stop the anti-malware and messages are working well.

Open exchange shell in elevated

I tried to update the engine and not solve it yet, the process"updateservice" not stop, access denied.

@HansH 

I think it is already too late to run this, since I ran script once and it did the job. Event log did not contain anymore those error messages for events:

• 5300, FIPFS;
• 1106, FIPFS.

This is how it looked like in my scenario.

Script generates error “WARNING: Unable to process update request because engine metadata is not available. Attempting to synchronize” metadata. Please try to run the cmdlet again later.

• Copy msvcr110.dll from c:\windows\system32 to %ProgramFiles%\Microsoft\Exchange Server\V15\FIP-FS\Bin and %ProgramFiles%\Microsoft\Exchange Server\V15\Bin
• Restart the Exchange server
• Re-run the script

I do not have a proxy and this does not work.

I have downloaded the files to a local drive and tried and also get the same error even when running on elevated prompt.

I am not alone looking at above, has anyone got a solution other than bypassing by disabling the antispam.

Exchange 2019

Getting this error on one of my Exchange 2016 servers, whether I use the automated script or run Update-MalwareFilteringServer.ps1 manually.  I'm using an elevated PowerShell running as Domain Admin and member of Organization Management, and my execution policy is RemoteSigned.

C:\Program Files\Microsoft\Exchange Server\V15\scripts\Update-MalwareFilteringServer.ps1 : Error starting the anti-malware engine update.
At line:1 char:1
+ .\Update-MalwareFilteringServer.ps1 -Identity myserver.mydomain. ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Update-MalwareFilteringServer.ps1

Suggestions?

Update: after the server sat for a while, Get-EngineUpdateInformation starting showing valid definitions, but the update command never did complete without error.  I re-enabled the "Malware Agent" transport agent, which I had disabled to restore mail flow Monday, and everything seems OK.

Somebody get @GRauth a beer please! Thank you!
I've been fiddling with this for quite a while now - neither the Reset-Script nor the manual steps were working out, as "Update-MalwareFilteringServer.ps1" kept failing no matter what I did.
GRauth's instructions saved my day, and frankly that happens way too often: MS instructions get you nowhere so you turn to the community to get s*** fixed.

This patch revolves the issue. Thanks.

I am running Exchange Server 2016 On Premise. I went through the manual steps for the fix. My UpdateVersion is 2112330003. When I run the script Enable-AntiMalwareScanning.PS1 and restart the MSExchangeTransport the messages start building in the queue again. What am I missing?

Still stuck with this

Script generates error “WARNING: Unable to process update request because engine metadata is not available. Attempting to synchronize” metadata. Please try to run the cmdlet again later.

• Copy msvcr110.dll from c:\windows\system32 to %ProgramFiles%\Microsoft\Exchange Server\V15\FIP-FS\Bin and %ProgramFiles%\Microsoft\Exchange Server\V15\Bin
• Restart the Exchange server
• Re-run the script

I do not have a proxy and this does not work.

I have downloaded the files to a local drive and tried and also get the same error even when running on elevated prompt.

I am not alone looking at above, has anyone got a solution other than bypassing by disabling the antispam.

I also get this when I run 

$env:ExchangeInstallPath\Scripts\Enable-AntimalwareScanning.ps1

WARNING: Unable to process update request because engine metadata is not available. Attempting to synchronize metadata. Please try to run
the cmdlet again later.
Get-ValidEngines : Could not open local universal manifest
At C:\Program Files\Microsoft\Exchange Server\V15\Scripts\Enable-AntimalwareScanning.ps1:47 char:1
+ Get-ValidEngines | ForEach-Object { if($_.Categories[0] -eq "Antiviru ...
+ ~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-ValidEngines], EngineMetadataException
+ FullyQualifiedErrorId : Microsoft.Forefront.EngineUpdates.Service.EngineMetadataException,Microsoft.Forefront.Filtering.Management.P
owerShell.Commands.GetValidEngines

Someone must know how to fix this, it only happens on a fully updated Exchange 2019?

All the Exchange 2016 servers worked fine

@The_Exchange_Team help

Thanks

What script is this referring to when it says "use the Enable-AntimalwareScanning.ps1 script"? I don't see any scripts like that in my bin directory. 

@Gregory Jones 
It's here: "C:\Program Files\Microsoft\Exchange Server\V15\Scripts\Enable-AntimalwareScanning.ps1"

I am also getting the following error running in Exchange management shell ,remotely signed as an admin when running the automated script :-

 RNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Filtering Management Service (FMS)' to start...
WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to start...
WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to start...
WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to start...
WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to start...
WARNING: Waiting for service 'Microsoft Exchange Transport (MSExchangeTransport)' to start...
MAIL Starting engine update...
Running as ****or.
--------
Connecting to *****.

C:\Program Files\Microsoft\Exchange Server\V15\Scripts\Update-MalwareFilteringServer.ps1 : Error starting the
anti-malware engine update.
At C:\Program Files\Microsoft\Exchange Server\V15\Scripts\Reset-ScanEngineVersion.ps1:101 char:13
+ & $updateScriptPath @p
+ ~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Update-MalwareFilteringServer.ps1

Any  ideas would be greatly received.

@no1welshboyo

Try to execute the script manually. You can find the Script under "C:\Program Files\Microsoft\Exchange Server\V15\Scripts" 

Then execute this script: Update-MalwareFilteringServer.ps1 -Identity "YourExchangeServer" -EngineUpdatePath "https://forefrontdl.microsoft.com/server/scanengineupdate"

If that didn't work you can try 2 different EngineUpdatePaths:

https://amupdatedl.microsoft.com/server/scanengineupdate/

http://amupdatedl.microsoft.com/server/amupdate/

for me it worked after I used http://amupdatedl.microsoft.com/server/amupdate/ as the UpdatePath. 

Thank you ATkai, in the end I had to do the following manually,

1. Run Add-PSSnapin Microsoft.Forefront.Filtering.Management.Powershell
2. Run Start-EngineUpdate
3. Run Get-EngineUpdateInformation

About 45 mins later, and checking the event log I could see it was updating.

I came across the following website which helped me 

Exchange mail flow breaks (Disable AntiMalwareScanning) - ALI TAJRAN

I assume this is not your final permanent solution?  Can we expect MS fixing this in upcoming CU? 

Wanted to come back here and udpate with my experience on our Exchange 2019 Server Core servers running CU11.

We orginally disabled the Anti-Malware service using the "Disable-AntimalwareScanning.ps1 -ForceRestart" option on 12/31/21.

Deciding to deffer this fix until our monthly maintence window, I proceeded with doing the following on our (2) Exchange servers hosting passive copies of our mailbox databases BEFORE attempting to run the automated script in this post:

• Enable-AntimalwareScanning.ps1

I was then presented with several "Checking for Engine Update" messages over the course of 20-30min.

Once the update was completed, I restarted the MSExchangeTransport service as instructed. 

When the service finished restarting, I attempted to run the automated script in this post: 

• Reset-ScanEngineVersion.ps1

I was then informed that our scanning engine was up to date and that the script was not needed.

Performing a "Add-PSSnapin Microsoft.Forefront.Filtering.Management.Powershell" followed by a "Get-EngineUpdateInformation" provided me with the following results:

Engine : Microsoft
LastChecked : 01/13/2022 09:30:31 AM -08:00
LastUpdated : 01/13/2022 06:36:47 AM -08:00
EngineVersion : 1.1.18800.4
SignatureVersion : 1.355.1844.0
SignatureDateTime : 01/13/2022 12:23:00 AM -08:00
UpdateVersion : 2112330084
UpdateStatus : UpdateAttemptNoUpdate

At this moment, since out version is "2112330084" which is above the documented "2112330001", we assume there is nothing more that we need to do. There are also no FIPS error messages within the Application event logs.

Just thought I would post this as I found it unusual that the automated script was not needed for us to fix this issue, but just a matter of re-enabling the Anti-Malware Scanning and restarting the MSExchangeTransport service.

Running Exchange 2016 on-premise and was affected by the bug. On January 1st, I did the workaround to bypass the malware filter. Today I installed CU22 Security Update January KB5008631. I was planning on running the Reset script and enabling the malware filter. When I attempted to run the Reset-ScanEngineVersion.ps1 I see this:

EXSERVER UpdateVersion: 2112330086

EXSERVER This server is not impacted. Add -Force to proceed anyway

I ran Get-TransportAgent and I see the Malware Agent is set to True even thought I didn't set that yet

Is the Reset-ScanEngineVersion.ps1 needed if KB5008631 is installed?

@RickDF You are not impacted with version 2112330086 .  The bug was caused when Microsoft issued definitions which had a version number exceeding the maximum value for a 32bit integer (2147483647).  The "fix" is to clean out that version and get a newer version where they adjusted the numbering scheme.  That's what the script Microsoft provided does.