Exchange antimalware agent must be enabled and configured.

Quick Actions

We are continuing to improve Stigviewer and we are planning on rolling out new services in the near future. Would you like to be part of the conversation on what those features should be? If so, click here.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-259694	EX19-MB-000146	SV-259694r1015276_rule		Medium

Description

Microsoft Exchange 2019 offers built-in antimalware protection for messages going through the transport pipeline. When enabled, the default settings are configured to automatically update. Exchange's built-in Malware Agent is not designed to address all malicious code protection workloads. This workload is best handled by third-party antivirus and intrusion prevention software. Sites must use an approved DOD scanner. Exchange Malware software has a limited scanning capability and does not scan files that are downloaded, opened, or executed.

STIG	Date
Microsoft Exchange 2019 Mailbox Server Security Technical Implementation Guide	2024-08-22

Details

Check Text (C-63433r942394_chk)

Open the Exchange Management Shell and run the following cmdlets:

Get-TransportAgent "Malware Agent"

If the identity "Malware Agent" is not set to "Enabled", this is a finding.

Fix Text (F-63341r942395_fix)

Open the Exchange Management Shell and run the following command:

& $env:ExchangeInstallPath\Scripts\Enable-AntimalwareScanning.ps1

This will automatically enable the anti-malware agent. After the script completes, run the following cmdlet to complete the process:

Restart-Service MSExchangeTransport

This may take up to 10 minutes to take effect.

STIG VIEWER