The Exchange malware scanning agent must be configured for automatic updates.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-259695	EX19-MB-000147	SV-259695r945440_rule		Medium

Description
Anti-malware protection in Exchange Server 2019 helps combat viruses and spyware in an email messaging environment. Viruses infect other programs and data, and they spread throughout computer looking for programs to infect. Spyware gathers personal information (for example, sign-in information and personal data) and sends it back to its author. The anti-malware protection in Exchange Server was introduced in Exchange 2013 and is provided by the Transport agent named Malware Agent. The agent scans messages as they travel through the Transport service on a Mailbox server. To ensure increased effectiveness of the Malware Agent, ensuring its signatures are automatically updated is imperative. Not doing so can lead to system compromise. The Malware agent is installed during the initial installation of Microsoft Exchange server and if installed, is set for automatic updates by default.

Description

Anti-malware protection in Exchange Server 2019 helps combat viruses and spyware in an email messaging environment. Viruses infect other programs and data, and they spread throughout computer looking for programs to infect. Spyware gathers personal information (for example, sign-in information and personal data) and sends it back to its author. The anti-malware protection in Exchange Server was introduced in Exchange 2013 and is provided by the Transport agent named Malware Agent. The agent scans messages as they travel through the Transport service on a Mailbox server. To ensure increased effectiveness of the Malware Agent, ensuring its signatures are automatically updated is imperative. Not doing so can lead to system compromise. The Malware agent is installed during the initial installation of Microsoft Exchange server and if installed, is set for automatic updates by default.

STIG	Date
Microsoft Exchange 2019 Mailbox Server Security Technical Implementation Guide	2024-01-10

Details

Check Text ( C-63434r942397_chk )
In Exchange Management shell, run the following cmdlet: Get-MalwareFilteringServer \|Select-Object -Property Name, Update If the property "Update frequency" is not set, this is a finding. If the Malware agent is not installed, then this is not applicable.

Fix Text (F-63342r945440_fix)
In an elevated Exchange management shell, run the following cmdlet: Set-MalwareFilteringServer -Identity -UpdateFrequency Where is the name of the Exchange Server and is the update frequency (in minutes). Refer to the Enterprise Domain Security Plan (EDSP) for the update cadence that best aligns with the user's organization.