Microsoft Defender Antivirus and Virus Scanner Exceptions

While SmarterTools offers users the ability to license antivirus products such as Cyren Zero-hour, and while it offers an efficient way to combat viruses via the included Clam AV integration, some System Administrators choose to install their own on-server virus scanners to monitor files on the server. These can include products from companies such as AVG, Trend Micro, and Symantec. In addition, some prefer products that come standard with Windows Server operating systems, such as Microsoft Defender Antivirus. 
 
Because mail servers are so i/o intensive, they need to be configured perfectly to maximize server resources and improve hardware performance. On-server virus scanners can significantly impact the performance of your mail server if it's not properly configured. If a System Administrator chooses to install a third-party product such as Trend Micro or AVG, it's imperative that certain files are excluded from any scans the antivirus software performs. Therefore, knowing how to add these exceptions is crucial. 
 
Below are steps a System Administrator can take to manually add exceptions to Microsoft Defender Antivirus, the  protection that is built into Windows Server. When SmarterMail is initially installed, and each time the SmarterMail service is started, SmarterMail will attempt to automatically add exceptions to Microsoft Defender Antivirus if they are not currently present. If SmarterMail fails to add these exceptions, you must manually add them in order to prevent Defender from scanning SmarterMail files. Manual exceptions would also need to be added to any other third-party antivirus software. 
 
NOTE: SmarterMail exceptions must be added to whichever antivirus software you run on your SmarterMail server. Without them, your server will be drastically slowed down, corruption to SmarterMail files may occur, and important email components could be deleted. 
 
Follow the steps below to add exceptions for SmarterMail to Microsoft Defender Antivirus:
 
  1. Log into the server where SmarterMail is installed.
  2. Click on the Start menu. 
  3. Hover your mouse over Administrative Tools and right-click on Windows PowerShell Module. Then click on Run as administrator. In the following confirmation window, choose Yes to allow the program to make changes to your computer.
  4. Windows PowerShell will open in a new window. One at a time, enter the following lines into the module. NOTE: If you have SmarterMail installed in a different directory, or store domain data in a different folder or drive, you will want to modify your paths accordingly. In addition, if you have domains stored in more than one location, you will need to repeat the process for each domain storage location:
  5. Add-MpPreference -ExclusionExtension XML
    Add-MpPreference -ExclusionExtension CFG
    Add-MpPreference -ExclusionExtension GRP
    Add-MpPreference -ExclusionExtension HDR
    Add-MpPreference -ExclusionExtension JSON
    Add-MpPreference -ExclusionExtension JSONS
    Add-MpPreference -ExclusionExtension LOG
    Add-MpPreference -ExclusionExtension DB
    Add-MpPreference -ExclusionExtension STAT3
    Add-MpPreference -ExclusionExtension STAT4
    Add-MpPreference -ExclusionExtension BAK
    Add-MpPreference -ExclusionExtension CFE
    Add-MpPreference -ExclusionExtension CFS
    Add-MpPreference -ExclusionExtension DEL
    Add-MpPreference -ExclusionExtension DOC
    Add-MpPreference -ExclusionExtension FDT
    Add-MpPreference -ExclusionExtension FDX
    Add-MpPreference -ExclusionExtension FNM
    Add-MpPreference -ExclusionExtension GEN
    Add-MpPreference -ExclusionExtension NVD
    Add-MpPreference -ExclusionExtension NVM
    Add-MpPreference -ExclusionExtension POS
    Add-MpPreference -ExclusionExtension SI
    Add-MpPreference -ExclusionExtension TIM
    Add-MpPreference -ExclusionExtension TIP
    Add-MpPreference -ExclusionExtension DMP
    Add-MpPreference -ExclusionExtension SBIN
    Add-MpPreference -ExclusionExtension PIDS
    Add-MpPreference -ExclusionExtension TMPMSG
    Add-MpPreference -ExclusionExtension DAT
    Add-MpPreference -ExclusionExtension DAT2
    Add-MpPreference -ExclusionPath "C:\Program Files (x86)\SmarterTools\SmarterMail"
    Add-MpPreference -ExclusionPath "C:\SmarterMail\Domains"
  6. Exceptions for SmarterMail have now been added.
 

Extra Troubleshooting Tips

Execution of Scripts is Disabled
If you see the following line in the PowerShell window, you may not have the necessary permission to execute a command:
WARNING: File C:\Windows\system32\WindowsPowerShell\v1.0\Modules\PSDiagnostics.psm1 cannot be loaded because the execution of scripts is diabled on this system. Please see "get-help about_signing" for more details.
To resolve this issue, enter set-executionpolicy remotesigned into the PowerShell window. Then, confirm the policy change by entering into the PowerShell window. After changing the execution policy, you should be able to follow the steps above to add the SmarterMail exceptions.
 
Term is Not Recognized
If you see the following line in the PowerShell window, then Microsoft Defender has not been installed or is not enabled on your server: 
The term 'Add-MpPreference' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
If Microsoft Defender is not installed or enabled by default on your server, adding exceptions for SmarterMail is not required. However, if Defender is supported on your server, you can install it and follow the steps above to add exceptions for SmarterMail.
 
 
Learn more about SmarterMail's enterprise email features and benefits.

Feedback

Recent updates to SM suggest that defender is an option for AV in the AV config. So does this update this article in any way?
David Finley (6/30/2021 at 12:28 AM)
I'm wondering the same thing.
Brian Davidson (3/12/2022 at 3:17 AM)
Can anyone at SM reply please? Maybe update this document overall?
David Jamell (3/22/2022 at 5:23 AM)
If you go to the antivirus area of the admin settings, you will see the Windows Defender. You need to add the exceptions above to avoid issues.
ActorMike (4/13/2022 at 8:15 AM)
If you add Add-MpPreference -ExclusionHDR Extension, it will stop scanning the mails that arrive in spool?
Gustavo Ramos Saavedra (11/11/2022 at 8:43 AM)
You'll want to add HDR and EML both. Or simply exclude the Spool path and subpaths.
Derek Curtis (11/14/2022 at 7:47 AM)