By releasing cumulative updates for Exchange Server 2016/2019 (KB5003611 and KB5003612), Microsoft has introduced support for integration with AMSI (Antimalware Scan Interface) in the respective Exchange Server versions. Now AMSI-capable anti-virus software running on the same machine as the Exchange Server can scan the contents of all inbound HTTP requests before they are handled by a mail server.
As a result, running Dr.Web Anti-virus for Windows Servers and Dr.Web Agent for Windows with AMSI integration enabled may have a severe adverse impact on the overall performance of the Exchange Server and the Dr.Web software. The update that solves the mentioned issue was released on January 17, 2022. Before installing this update, Doctor Web developers recommend that you disable support for AMSI in your Exchange mail servers.
You can disable AMSI integration via Exchange Server PowerShell:
- Open Exchange Server PowerShell.
- Run the following command sequence:
[PS] C:\>New-SettingOverride -Name DisablingAMSIScan -Component Cafe -Section HttpRequestFiltering -Parameters ("Enabled=False") -Reason "Testing" [PS] C:\>Get-ExchangeDiagnosticInfo -Process Microsoft.Exchange.Directory.TopologyService -Component VariantConfiguration -Argument Refresh [PS] C:\>Restart-Service -Name W3SVC, WAS -Force
Important: Before you proceed, make sure that all your relevant data is saved. Running these commands will restart Internet Information Services (IIS) and interrupt the current connection.
It is also recommended that you re-enable AMSI integration on your mail server after the issue gets resolved with the release of an update. Re-enable AMSI integration by running these commands in Exchange Server PowerShell:
[PS] C:\>Remove-SettingOverride -Identity DisablingAMSIScan -Confirm:$false [PS] C:\>Get-ExchangeDiagnosticInfo -Process Microsoft.Exchange.Directory.TopologyService -Component VariantConfiguration -Argument Refresh [PS] C:\>Restart-Service -Name W3SVC, WAS -Force
Important: Before you proceed, make sure that all your relevant data is saved. Running these commands will restart Internet Information Services (IIS) and interrupt the current connection.
You can also disable AMSI integration with an Exchange Server support script:
- Download the Test-AMSI.ps1 script from the Microsoft repository here.
- Copy the script to the directory C:\scripts.. If the scripts directory does not exist, create it. To avoid possible errors, ensure that the script file is unblocked.
- Run the following command sequence:
[PS] C:\scripts>.\Test-AMSI.ps1 -DisableAMSI [PS] C:\scripts>.\Test-AMSI.ps1 -RestartIIS
To re-enable AMSI integration with Microsoft Exchange Server, run the following command sequence:
[PS] C:\scripts>.\Test-AMSI.ps1 -EnableAMSI [PS] C:\scripts>.\Test-AMSI.ps1 -RestartIIS