AMSI integration issue with Microsoft Exchange Server 2016/2019

Technical Articles ID: KB94859
Last Modified: 2022-06-29 16:19:46 Etc/GMT

Environment

Endpoint Security (ENS) Adaptive Threat Protection (ATP) 10.x
ENS Threat Prevention 10.x
MVISION Endpoint
Microsoft Exchange Server 2019, 2016

Summary

Microsoft announced the availability of Antimalware Scan Interface (AMSI) integration with Microsoft Exchange Server. For more information, see the Microsoft article Released: June 2021 Quarterly Exchange Updates.

For more information about the AMSI integration, see the Microsoft article More about AMSI integration with Exchange Server.

Problem

There might be an issue where the AMSI integration isn't working properly when there are multiple AMSI providers. There might be compatibility issues when you have ENS or MVISION Endpoint (with AMSI enabled) and the AMSI integration in Microsoft Exchange Server 2016/2019.

System Change

The following Exchange updates were applied to your Exchange infrastructure:

Exchange Server 2019 Cumulative Update 10 (KB5003612)
Exchange Server 2016 Cumulative Update 21 (KB5003611)

Solution

This issue is resolved in the ENS 10.7.0 June 2022 Update.

Our product software, upgrades, maintenance releases, and documentation are available on the Product Downloads site.

NOTE: You need a valid Grant Number for access. See KB56057 - How to download product updates and documentation for more information about the Product Downloads site, and alternate locations for some products.

Workaround

The Microsoft article referenced earlier, More about AMSI integration with Exchange Server, has steps on how to disable the AMSI feature on Microsoft Exchange Server while retaining the installed Exchange rollup updates.

We recommend keeping the AMSI features in ENS Threat Prevention, ENS ATP, and MVISION Endpoint enabled. But, you can find the AMSI configuration items within the respective product policies in ePO:

ENS Threat Prevention: Policy Catalog, Endpoint Security Threat Prevention, On-Access Scan, <Policy Name>, Enable AMSI (provides enhanced script scanning)
ENS ATP: Policy Catalog, Endpoint Security Adaptive Threat Protection, Options, <Policy Name>, Enable enhanced script scanning (includes AMSI integration)
MVISION Endpoint: Policy Catalog, MVISION Endpoint, General, <Policy Name>, Enable script scanning

Affected Products

Languages:

This article is available in the following languages:

Knowledge Center

AMSI integration issue with Microsoft Exchange Server 2016/2019

Environment

Summary

Problem

System Change

Solution

Workaround

Affected Products

Languages:

Title

Title

Knowledge Center

AMSI integration issue with Microsoft Exchange Server 2016/2019

Environment

Summary

Problem

System Change

Solution

Workaround

Affected Products

Languages:

Choose your region

Title

Title