AMSI integration issue with Microsoft Exchange Server 2016/2019
Last Modified: 2022-06-29 16:19:46 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
AMSI integration issue with Microsoft Exchange Server 2016/2019
Technical Articles ID:
KB94859
Last Modified: 2022-06-29 16:19:46 Etc/GMT Environment
Endpoint Security (ENS) Adaptive Threat Protection (ATP) 10.x ENS Threat Prevention 10.x MVISION Endpoint Microsoft Exchange Server 2019, 2016 Summary
Microsoft announced the availability of Antimalware Scan Interface (AMSI) integration with Microsoft Exchange Server. For more information, see the Microsoft article Released: June 2021 Quarterly Exchange Updates. For more information about the AMSI integration, see the Microsoft article More about AMSI integration with Exchange Server. Problem
There might be an issue where the AMSI integration isn't working properly when there are multiple AMSI providers. There might be compatibility issues when you have ENS or MVISION Endpoint (with AMSI enabled) and the AMSI integration in Microsoft Exchange Server 2016/2019.
System Change
The following Exchange updates were applied to your Exchange infrastructure:
Solution
This issue is resolved in the ENS 10.7.0 June 2022 Update. Our product software, upgrades, maintenance releases, and documentation are available on the Product Downloads site.
NOTE: You need a valid Grant Number for access. See KB56057 - How to download product updates and documentation for more information about the Product Downloads site, and alternate locations for some products. Workaround
The Microsoft article referenced earlier, More about AMSI integration with Exchange Server, has steps on how to disable the AMSI feature on Microsoft Exchange Server while retaining the installed Exchange rollup updates. We recommend keeping the AMSI features in ENS Threat Prevention, ENS ATP, and MVISION Endpoint enabled. But, you can find the AMSI configuration items within the respective product policies in ePO:
Affected ProductsLanguages:This article is available in the following languages: |
|