Malware Protection Feature in Exchange 2013

Exchange 2013 brings you a new feature Malware Protection which can help in protecting our spams emails, Malware is comprised of viruses and spyware which inspects each and every mail in our exchange server.

There are several anti-malware protection options in Exchange 2013:

Build In Anti Malware Protection for Exchange 2013

We can use the Exchange malware protection feature in order to help you combat malware this basic anti-malware protection can be turned off, replaced, or paired with a cloud-based service (such as Microsoft Exchange Online Protection
or Microsoft Forefront Online Protection for Exchange) to provide a layered defense.

Cloud Based Anti Malware Protection

Microsoft Forefront Online Protection for Exchange (FOPE) which is hosted Filtering service which is used for cloud based solution ( Exchange Online Protection) EOP.

Third Party Solutions

We can also disable the build in malware protection and install a third party anti malware for our Exchange Server

During our Exchange 2013 Setup it will prompt you to enable the Malware feature,


Lets start with Our Current Anti-Malware Protection Feature which is in our On-Premises

Login to the EAC Console

Navigate to Protection Settings



Malware Detection Response

When Malware is detect with any attachment you can chose the following settings to delete messages or delete attachments or to allow custom text from for the email.


Its also allow you to send a notification to both internal and External Senders for undelivered Messages

You can create a dedicated Mailbox to monitor the Emails which is undelivered.

Now we need to check the regular update if we have enable the Malware Protections

  • We cannot perform this task from Exchange Administration Console
  • We need to use Exchange Management Shell to update the latest engine of malware protection
  • To download updates, we must be able to access the Internet and be able to establish a connection on TCP port 80 (HTTP).

To download engine and definition updates, run the following command

Open the EMS go to scripts folder

Update-MalwareFilteringServer.ps1 -Identity  <FQDN of server>


Now how do we know that its got update with the latest Update or not

Open the Event Viewer Under the Application Logs

Filter the current logs and Select FIPS ( Filter Engine Update Process)

You will see an event ID 6033

MS Filtering Engine Update process performed a successful scan engine update.

Scan Engine: Microsoft

Update Path:

Engine Version: 1.1.8601.0

Signature Version: 1.131.2169.0


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s