Set-MalwareFilteringServer

This cmdlet is available only in on-premises Exchange.

Use the Set-MalwareFilteringServer cmdlet to configure the Malware agent settings in the Transport service on a Mailbox server.

For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.

Syntax

Set-MalwareFilteringServer
   [-Identity] <MalwareFilteringServerIdParameter>
   [-BypassFiltering <Boolean>]
   [-Confirm]
   [-DeferAttempts <Int32>]
   [-DeferWaitTime <Int32>]
   [-DomainController <Fqdn>]
   [-ForceRescan <Boolean>]
   [-MinimumSuccessfulEngineScans <Int32>]
   [-PrimaryUpdatePath <String>]
   [-ScanErrorAction <MalwareScanErrorAction>]
   [-ScanTimeout <Int32>]
   [-SecondaryUpdatePath <String>]
   [-UpdateFrequency <Int32>]
   [-UpdateTimeout <Int32>]
   [-WhatIf]
   [<CommonParameters>]

Description

You need to be assigned permissions before you can run this cmdlet. Although this topic lists all parameters for the cmdlet, you may not have access to some parameters if they're not included in the permissions assigned to you. To find the permissions required to run any cmdlet or parameter in your organization, see Find the permissions required to run any Exchange cmdlet.

Examples

Example 1

Set-MalwareFilteringServer Mailbox01 -UpdateFrequency 120 -DeferWaitTime 10

This example sets the following Malware agent settings on the Mailbox server named Mailbox01:

  • Sets the update frequency interval to 2 hours
  • Sets the time to wait between resubmit attempts to 10 minutes

Parameters

-BypassFiltering

The BypassFiltering parameter temporarily bypasses malware filtering without disabling the Malware agent on the server. The Malware agent is still active, and the agent is still called for every message, but no malware filtering is actually performed. This allows you to temporarily disable and then enable malware filtering on the server without disrupting mail flow by restarting the Microsoft Exchange Transport service. Valid input for this parameter is $true or $false. The default value is $false.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Server 2019

-Confirm

The Confirm switch specifies whether to show or hide the confirmation prompt. How this switch affects the cmdlet depends on if the cmdlet requires confirmation before proceeding.

  • Destructive cmdlets (for example, Remove-* cmdlets) have a built-in pause that forces you to acknowledge the command before proceeding. For these cmdlets, you can skip the confirmation prompt by using this exact syntax: -Confirm:$false.
  • Most other cmdlets (for example, New-* and Set-* cmdlets) don't have a built-in pause. For these cmdlets, specifying the Confirm switch without a value introduces a pause that forces you acknowledge the command before proceeding.
Type:SwitchParameter
Aliases:cf
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Server 2019

-DeferAttempts

The DeferAttempts parameter specifies the maximum number of times to defer a message that can't be scanned by the Malware agent. Valid input for this parameter is an integer between 1 and 5. The default value is 3.

After the maximum number of deferrals is reached, the action taken by the Malware agent depends on the error. For scan timeouts and engine errors, the action is to fail the message and return a non-delivery report (NDR) to the sender immediately after the last defer attempt. For all other errors, the message is retried for up to 48 hours, with each retry attempt taking place one hour longer than the last one. For example, starting after the last defer attempt, the first retry attempt will occur in 1 hour, the next retry attempt will occur 2 hours after that, the next retry attempt will occur 3 hours after the second retry attempt, and so on for up to 48 hours. After 48 hours have elapsed, the action is to fail the message and return a non-delivery report (NDR) to the sender.

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Server 2019

-DeferWaitTime

The DeferWaitTime parameter specifies the time period in minutes to increase the interval to resubmit messages for malware filtering in an effort to reduce the workload on the server.

For example, the first retry after the original failed scan occurs after the interval specified by the DeferWaitTime parameter. The second retry after the first retry occurs after two times the value of the DeferWaitTime parameter. The third retry after the second retry occurs after three times the value of the DeferWaitTime parameter and so on. The maximum number of retries is controlled by the DeferAttempts parameter.

Valid input for this parameter is an integer between 0 and 15. The default value is 5. This means the first resubmit occurs 5 minutes after the original failed scan, the second retry occurs 10 minutes after the first retry, the third retry occurs 15 minutes after the second retry and so on. The value 0 means messages are resubmitted for malware filtering after any failed scanning attempts without any delay.

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Server 2019

-DomainController

The DomainController parameter specifies the domain controller that's used by this cmdlet to read data from or write data to Active Directory. You identify the domain controller by its fully qualified domain name (FQDN). For example, dc01.contoso.com.

The DomainController parameter isn't supported on Edge Transport servers. An Edge Transport server uses the local instance of Active Directory Lightweight Directory Services (AD LDS) to read and write data.

Type:Fqdn
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Server 2019

-ForceRescan

The ForceRescan parameter specifies that messages should be scanned by the malware agent, even if the message was already scanned by Exchange Online Protection. Valid input for this parameter is $true or $false. The default value is $false.

Type:Boolean
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Server 2019

-Identity

The Identity parameter specifies the server where you want to configure the anti-malware settings. You can use any value that uniquely identifies the server. For example:

  • Name
  • FQDN
  • Distinguished name (DN)
  • Exchange Legacy DN
Type:MalwareFilteringServerIdParameter
Position:1
Default value:None
Required:True
Accept pipeline input:True
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Server 2019

-MinimumSuccessfulEngineScans

This parameter is reserved for internal Microsoft use.

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Server 2019

-PrimaryUpdatePath

The PrimaryUpdatePath parameter specifies where to download malware scanning engine updates. The default value is http://forefrontdl.microsoft.com/server/scanengineupdate. The location specified by the PrimaryUpdatePath parameter is always tried first.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Server 2019

-ScanErrorAction

The ScanErrorAction parameter specifies the action to take when a message can't be scanned by the malware filter. Valid values for this parameter are Block or Allow. The default value is Block.

Type:MalwareScanErrorAction
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Server 2019

-ScanTimeout

The ScanTimeout parameter specifies the timeout interval in seconds for messages that can't be scanned by the malware filter. Valid input for this parameter is an integer between 10 and 900. The default value is 300 (5 minutes).

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Server 2019

-SecondaryUpdatePath

The SecondaryUpdatePath parameter specifies an alternate download location for malware scanning engine updates. The default values is blank ($null). This means no alternate download location is specified.

The alternate download location is used when the location specified by the PrimaryUpdatePath parameter is unavailable for the time period specified by the UpdateTimeout parameter. On the next malware scanning engine update, the location specified by the PrimaryUpdate path parameter is tried first.

Type:String
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Server 2019

-UpdateFrequency

The UpdateFrequency parameter specifies the frequency interval in minutes to check for malware scanning engine updates. Valid input for this parameter is an integer between 1 and 38880 (27 days). The default value is 60 (one hour). The locations to check for updates are specified by the PrimaryUpdatePath and SecondaryUpdatePath parameters.

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Server 2019

-UpdateTimeout

The UpdateTimeout parameter specifies the timeout interval in seconds to use when checking for malware scanning engine updates. Valid input for this parameter is an integer between 60 and 300. The default value is 150 seconds (2.5 minutes).

If the location specified by the PrimaryUpdatePath parameter is unavailable for the time period specified by the UpdateTimeout parameter value, the location specified by the SecondaryUpdatePath parameter is used.

Type:Int32
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Server 2019

-WhatIf

The WhatIf switch simulates the actions of the command. You can use this switch to view the changes that would occur without actually applying those changes. You don't need to specify a value with this switch.

Type:SwitchParameter
Aliases:wi
Position:Named
Default value:None
Required:False
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Server 2013, Exchange Server 2016, Exchange Server 2019

Inputs

Input types

To see the input types that this cmdlet accepts, see Cmdlet Input and Output Types. If the Input Type field for a cmdlet is blank, the cmdlet doesn't accept input data.

Outputs

Output types

To see the return types, which are also known as output types, that this cmdlet accepts, see Cmdlet Input and Output Types. If the Output Type field is blank, the cmdlet doesn't return data.