Exchange Server: What to Do When a Virus Attack Occurs


Topic Last Modified: 2005-04-29

Following the recommendations in this document will help you to reduce the attack surface available to authors of malicious code. Unfortunately, even with precautions, your organization may still become the victim of a virus attack transmitted through e-mail.

This section provides more detailed information about what you can do when a virus is in your organization. The two main actions you need to take are the following:

  1. Use the "On with no exceptions" mode functionality of Windows Firewall.

  2. Clean the Exchange environment.

If you implement the recommendations in the Recommended Actions and Configurations section in this document, it is unlikely that a virus transmitted by e-mail will be robust enough to require shutting down mail services. However, in the event of such a virus, you may have to shut down mail flow to and from the Internet until the threat is contained.

Community Additions