Disable or bypass anti-malware scanning

  • Article

Applies to: Exchange Server 2013

In Microsoft Exchange Server 2013, you can disable or bypass malware filtering of all email messages in transit on a server. This must be done on a Mailbox server.

You may want to disable Exchange 2013 malware filtering if you are using another product for malware filtering. When malware filtering is disabled, the Exchange malware agent is unhooked and not running, and engine updates are not kept up-to-date.

Important

Bypassing malware filtering should only be done when troubleshooting a problem. When malware filtering is bypassed, the Exchange malware agent remains hooked, and engine updates are kept up-to-date. However, malware filtering is skipped while you attempt to resolve whatever problems you are encountering. After you have finished troubleshooting, you should restore malware filtering.

What do you need to know before you begin?

  • Estimated time to complete each procedure: 15 minutes

  • You can only use the Shell to perform this procedure.

  • Disabling or enabling malware filtering restarts the Microsoft Exchange Transport service on the server. This may temporarily disrupt mail flow in your organization.

  • Bypassing or restoring malware filtering doesn't require you to restart any services. However, changes to the setting may take up to 10 minutes to take effect.

  • If you have multiple Exchange servers performing malware filtering, you must perform these steps on each server.

  • You need to be assigned permissions before you can perform this procedure or procedures. To see what permissions you need, see the "Anti-malware" entry in the Anti-spam and anti-malware permissions topic.

  • For information about keyboard shortcuts that may apply to the procedures in this topic, see Keyboard shortcuts in the Exchange admin center.

Tip

Having problems? Ask for help in the Exchange forums. Visit the forums at Exchange Server.

Use the Shell to disable malware filtering on a specific Exchange server

To disable malware filtering, run the following command:

& $env:ExchangeInstallPath\Scripts\Disable-Antimalwarescanning.ps1

Note

To re-enable malware filtering, use Enable-Antimalwarescanning.ps1 instead of Disable-Antimalwarescanning.ps1.

How do you know this step worked?

To verify that malware filtering is disabled, run the following command and confirm that it returns a value of False:

Get-TransportAgent "Malware Agent"

Use the Shell to temporarily bypass malware filtering on a specific Exchange server

Important

Bypassing malware filtering should only be done when troubleshooting a problem. You should restore malware filtering after you have finished troubleshooting.

To temporarily bypass malware filtering, run the following command:

Set-MalwareFilteringServer <ServerIdentity> -BypassFiltering $true

To restore malware filtering, run the following command:

Set-MalwareFilteringServer <ServerIdentity> -BypassFiltering $false

How do you know this step worked?

To verify that malware filtering is being bypassed, run the following command and confirm that it returns a value of True:

Get-MalwareFilteringServer | Format-List BypassFiltering