Hi,
as per the advice give in the article:
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
I have run the powershell command to identify any logfile entries on each of my exchange servers.
A couple of hits have been returned, but I cannot find the entries in the corresponding autodiscover log files on any servers.
Eg.
DateTime AnchorMailbox
2021-03-03T07:10:58.123Z ServerInfo~a]@servername.domain.local:444/autodiscover/autodiscover.xml?#
I've looked at the logs for the corresponding timeframe in the following locations, on all servers:
%PROGRAMFILES%\Microsoft\Exchange Server\V15\Logging\Autodiscover
%PROGRAMFILES%\Microsoft\Exchange Server\V15\Logging\HttpProxy\Autodiscover
Am I looking in the wrong place for these log files?
Thanks