Hi All,
We have run scanner on both of our exchange 2016 servers and one came back positive and the other negative.
However, on both servers, these files are .aspx files in %PROGRAMFILES%\Microsoft\Exchange Server\V15\FrontEnd\HttpProxy\owa\auth\:
errorFE.aspx
ExpirtedPassword.aspx
frowny.aspx
logoff.aspx
logon.aspx
OutlookCN.aspx
RedirSuiteServiceProxy.aspx
signout.aspx
Are these file normal in exchange 2016?
Also these files were created way before the attack.


