This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(288, 49%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EL%3C/text%3E%3C/svg%3E)
Hi Microsoft Community, may we ask for your help, we already patched our Servers and run the tools from MS and we are fully patched and no malicious files based on Microsoft Safety Scanner. But we can still saw some aspx files and .exe files dropped in our system in our exchange server. The executable files are being blocked by our endpoint protection. May we request for help on what would be our next step for this. Thank you!
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(246.4, 22%, 33%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKY%3C/text%3E%3C/svg%3E)
Hi, @Lyndon
Just checking in to see if above information was helpful. Please let us know if you would like further assistance.
Remove those files?
If you did a full scan and all the other checks pass, then the system is probably ok, but you will need to determine that.
If you have any doubts about the server, rebuild it.
Here is the official guidance:
https://msrc-blog.microsoft.com/2021/03/16/guidance-for-responders-investigating-and-remediating-on-premises-exchange-server-vulnerabilities/