question

JonSmith-8704 avatar image
0 Votes"
JonSmith-8704 asked KaelYao-MSFT commented

Exchange Server 2016 Update-Malware

Why is the malware definition version so far behind?
I manually updated the Exchange Server Malware and the out put is
Engine Version : 1.1.18000.5
Signature Version : 1.335.1406.0


The current virus and malware version is suppose to be :
Version: 1.335.1416.0
Engine Version: 1.1.18000.5
Platform Version: 4.18.2103.7
Released: 4/22/2021 1:33:48 PM


This leaves Exchange vulnerable since it is out -dated. The url provided doesn't appear to be accessible.

Microsoft get it TOGETHER!!! I would say that this is a bug that requires a hotfix wouldn't you?

office-exchange-server-administration
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Mine shows updated today:


MS Filtering Engine Update process performed a successful scan engine update.
Scan Engine: Microsoft
Update Path: http://amupdatedl.microsoft.com/server/amupdate
Last Update time:‎2021‎-‎04‎-‎22T16:33:44.000Z
Engine Version:1.1.18000.5
Signature Version: 1.335.1416.0

Sure its not an issue on your end?

0 Votes 0 ·

Yes but that is not the current Signature version. If you do not update the PrimaryUrlPath you will not get the current Engine and Signature version. Thus the virus/malware scans will not catch any virus/malware that has been updated.

0 Votes 0 ·

The Malware version on Exchange is not the latest version The version on the server is 1.335.1406.0.
The latest version is 1.335.1416.0. from the link
https://www.microsoft.com/en-us/wdsi/defenderupdates


Why is Exchange not getting the latest definitions?

Can you see that this is an issue?

0 Votes 0 ·

The issue is that the default url is wrong.

http://forefrontdl.microsoft.com/server/scanengineupdate

is the correct Update Path.

This is definitely a mis configuration and the documentation is also incorrect.
https://docs.microsoft.com/en-us/powershell/module/exchange/set-malwarefilteringserver?view=exchange-ps

The default is http://amupdatedl.microsoft.com/server/amupdate and needs to be changed.


0 Votes 0 ·

1 Answer

KaelYao-MSFT avatar image
0 Votes"
KaelYao-MSFT answered KaelYao-MSFT commented

Hi @JonSmith-8704

I checked it in my lab. The scan engines can be updated successfully via the update path: http://amupdatedl.microsoft.com/server/amupdate
90509-25.png

Can you find some Event 6027 in the Event Viewer > Windows log > Application indicating a failed update?
If any, please post a screenshot or post in text of the detailed information.
(Don't forget to hide your personal information)


If you would like to change the update path anyway, you may use this command via EMS:

 Set-MalwareFilteringServer <server name> -PrimaryUpdatePath http://forefrontdl.microsoft.com/server/scanengineupdate

Or you may also refer to the following link to use Update-Engines.ps1 script to manually update scan engines:
Manually update scan engines in Exchange Server


If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


25.png (30.0 KiB)
· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks I already did that. I would say that the PrimaryUrlPath should be set to a url that works from the default installation.

0 Votes 0 ·

Hi,
Does the server automatically download the updates after changing the path to http://forefrontdl.microsoft.com/server/scanengineupdate?
I suppose that the issue may be caused by some network problems between your server and the path http://amupdatedl.microsoft.com/server/amupdate.

0 Votes 0 ·

Hi @JonSmith-8704

I am writing here to confirm with you how thing going now?
If you have any questions or needed further help on this issue, please feel free to post back.

0 Votes 0 ·
Show more comments