After CU19 Patch and Critical Patches are applied in Exchange2016(CU19). How to check HAFNIUM is Still Affected ?

Sathishkumar Singh 486 Reputation points
2021-03-14T14:26:26.033+00:00

Hello Support

After CU19 Patch and Critical Patches are applied in Exchange2016(CU19). How to check HAFNIUM is Still Affected or Healthy ?
https://learn.microsoft.com/en-us/windows/security/threat-protection/intelligence/safety-scanner-download
and also tried it Scan nothing is found.

How do i ensure. there is no Critical or still attacked my Exchange Server?

Can you please provide clear steps to procced result to Higher Management about the Status of the Exchange Server

Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,375 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andy David - MVP 145.1K Reputation points MVP
    2021-03-15T14:43:24.957+00:00

    Suspicious activity doenst necessarily mean you have been compromised.
    If the Scanner didnt show any malware, you are probably ok.
    Contact VMWare support about that file if you are unsure about it, but it sounds normal:

    https://vdc-repo.vmware.com/vmwb-repository/dcr-public/65a6e9e9-b99a-4512-be4a-4f8c8a37f447/eaba77ee-d4ff-4f73-97df-2d15c39fcd56/doc/vddkBkupVadp.9.6.html
    When performing VSS quiescing while creating the snapshot of a Windows virtual machine, VMware Tools generate a vss-manifest.zip file containing the backup components document (BCD) and writer manifests. The host agent stores this manifest file in the snapshotDir of the virtual machine. Backup applications should get the vss-manifest.zip file so they can save it to backup media.

    0 comments No comments

3 additional answers

Sort by: Most helpful
  1. Andy David - MVP 145.1K Reputation points MVP
    2021-03-14T14:38:01.253+00:00

    If you found nothing, then that is a good sign.
    I would recommend installing a anti-malware solution to the Exchange Server.

    https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/

    0 comments No comments

  2. Eric Yin-MSFT 4,386 Reputation points
    2021-03-15T02:13:33.837+00:00

    If you have passed the checks listed here and the Safety Scanner, that should be safe.


    If an Answer is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  3. Sathishkumar Singh 486 Reputation points
    2021-03-15T16:37:50.443+00:00

    Many thanks for feedback AndyDavid

    is there any way to disable EAC access for External Access(Globally) Should not able to access
    Only internally should work

    Right now external access has been given https://tls.com/ecp

    if i remove and restart the IIS Service fine?

    77847-image-2021-03-15t16-41-35-287z.png