Exchange Servrer Malware Filtering issue.

Hi All,

Our Exchange Server 2016 have enabled Malware Filtering features. I discovered that all Windows application logs appear Windows Event ID 6035. Sometimes, event ID 6032 and 6027. All definition download cannot update. Can anyone help?

Event ID : 6035

MS Filtering Engine Update process was unsuccessful in testing an engine update.

Engine Microsoft

LastCheckedTime2021-12-12T01:55:19.000Z

Event ID : 6032

MS Filtering Engine Update process has timed out on the downloaded of an update for Microsoft engine.

Event ID : 6027

MS Filtering Engine Update process was unsuccessful to download the engine the engine update for Microsoft from Primary Update Path.

Update Path:http://amupdatedl.microsoft.com/service/amupdate

UpdateVersion0

Reason: "There was a catastrophic error while attempting to update the engine. Error: DownloadEngine failed and there are no further update paths available. Engine Id: 1 Engine Name: Microsoft"

Best Regards,

ScanDisk

ExchangeWindows OSMicrosoft

Last Comment

Borland dBase III Plus

8/22/2022 - Mon

E C

12/12/2021

Is Windows Firewall running on the Exchange server and possibly blocking the connection?
If not, is there another firewall further upstream that is blocking it? (You should be able to view logs on the firewall)
Is the hard drive full?
Does the Exchange directory have correct write permissions assigned? (In this directory make sure Network Service has Full Control permissions > ExchangeInstallPath \V15\FIP-FS\Data\Engines\amd64
Has it ever worked or did it just start happening?
Are you running the latest Cumulative Update on Exchange?

Borland dBase III Plus

12/12/2021

ASKER

Hi EC,

1. Windows Firewall is turn off on the Exchange Server.
2. There is no any blocking rule for any traffic from Exchange Server to internet and I did not find any outgoing traffic of Exchange Server block by Internet firewall.
3. There is 390GB disk space on Exchange Install Path.
4. There are full control permissions in ExchangeInstallPath \V15\FIP-FS\Data\Engines\amd64 for Network Service.
5. It seems that it has not ever worked.
6. I have upgraded Exchange Server 2016 to CU22 two day ago (2021-12-11).

I have found many article on internet, but it seems that no any solution work until now.

Best Regards,
ScanDisk.

M A

12/12/2021

Hi,
If you have IPS enabled in firewall. Please disable it for some time and check.

Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!

Walt Forbes

Michael B. Smith

12/13/2021

This article goes into detail as to the requirements for download those updates and how to manually execute the process: https://docs.microsoft.com/en-us/exchange/antispam-and-antimalware/antimalware-protection/download-antimalware-updates?view=exchserver-2016

Borland dBase III Plus

12/13/2021

ASKER

Hi M A,
I have disabled the IPS function in internet security endpoint on Exchange Server. However, all definition download still cannot update on Exchange Server,

Hi Michael,
I have read this article before, I have followed the steps to update manually, but still failure.

No any idea to fix this issue. :(

Best Regards,
ScanDisk

Michael B. Smith

12/14/2021

Can you access the path? http://forefrontdl.microsoft.com/server/scanengineupdate

⚡ FREE TRIAL OFFER

Try out a week of full access for free.

Find out why thousands trust the EE community with their toughest problems.

ASKER CERTIFIED SOLUTION

Borland dBase III Plus

12/22/2021

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.

View this solution by signing up for a free trial.

Members can start a 7-Day free trial and enjoy unlimited access to the platform.