Share via

Exchange Server 2019 running slowly after recent Microsoft Defender update

Visham Pati 40 Reputation points
2025-11-04T09:36:17.1633333+00:00

I’m looking for some advice regarding a performance issue that started right after Microsoft Defender Antivirus updated on our Exchange Server 2019 environment. Since the update, the server has been noticeably slower: mail flow is delayed, Outlook clients take longer to connect, and CPU usage goes higher than usual at random times.

A quick restart of the Transport or Information Store services helps for a short while, but the slowdown comes back. I’m suspecting Defender might be scanning or interfering with Exchange components again. It looks like some of the standard Exchange AV exclusions may have been reset or no longer applied after the Defender engine update. Apart from this performance issue, the server health checks are normal and there are no clear errors in the logs.

Exchange | Exchange Server | Management
Exchange | Exchange Server | Management
The administration and maintenance of Microsoft Exchange Server to ensure secure, reliable, and efficient email and collaboration services across an organization.
0 comments
Answer accepted by question author
  1. Steven-N 12,790 Reputation points Microsoft External Staff Moderator
    2025-11-04T10:49:19.7533333+00:00

    Hi Visham Pati

    Thank you for reaching out to Microsoft Q&A

    Based on my research, this unexpected behavior often occurs after antivirus updates in Exchange environments. Microsoft Defender’s enhanced real-time scanning can sometimes scan critical Exchange components like database files (.edb), log files (.log), queue files (.que), or processes such as MSExchangeTransport.exe and MSExchangeIS.exe.

    Although Defender updates don’t usually reset exclusions (since they’re stored in the registry), problems arise if exclusions were incomplete, overridden by Group Policy, or not fully aligned with newer scanning behavior. The result is periodic performance slowdowns without clear error logs, as the impact comes from background resource contention rather than direct failures.

    To solve these behaviors, you can start by checking your current Microsoft Defender exclusions using PowerShell. Open an elevated session and run:

    Get-MpPreference | Select-Object ExclusionPath, ExclusionProcess, ExclusionExtension

    This lets you confirm whether all key Exchange folders (like %ExchangeInstallPath%Mailbox), processes, and file extensions are properly excluded.

    Additionally, if any exclusions are missing, reapply Microsoft’s recommended settings using their automated script. Download and run Set-ExchAVExclusions.ps1 from https://microsoft.github.io/CSS-Exchange/Setup/Set-ExchAVExclusions/ in the Exchange Management Shell. This script automatically adds all the necessary exclusions and logs the changes in C:\SetExchAvExclusions.log.

    After that, restart the affected services:

    Restart-Service MSExchangeTransport  
Restart-Service MSExchangeIS

    Then monitor your server for 24–48 hours and check Perfmon for queue length and CPU usage, and review Defender event logs for any scan-related slowdowns.

    If performance issues persist, try temporarily disabling real-time protection for testing, make sure your Exchange server has the latest Cumulative Update, and if needed, open a Microsoft Support ticket with your exclusion audit logs.

    Best regards

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".     

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.