{"id":4396,"date":"2023-02-26T15:02:06","date_gmt":"2023-02-26T14:02:06","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=4396"},"modified":"2023-02-26T15:02:06","modified_gmt":"2023-02-26T14:02:06","slug":"skenirati-vise-exchange-server-objekata","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2023\/02\/26\/skenirati-vise-exchange-server-objekata\/","title":{"rendered":"Skenirati vi\u0161e Exchange server objekata"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\">Kompanija <em>Microsoft<\/em> preporu\u010duje skeniranje vi\u0161e <em>Exchange<\/em> server objekata u potrazi za virusima i drugim zlonamjernim prijetnjama.<\/span><\/p>\n<div id=\"attachment_4393\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-4393\" class=\"size-full wp-image-4393\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/02\/Skenirati-vise-Exchange-server.jpg\" alt=\"Skenirati vise Exchange server objekata\" width=\"1024\" height=\"617\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/02\/Skenirati-vise-Exchange-server.jpg 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/02\/Skenirati-vise-Exchange-server-300x181.jpg 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/02\/Skenirati-vise-Exchange-server-768x463.jpg 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/02\/Skenirati-vise-Exchange-server-18x12.jpg 18w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-4393\" class=\"wp-caption-text\"><em>Skenirati vi\u0161e Exchange server objekata; Dizajn: Sa\u0161a \u0110uri\u0107<\/em><\/p><\/div>\n<p><span style=\"font-size: 14pt;\">U objavi ove sedmice, kompanija <em>Microsoft<\/em> preporu\u010duje administratorima da sada u skeniranje uklju\u010de privremene <em>ASP.NET<\/em> i <em>Inetsrv<\/em> mape, kao i <em>PowerShell<\/em> i <em>w3wp<\/em> procese. Skeniranje ovih objekata \u0107e pomo\u0107i u za\u0161titi od prijetnji kao \u0161to su <em>IIS webshells<\/em> i <em>backdoor<\/em>. \u201c<em>Otkrili smo da neka postojec\u0301a izuzec\u0301a&#8230; vi\u0161e nisu potrebna<\/em>\u201d \u2013 <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/exchange-team-blog\/update-on-the-exchange-server-antivirus-exclusions\/ba-p\/3751464\" target=\"_blank\" rel=\"noopener\">stoji u objavi<\/a>.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h2><span style=\"font-size: 14pt;\"><strong>Uklanjanje izuze\u0107a<\/strong><\/span><\/h2>\n<p><span style=\"font-size: 14pt;\">Uklanjanje ovih objekata sa liste izuze\u0107a (eng. <em>exclusion list<\/em>), prema objavi kompanije <em>Microsoft<\/em>, \u0107e pove\u0107ati <em>Exchange<\/em> server bezbjednost:<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Mape:<\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><em>%SystemRoot%\\Microsoft.NET\\Framework64\\v4.0.30319\\Temporary ASP.NET Files<\/em><\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><em>%SystemRoot%\\System32\\Inetsrv<\/em><\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Procesi:<\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><em>%SystemRoot%\\System32\\WindowsPowerShell\\v1.0\\PowerShell.exe<\/em><\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><em>%SystemRoot%\\System32\\inetsrv\\w3wp.exe<\/em><\/span><\/p>\n<p><span style=\"font-size: 14pt;\"><em>\u00a0<\/em><\/span><\/p>\n<p><span style=\"font-size: 14pt;\">U kompaniji <em>Microsoft <\/em>ka\u017eu da nisu primijetili da uklanjanje ovih objekata sa liste izuze\u0107a uti\u010de na performanse i stabilnost na <em>Exchange Server 2019<\/em> na kojem su primijenjena\u00a0 zadnja dostupna a\u017euriranja uz kori\u0161tenje <em>Windows Defender<\/em> antivirusnog softvera.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Tako\u0111e, smatraju da je uklanjanje ovih objekata sa liste izuze\u0107a bezbjedno i za <em>Exchange Server 2016 <\/em>i <em>Exchange Server 2013 <\/em>(<a href=\"https:\/\/techcommunity.microsoft.com\/t5\/exchange-team-blog\/exchange-server-2013-end-of-support-approaching-fast\/ba-p\/3741491\" target=\"_blank\" rel=\"noopener\">podr\u0161ka prestaje u aprilu<\/a>), uz preporuku da se nakon intervencije serveri prate i da se u slu\u010daju problema ovi objekti vrate na listu izuze\u0107a.<\/span><\/p>\n<p>&nbsp;<\/p>\n<h3><span style=\"font-size: 14pt;\"><strong>Pove\u0107anje bezbjednosti<\/strong><\/span><\/h3>\n<p><span style=\"font-size: 14pt;\">Ova preporuka \u0107e sigurno dobro do\u0107i korisnicima <em>Exchange<\/em> servera, posebno sada kada ovi sistemi postaju veoma popularna meta za zlonamjerne aktere, zbog koli\u010dine osjetljivih podataka smje\u0161tenih u ovim sistemima. Tu se prvenstveno misli na informacije kao \u0161to su titule zaposlenih, kontakt informacije i informacije o organizacionoj strukturi koje mogu biti iskori\u0161tene u <a href=\"https:\/\/sajberinfo.com\/en\/2022\/01\/02\/phishing-meta-su-ljudi-ne-tehnologija\/\" target=\"_blank\" rel=\"nofollow noopener\"><em>phishing<\/em> napadima<\/a>. Napada\u010di u<em> Exchange<\/em> serverima tako\u0111e mogu prona\u0107i informacije kao \u0161to su dozvole u <em>AD<\/em> (<em>Active Directory<\/em>) i informacije o pristupu okru\u017eenima smje\u0161tenim u oblaku.<\/span><\/p>\n<div id=\"attachment_4399\" style=\"width: 1034px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-4399\" class=\"size-full wp-image-4399\" src=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/02\/piqsels.com-iEmail-Communication.webp\" alt=\"Email Communication\" width=\"1024\" height=\"685\" srcset=\"https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/02\/piqsels.com-iEmail-Communication.webp 1024w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/02\/piqsels.com-iEmail-Communication-300x201.webp 300w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/02\/piqsels.com-iEmail-Communication-768x514.webp 768w, https:\/\/sajberinfo.com\/wp-content\/uploads\/2023\/02\/piqsels.com-iEmail-Communication-18x12.webp 18w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><p id=\"caption-attachment-4399\" class=\"wp-caption-text\"><em>Email Communication; Source: <a href=\"https:\/\/www.piqsels.com\/en\/public-domain-photo-zbtiu\/download\" target=\"_blank\" rel=\"noopener\">Piqsels<\/a><\/em><\/p><\/div>\n<h4><span style=\"font-size: 14pt;\"><strong>Lista izuzec\u0301a<\/strong><\/span><\/h4>\n<p><span style=\"font-size: 14pt;\">I pored uklanjanja navedenih objekata sa liste izuze\u0107a, listi ostaje jo\u0161 mnogo objekata. Glavni razlog ta to je \u0161to <a href=\"https:\/\/sajberinfo.com\/en\/2021\/08\/17\/antivirusni-softver\/\" target=\"_blank\" rel=\"nofollow noopener\">antivirusni softveri<\/a> mogu prilikom skeniranja ovih objekata izazvati pad performansi, gre\u0161ke u radu, pa \u010dak i pad sistema.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Postoji realan scenario u kojem <em>Windows<\/em> antivirusni softver mo\u017ee zaklju\u010dati ili staviti u karantin otvoreni dnevnik evidencija (eng. <em>log file<\/em>) ili bazu podataka koju<em> Exchange<\/em> server treba da izmjeni. To mo\u017ee izazvati ozbiljne probleme u radu <em>Exchange<\/em> servera i zato je va\u017eno da se odre\u0111eni objekti nalaze na listi izuze\u0107a od skeniranja za antivirusni softver.<\/span><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"font-size: 14pt;\">Pored toga, <em>Windows <\/em>antivirusni softveri ne mogu zamijeniti namjenske alata za za\u0161titu od ne\u017eeljene elektronske po\u0161te i zlonamjernog softvera, jer oni nisu u mogu\u0107nosti da otkriju prijetnje \u010dija se distribucija vr\u0161i samo preko elektronske po\u0161te.<\/span><\/p>","protected":false},"excerpt":{"rendered":"<p>Kompanija Microsoft preporu\u010duje skeniranje vi\u0161e Exchange server objekata u potrazi za virusima i drugim zlonamjernim prijetnjama. U objavi ove sedmice, kompanija Microsoft preporu\u010duje administratorima da sada u skeniranje uklju\u010de privremene ASP.NET i Inetsrv mape,&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":4393,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[276,77,274,255,61,275],"class_list":["post-4396","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-active-directory","tag-antivirusni-softver","tag-exclusion-list","tag-microsoft-exchange","tag-phishing","tag-powershell"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4396","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=4396"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4396\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/4393"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=4396"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=4396"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=4396"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}