This new recommendation from Microsoft demonstrates how adding over-encompassing AV exclusions can negatively impact and organization’s security. Especially in the current threat landscape, many actors make use of PowerShell and malicious IIS extensions to perform their attacks. Having these exclusions in place allows for a large gap in visibility where the threat actors can go unnoticed. On top of removing these exclusions and following the other recommendations from Microsoft, it is also recommended to frequently review exclusions that are in place to ensure that they are relevant and not too broad. Additionally, it is recommended to ensure that your security teams are aware of the dangers of over-excluding and how it could lead to a breach of the organization.
https://www.bleepingcomputer.com/news/security/microsoft-urges-exchange-admins-to-remove-some-antivirus-exclusions/
