Antimalware Scan Engine Test

Malware is comprised of viruses and spyware. Viruses infect other programs and data, and they spread throughout your computer looking for programs to infect. Spyware refers to malware that gathers your personal information, such as sign-in information and personal data, and sends it back to its author. The Microsoft Exchange Server 2013/2016 anti-malware protection feature helps combat malware in your email messaging environment. 

There are several anti-malware protection options in Exchange 2013/2016:

  • Built-in anti-malware protection in Exchange 2013/2016   You can use the built-in Exchange on-premises anti-malware protection feature in order to help you combat malware. This basic anti-malware protection can be turned off, replaced, or paired with a cloud-based service (such as Microsoft Exchange Online Protection or Microsoft Forefront Online Protection for Exchange) to provide a layered defense.
  • Cloud-hosted anti-malware protection   You can elect to purchase the Microsoft Forefront Online Protection for Exchange (FOPE) hosted email filtering service or the next version of this service, Exchange Online Protection (EOP). The service leverages partnerships with several best of breed anti-malware engines, thereby providing efficient, cost effective, multi-layered anti-malware protection.

Regardless of which option you choose, you need to ensure that the anti-malware engine functions in an error-free manner and is able to protect your critical email communication from harm. This is why you need the Antimalware Scan Engine test from eG. This test auto-discovers the anti-malware scan engines in use in your environment, and for each engine, captures errors in engine functioning and reveals how quickly the engine scans messages and detects malware. In the process, the test sheds light on an engine’s incapacities.

Target of the test : An Exchange 2013/2016 server

 Agent deploying the test : An internal agent

Outputs of the test : One set of results for envery anti-malware scan engine deployed on the Exchange 2013/2016 server being monitored

Configurable parameters for the test

  • Test period - How often should the test be executed
  • Host - The host for which the test is to be configured.
  • port – The port at which the host listens.
  • Measurements made by the test
    Measurement Description Measurement Unit Interpretation

    Engine errors:

    Indicates the number of engine errors in the last number.


    Ideally, the value of this measure should be 0. A non-zero value is indicative an unhealthy engine.

    Items processed rate:

    Indicates the rate at which this engine processes items.


    A consistent drop in this rate could indicate a processing bottleneck on the engine.

    Malware items detected:

    Indicates the number of items detected by this engine as containing malware.



    A high value could indicate an infestation.

    Average malware scan time per item:

    Indicates the average time that this engine took per item to scan for malware.


    Ideally, the value of this measure should be low. A high value could indicate slowness when scanning, and warrants further investigation.