GreenPages Blog

As an IT professional, you need to stay current on all things tech; with articles from industry experts and GreenPages' staff, you get the info you need to help your organization compete and succeed!

All Posts

One Script to Mitigate, Scan for Malware, & Repair On-Premises Exchange Servers!

By Randy Becker, CISO & VP, Network and Security Consulting

Microsoft just released a new PowerShell script called the Exchange On-premises Mitigation Tool (EOMT).

This single script will automatically grab necessary downloads and dependencies for mitigation and malware scan, and reverse changes made by known threats.

How Does the Exchange On-premises Mitigation Tool Work?

For this to work, the script assumes your Exchange servers have secure outbound access to Microsoft. The tool will automatically perform the following and make everyone’s lives a lot easier by quickly implementing a mitigation. How the script works:
• Automatically mitigates against current known attacks using CVE-2021-26855 using a URL Rewrite configuration.
• Runs a malware scan of the Exchange Server using the Microsoft Safety Scanner.
• Attempts to reverse any changes made by identified threats.

Visual of how the EOMT works
Microsoft Exchange On-Premises Mitigation Tool

As directed by Microsoft: as with any tool, you should understand the following before running:

  • The Exchange EOMT is only effective against known attacks and is not guaranteed to mitigate all possible future attack techniques. This is a temporary mitigation until your Exchange servers can be fully updated as outlined in Microsoft’s previous guidance.
  • Microsoft recommends this script over the previous ExchangeMitigations.ps1 script as it is based on the latest threat intelligence. If you have already started with the other script, it is fine to switch to this one.
  • This is a recommended approach for Exchange deployments with Internet access and for those who want to attempt automated remediation.
  • So far, Microsoft has not observed any impact to Exchange Server functionality when using this tool.

Who should run the Exchange On-premises Mitigation Tool?



If you have done nothing to date to patch or mitigate this issue.


Run EOMT.PS1 as soon as possible. This will both attempt to remediate as well as mitigate your servers against further attacks. Once complete, follow patching guidance to update your servers on


If you have mitigated using any/all of the mitigation guidance Microsoft has given (Exchangemitigations.Ps1, Blog posts, etc.)


Run EOMT.PS1 as soon as possible. This will both attempt to remediate as well as mitigate your servers against further attacks. Once complete, follow patching guidance to update your servers on



If you have already patched your systems and are protected, but did NOT investigate for any adversary activity, indicators of compromise, etc.


Run EOMT.PS1 as soon as possible. This will attempt to remediate any existing compromise that may not have been fully remediated before patching.


If you have already patched and investigated your systems for any indicators of compromise, etc.

No action is required


If you would like strategic direction to strengthen your security stance, reach out to your GreenPages Account Executive who can connect you with a Security Engineer or reach out to us!

Randy Becker 2

Randy is responsible for GreenPages’ overall cyber security strategy, including developing comprehensive policies and procedures to protect critical applications while ensuring business agility and velocity. With more than 30 years in the IT industry, Randy has strong expertise in cyber security and risk management; security operations and optimization; infrastructure modernization; and hybrid cloud architecture, design, and implementation.


Related Posts

The Benefits of Microsoft Intune Suite for Modern Workplaces

By Josh Morganthall, Microsoft Practice Manager, GreenPages Microsoft Intune Suite unifies several endpoint management and security solutions into one bundle. In this blog post, I discuss the business value of Microsoft's cloud-based service and the operational efficiencies and enhanced user experience it brings to IT teams and users. 

CIO Fireside Chat Recap: Cloud & FinOps

By Mario Brum, VP of Practice Area and Technical Advisory Services Mario hosted the second in GreenPages' ongoing series of CIO Fireside Chats discussing how an industry-leading retail technology company partnered with GreenPages to use FinOps for optimizing the company's cloud costs. 

Preparing Your Business for the End of Windows Server 2012 Support

By Josh Morganthall, GreenPages Senior Solutions Architect for Microsoft Cloud In this blog post, Josh outlines the steps that CIOs need to take to prepare for Windows Server 2012 reaching its end of support on October 10, 2023 to ensure their IT operations remain secure, productive, and running without interruption.