Controls/EDCA-RES-002.json
|
{
"id": "EDCA-RES-002", "title": "Unified content cleanup baseline", "description": "The UnifiedContent folder is the temporary staging area used by the Exchange transport pipeline to extract and inspect message content during anti-malware and transport rule processing. The Exchange UnifiedContent temporary store cleanup MUST be configured. Misconfigured cleanup causes progressive disk space accumulation in UnifiedContent folders under ExchangeTransport working directories.", "verify": false, "subject": "Server", "category": "Resilience", "severity": "Low", "severityWeight": 4, "frameworks": [ "Best Practice" ], "references": [ { "name": "CSS UnifiedContentCleanup", "url": "https://microsoft.github.io/CSS-Exchange/Diagnostics/HealthChecker/UnifiedContentCleanup/" } ], "remediation": { "automatable": false, "description": "Add the correct UnifiedContent temp path to %ExchangeInstallPath%\\Bin\\Monitoring\\Config\\AntiMalware.xml to enable the monitoring probe to automatically clean up temp files from the EdgeTransport process.", "scriptTemplate": "# Diagnose: Check UnifiedContent temp directory for stale file accumulation\n$exchPath = $exinstall\nGet-ChildItem (Join-Path $exchPath 'TransportRoles\\data\\Temp\\UnifiedContent') -Recurse -ErrorAction SilentlyContinue | Measure-Object Length -Sum | Select-Object Count, @{N='TotalMB';E={[math]::Round($_.Sum/1MB,2)}}" }, "considerations": "The Unified Content Cleanup task temporarily increases I/O load on the transport database volume when running. Schedule cleanup tasks during low-traffic periods. Cleaning a large accumulated backlog may take extended time.", "roles": [ "Mailbox", "Edge" ] } |