Database scan account details

This dialog window displays if you have not specified a user name and a password for Database scan. Specify the credentials of the user who has access to EWS (Exchange Web Services) in this pop-up window and click OK. Alternatively, go to Advanced setup by pressing F5 and navigate to Server > On-demand mailbox database scan. Type the Username, click Set, enter the password for this user account and click OK.

Click the check box next to Save account information to save account settings. Otherwise, you will be prompted to enter the account information every time you run an On-demand mailbox database scan.


If a user account does not have appropriate access to Exchange Web Services (EWS), you can select Create "ApplicationImpersonation" role assignment to assign this role to the user account. Alternatively, you can assign the ApplicationImpersonation role manually, see the note below for details.


Scan account must have the ApplicationImpersonation role assigned to allow the scan engine to scan user mailboxes within Exchange mailbox database(s). If you are running Exchange Server 2010 or newer, a new unlimited EWS Throttling Policy is created for the user account. Make sure to configure the EWS Throttling Policy for the scan account to avoid too many operation requests by ESET Mail Security, which might otherwise cause some of the requests to timeout. See EWS Best Practices exlink and Understanding Client Throttling Policies exlink articles to learn about the Throttling Policies. Also, see Change user throttling settings for specific users exlink article for further details and examples.

If you want to assign ApplicationImpersonation role to a user account manually and create new EWS Throttling Policy for this account, you can use the following commands (replace ESET-user with an actual account name in your system, you can also set limits for the EWS Throttling Policy by replacing $null with numbers):

Exchange Server 2007

Get-ClientAccessServer | Add-AdPermission -User ESET-user -ExtendedRights ms-Exch-EPI-Impersonation

Get-MailboxDatabase | Add-AdPermission -User ESET-user -ExtendedRights ms-Exch-EPI-May-Impersonate

Exchange Server 2010

New-ManagementRoleAssignment -Name:ESET-ApplicationImpersonation -Role:ApplicationImpersonation -User ESET-user

This might take a few moments to apply

New-ThrottlingPolicy -Name ESET-ThrottlingPolicy -EWSFindCountLimit $null -EWSFastSearchTimeoutInSeconds $null -EWSMaxConcurrency $null -EWSPercentTimeInAD $null -EWSPercentTimeInCAS $null -EWSPercentTimeInMailboxRPC $null

Set-ThrottlingPolicyAssociation -Identity user-ESET -ThrottlingPolicy ESET-ThrottlingPolicy

Exchange Server 2013, 2016 and 2019

New-ManagementRoleAssignment -Name:ESET-ApplicationImpersonation -Role:ApplicationImpersonation -User ESET-user

This might take a few moments to apply

New-ThrottlingPolicy -Name ESET-ThrottlingPolicy -EWSMaxConcurrency Unlimited -EwsCutoffBalance Unlimited -EwsMaxBurst Unlimited -EwsRechargeRate Unlimited

Set-ThrottlingPolicyAssociation -Identity ESET-user -ThrottlingPolicy ESET-ThrottlingPolicy