How can defenders detect and prevent malicious Transport Agent backdoors on Exchange?

Defenders should regularly list all installed transport agents using `Get-TransportAgent` in Exchange PowerShell and verify their legitimacy, especially after any service restart. Monitoring for unexpected DLLs in the Exchange Public folder and reviewing event logs for suspicious agent loading can also help. Since attackers may combine this with other persistence methods, such as via TelemetryController, it is crucial to adopt a layered defense as discussed in Analysis of Backdoor Implementation Using TelemetryController.