There’s a new IIS filter module that gets added with the latest CU for Exchange 2016 and 2019.
What this does is enable the AMSI interface to your antivirus, and results in a performance issues in Outlook/OWA/ECP/ActiveSync . The only fix at the moment is to either disable the AMSI interface globally in your antivirus or remove the following line from the web.config in the affected vDirs
<add name=”HttpRequestFilteringModule” type=”Microsoft.Exchange.HttpRequestFiltering.HttpRequestFilteringModule, Microsoft.Exchange.HttpRequestFiltering, Version=15.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35″ />