Endpoint Protection Antimalware Policy SQL 2008
-
Friday, January 25, 2013 2:15 PM
We use SCCM 2012 to manage our antimalware solution (SCEP). We created policies for different servers for example SQL server 2008 R2. We created Endpoint Protection Antimalware policy SQL 2008:
To prevent performance issues MS reccomends to exclude some processes from virus scanning:
- %ProgramFiles%\Microsoft SQL Server\MSSQL10_50.<Instance Name>\MSSQL\Binn\SQLServr.exe
- %ProgramFiles%\Microsoft SQL Server\MSSQL10_50.<Instance Name>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
- %ProgramFiles%\Microsoft SQL Server\MSSQL10_50.<Instance Name>\OLAP\Bin\MSMDSrv.exe
As you can see we currently use MSSQLSERVER as instance name.
Because we use many different SQL instances we need to restrict the ammount of policies to one and don't want to create seperate policies for different SQL instances. Is it possible to use some kind of wildcard, like: %ProgramFiles%\Microsoft SQL Server\MSSQL10_50.*\MSSQL\Binn\SQLServr.exe, where instance name is * ?
Is it also possible to monitor the scan status real time? I would like to see which files are being scanned when starting a quick/full scan. From within the SCEP client it isn't possible.
Hope you could help me out.
Sacha
All Replies
-
Friday, January 25, 2013 4:09 PM
Hey
Thanks for the post ,
As i comprehension Your request - I suggest You to exclude the Parent SQL folder :
%ProgramFiles%\Microsoft SQL Server
It will exclude the all instances under the parent folder .For file process You have to provide full path name .
"to see which files are being scanned when starting a quick/full scan"
You have to create reporting on the sccm for that :
http://technet.microsoft.com/en-us/library/gg712698.aspx
I'd be glad to answer any question
- Proposed As Answer by Nick Gu - MSFTMicrosoft Contingent Staff, Editor Tuesday, January 29, 2013 8:46 AM
- Marked As Answer by Sacha de Haan Thursday, January 31, 2013 10:39 AM
- Unmarked As Answer by Sacha de Haan Friday, February 01, 2013 11:48 AM
- Marked As Answer by Sacha de Haan Friday, February 01, 2013 11:48 AM
-
Thursday, January 31, 2013 10:42 AM
Thanks for the suggestion. It seems logical. I will test the solution in our test environment.
Kind regards
-
Friday, February 01, 2013 10:25 AM
Hi again.
Reporting has been configured already. Any idea which report i need to use?
-
Friday, February 01, 2013 12:02 PM
Follow the link below:
Building Custom Endpoint Protection Reports in System Center 2012 Configuration Manager
Change the structure of the report under the link above and provide a specific parameters for which files are being scanned when starting a quick/full scan .
I'd be glad to answer any question
- Marked As Answer by Sacha de Haan Monday, February 04, 2013 10:56 AM
-
Friday, February 01, 2013 1:54 PM
Thanks again for the quick reply. I understand that i can't use one of the 6 primary out-of-box Endpoint Protection reports, but therefore i need a customized report. It looks like our noses are in the same direction, but i still have some doubts about customizing the report and getting the correct output.
I need to know one thing. After running a quick (or a full) scan on a specific machine (or a collection of machines), i would like to see the output of which files/directories have been scanned, just to be sure if some exclusions i made have been applied. You suggest that after providing specific parameters in the custom report it should be possible to see which files actually have been scanned during the scan. Can you confirm this is the correct assumption?
-
Friday, February 01, 2013 9:37 PM
Yep
If You configure the report with defined parameters that will match for quick or full scan files .
I suggest You for looking intensively trying to encounter it .
I'd be glad to answer any question
- Marked As Answer by Sacha de Haan Monday, February 04, 2013 10:56 AM
-
Monday, February 04, 2013 10:56 AMThanks again! :)
.png)
