none
Anti-virus Scan Exclusions for SCCM

    Question

  • Does anyone know which directories and/or files should be excluded from your anti-virus scan solution?  My new SCCM server sits on a local SQL box.

    Wednesday, April 09, 2008 10:14 PM

Answers

  • I've not seen an official list, but I'd exclude the entire folder that you installed Configuration Manager to, both server roles and client.

     

    I know for SMS 2003 ITMU we had a release note on it for clients.

     

    Saturday, April 12, 2008 3:26 AM

All replies

  • I've not seen an official list, but I'd exclude the entire folder that you installed Configuration Manager to, both server roles and client.

     

    I know for SMS 2003 ITMU we had a release note on it for clients.

     

    Saturday, April 12, 2008 3:26 AM
  • Thanks for the update!  I also found some info online suggesting to exclude the folder that the SCCM inbox sits in

     

    Wednesday, May 14, 2008 6:04 PM
  • That would be included in the path I said "The entire path Configuration Manager is installed to" :-)

    Wednesday, May 14, 2008 10:40 PM
  • There is a template white paper kicking around that details all sorts of anti-virus exclusions for Microsoft products.  It had up to SMS 2003, but I'm guessing you can roughly use the same folders for ConfigMgr.  It used to be hosted on myITforum.com, but it looks as if the link is now gone.  I can send you a copy off line if you like.

    Tom Watson
    Wednesday, June 18, 2008 7:04 AM
  • That was indeed the one.  Was the file restored?  Or was I havering?

    Tom
    Monday, July 07, 2008 8:20 PM
  • Nah...I think it was also in another spot.  I just posted the update so I can go looking for the other one.  This is the most current, though -- yet it doesn't include ConfigMgr 2007 specifically.  We'll have to edit that doc to make it accurate.

     

    Monday, July 07, 2008 9:35 PM
  • Ah, I found it.  It was an old Newsletter:-

    http://myitforum.com/cs2/blogs/newsletter/archive/2007/10.aspx

    that linked to:-

    http://myitforum.com/cs2/files/folders/proddocs/entry106397.aspx

    which came up with "Post Not Found".

    Tom
    Tuesday, July 08, 2008 8:23 AM
  •  

    anyone ever find an updated MS document on this?
    Monday, November 03, 2008 9:58 PM
  • Deep in the bowels of the SCCM 2007 online documentation is the recommendations for improving SCCM performance. No specific section in the document addresses antivirus exclusions exclusively. Nor do they provide the exact paths to exclude. They leave you to figure this out on your own, and that can be fun if your using x64 platforms with x86 information, or your admin setup customized paths. 

    1st article applies to SMS 2003 and below, so I am not 100% if that applies but it may be relevant
    http://support.microsoft.com/kb/327453

    2nd piece of information comes directly from the SCCM documentation and it's located here. Dig down until you get into the performance section and they will generically say exclude the inbox directories. SCCM accesses this location frequently, and it can cause serious performance issues with Disk and CPU utilization.
    http://technet.microsoft.com/en-us/library/bb932186.aspx


    Here's some general steps to test if the exclusion works properly:

    1. Duplicate the EICAR antivirus test string and put it in a text file (disable AV while doing this). Test string can be found here: http://www.eicar.org/anti_virus_test_file.htm

    2. Place the test string file in the folder you desire to be excluded (assuming your excluding a directory).

    3. Enable your antivirus and run a full SYSTEM SCAN, not a On-Demand directory scan of the excluded location. On-Demand type scans will likely ignore the exclusion you setup.

    If nothing is detected, you exclusion should be setup properly. You can verify by doing a scan on the actual excluded director, or you can remove the exclusion and rescan (time consuming but worth it).

    I have seen other recommendations and have written some in the McAfee antivirus forums. Good place to look for consolidated exclusion recommenations btw...


    Regards,

    Robert

    p.s. Don't forget to setup your SQL and SCCM client exclusions
    • Proposed as answer by Robert_IT Wednesday, January 06, 2010 6:24 PM
    Wednesday, January 06, 2010 6:12 PM
  • so with Article 1 from Robert's post, show reflection to 2 and 2k3, i guess excluding the entire CM folder? and how about the Patch folders? we are in the midst of deploying the upgrade of our AV solution and i have asked them to exclude our SCCM for now until i can find an answer on exclusions.

     

     

     


    thomas gonzalez
    Friday, April 09, 2010 5:00 PM