Remove From My Forums

SCCM 2012 Antivirus Exclusions for Servers and Workstations

Question
1

Sign in to vote
Hii,

Just sharing the antivirus exclusions for Configuration Manager 2012 Servers and workstations as well.

Please share if anything is missing.

McAfee Exclusion's for Configuration Manager 2012:

1. C:\Windows\TEMP\BootImages
and subfolders.

2. Directories:

%allusersprofile%\NTUser.pol
%systemroot%\system32\GroupPolicy\registry.pol
%windir%\Security\database\*.chk
%windir%\Security\database\*.edb
%windir%\Security\database\*.jrs
%windir%\Security\database\*.log
%windir%\Security\database\*.sdb
%windir%\SoftwareDistribution\Datastore\Datastore.edb
%windir%\SoftwareDistribution\Datastore\Logs\edb.chk
%windir%\SoftwareDistribution\Datastore\Logs\edb*.log
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00001.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00002.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Res1.log
%windir%\SoftwareDistribution\Datastore\Logs\Res2.log
%windir%\SoftwareDistribution\Datastore\Logs\tmp.edb
%programfiles%\Microsoft Configuration Manager\Inboxes\*.*
%programfiles(x86)%\Microsoft Configuration Manager\Inboxes\*.*
%systemroot%\system32\GroupPolicy\Machine\registry.pol"
%systemroot%\system32\GroupPolicy\User\registry.pol"
\SCCMContentLib
\SMSPKG
\SMSPKGC$
\SMSPKGSIG
\SMSSIG$
\Program Files\SMS_CCM\ServiceData
\Program Files\SMS_CCM\Logs
\Program Files\Microsoft Configuration Manager\Logs
\Program Files\Microsoft Configuration Manager\Install.map
\ConfigurationManager DB
\SMSPKGSIG
\SCCMContentLib
\Sources
\SCCMImages
\DatabaseBackup
\SMSPKGE$
\SMSPKGSIG
\SMSSIG$

3. Processes that will be excluded:

Configuration Manager 2012 processes that will be excluded are:

Smsexec.exe
Ccmexec.exe
CmRcService.exe
Sitecomp.exe
Smswriter.exe
Smssqlbbkup.exe

4. SQL Server Exclusion's:

SQL Server 2012 Processes exclude from virus scanning

%ProgramFiles%\Microsoft SQL Server\MSSQL11. <InstanceName>\MSSQL\Binn\SQLServr.exe
%ProgramFiles%\Microsoft SQL Server\MSRS11. <InstanceName>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
%ProgramFiles%\Microsoft SQL Server\MSAS11. <InstanceName>\OLAP\Bin\MSMDSrv.exe

SQL Server data files



*.mdf
*.ldf
*.ndf

SQL Server backup files

     These files frequently have one of the following file-name extensions:

*.bak
*.trn

Full-Text catalog files

%Program Files%\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\FTData


Analysis Services backup files

     C:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Backup
     C:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Log

5. IIS Exclusions:

* .ida

%systemroot%\IIS Temporary Compressed Files

%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files

6. WSUS Exclusions:

*.cab

\WSUS\WSUSContent
\WSUS\UpdateServicesDBFiles
\SoftwareDistribution\Datastore
\SoftwareDistribution\Download

Reference Links:

https://community.mcafee.com/thread/59504
http://www.systemcenterblog.nl/2012/05/09/anti-virus-scan-exclusions-for-configuration-manager-2012/
http://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx
http://support.microsoft.com/kb/309422
http://support.microsoft.com/kb/821749
http://support.microsoft.com/kb/817442
http://support.microsoft.com/kb/900638/en-us
http://technet.microsoft.com/en-us/library/dd939908(WS.10).aspx#av

McAfee Exclusions for workstations:

Turn off scanning of Windows Update or Automatic Update related files

Turn off scanning of the Windows Update or Automatic Update database file (Datastore.edb). This file is located in the following folder:

%windir%\SoftwareDistribution\Datastore

Turn off scanning of the log files that are located in the following folder:

%windir%\SoftwareDistribution\Datastore\Logs

Specifically, exclude the following files:

Res*.log
Edb*.jrs
Edb.chk
Tmp.edb

Turn off scanning of Windows Security files

Add the following files in the %windir%\Security\Database path of the exclusions list:

*.edb
*.sdb
*.log
*.chk
*.jrs

Turn off scanning of Group Policy related files

Group Policy user registry information. These files are located in the following folder:

%allusersprofile%\

Specifically, exclude the following file:

NTUser.pol

Group Policy client settings file. This file is located in the following folder:

%Systemroot%\System32\GroupPolicy\

Specifically, exclude the following file: Registry.pol

For the configuration manager clients the following exclusion will be added:

%windir%ccmcache

\SoftwareDistribution\Datastore
\SoftwareDistribution\Download

Reference Links:
http://support.microsoft.com/kb/822158/en-us

Regards, Syed Fahad Ali
- Edited by Syed Fahad Ali Thursday, December 12, 2013 4:56 PM
Thursday, December 12, 2013 4:54 PM

Reply

|

Quote

Answers

0

Sign in to vote
Thanks for sharing this.. Many people will find this useful.
http://www.enhansoft.com/
- Marked as answer by Xin GuoMicrosoft contingent staff, Moderator Friday, December 20, 2013 9:57 AM
Saturday, December 14, 2013 5:03 PM

Reply

|

Quote

Moderator

All replies

0

Sign in to vote
Thanks for sharing this.. Many people will find this useful.
http://www.enhansoft.com/
- Marked as answer by Xin GuoMicrosoft contingent staff, Moderator Friday, December 20, 2013 9:57 AM
Saturday, December 14, 2013 5:03 PM

Reply

|

Quote

Moderator
0

Sign in to vote

Thank you for the comment :)
Regards, Syed Fahad Ali

Monday, December 16, 2013 3:28 PM

Reply

|

Quote
0

Sign in to vote

Hello Syed

No suggestions we found to exclude \SoftwareDistribution\Download, so is it required to exclude the folder?

LMS

Sunday, August 9, 2015 6:32 AM

Reply

|

Quote
0

Sign in to vote

Is most of this list still relevant in SCCM CB?

Tuesday, April 5, 2016 9:52 PM

Reply

|

Quote
0

Sign in to vote
Is most of this list still relevant in SCCM CB?

100% of it still applies.
Garth Jones

Blog: http://www.enhansoft.com/blog Old Blog: http://smsug.ca/blogs/garth_jones/default.aspx

Twitter: @GarthMJ Book: System Center Configuration Manager Reporting Unleased
- Proposed as answer by Sreenivas C Friday, May 20, 2016 5:54 AM
Tuesday, April 5, 2016 9:59 PM

Reply

|

Quote

Moderator
0

Sign in to vote

Ok thanks for the quick response.

Tuesday, April 5, 2016 10:05 PM

Reply

|

Quote
0

Sign in to vote
Thanks Garth for sharing this info.

What are the issues we may expect if these AV exclusions are not placed?

Do we need to exclude provided full folders or only following processes for the above folders?

Smsexec.exe
Ccmexec.exe
CmRcService.exe
Sitecomp.exe
Smswriter.exe
Smssqlbbkup.exe
- Edited by Sreenivas C Friday, May 20, 2016 5:53 AM
Friday, May 20, 2016 5:50 AM

Reply

|

Quote
0

Sign in to vote
There is no pre-defined set of issues, if they are not done. However at a minimum you can expect your AV software to slow down your site server.
Garth Jones

Blog: http://www.enhansoft.com/blog Old Blog: http://smsug.ca/blogs/garth_jones/default.aspx

Twitter: @GarthMJ Book: System Center Configuration Manager Reporting Unleased
- Proposed as answer by Sreenivas C Friday, May 20, 2016 4:38 PM
Friday, May 20, 2016 2:07 PM

Reply

|

Quote

Moderator
0

Sign in to vote
Can you please assist on the below query pls.

Do we need to exclude provided full folders(Directories) or only following processes for the above folders?

Smsexec.exe
Ccmexec.exe
CmRcService.exe
Sitecomp.exe
Smswriter.exe
Smssqlbbkup.exe

First off if this is urgent then you should open a Support case with CSS, they will work with you to solve this problem. Forums are for admin to help other admins, there is no guarantee that anyone will ever answer your questions. As such you should wait a minimum of 7 days before "bumping" a post.

No one can answer this question for you, as each AV software is different. You will need to talk to you AV person and ask them.

BTW I was travelling yesterday and as such we no where near the forums.

Garth Jones

Blog: http://www.enhansoft.com/blog Old Blog: http://smsug.ca/blogs/garth_jones/default.aspx

Twitter: @GarthMJ Book: System Center Configuration Manager Reporting Unleased
Saturday, May 21, 2016 1:57 PM

Reply

|

Quote

Moderator
0

Sign in to vote

Would you happen to know which file and folders should be excluded for System Center Endpoint Protection? Yes, we are running 2 anti-virus applications at the same time.

Friday, November 18, 2016 10:10 PM

Reply

|

Quote
0

Sign in to vote

That's great do you have same for Symantec too or is it same for all antivirus?

Devraj88

Monday, July 16, 2018 8:56 AM

Reply

|

Quote
0

Sign in to vote

it is the same for all av.
Garth Jones

Blog: https://www.enhansoft.com/blog Old Blog: https://sccmug.ca/

Twitter: @GarthMJ Book: System Center Configuration Manager Reporting Unleashed

Monday, July 16, 2018 11:44 AM

Reply

|

Quote

Moderator

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

SCCM 2012 Antivirus Exclusions for Servers and Workstations

Question

Answers

All replies