Answered by:
SCCM 2012 Antivirus Exclusions for Servers and Workstations

Question
-
Hii,
Just sharing the antivirus exclusions for Configuration Manager 2012 Servers and workstations as well.
Please share if anything is missing.
McAfee Exclusion's for Configuration Manager 2012:
1. C:\Windows\TEMP\BootImages
and subfolders.2. Directories:
%allusersprofile%\NTUser.pol
%systemroot%\system32\GroupPolicy\registry.pol
%windir%\Security\database\*.chk
%windir%\Security\database\*.edb
%windir%\Security\database\*.jrs
%windir%\Security\database\*.log
%windir%\Security\database\*.sdb
%windir%\SoftwareDistribution\Datastore\Datastore.edb
%windir%\SoftwareDistribution\Datastore\Logs\edb.chk
%windir%\SoftwareDistribution\Datastore\Logs\edb*.log
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00001.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00002.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Res1.log
%windir%\SoftwareDistribution\Datastore\Logs\Res2.log
%windir%\SoftwareDistribution\Datastore\Logs\tmp.edb
%programfiles%\Microsoft Configuration Manager\Inboxes\*.*
%programfiles(x86)%\Microsoft Configuration Manager\Inboxes\*.*
%systemroot%\system32\GroupPolicy\Machine\registry.pol"
%systemroot%\system32\GroupPolicy\User\registry.pol"
\SCCMContentLib
\SMSPKG
\SMSPKGC$
\SMSPKGSIG
\SMSSIG$
\Program Files\SMS_CCM\ServiceData
\Program Files\SMS_CCM\Logs
\Program Files\Microsoft Configuration Manager\Logs
\Program Files\Microsoft Configuration Manager\Install.map
\ConfigurationManager DB
\SMSPKGSIG
\SCCMContentLib
\Sources
\SCCMImages
\DatabaseBackup
\SMSPKGE$
\SMSPKGSIG
\SMSSIG$
3. Processes that will be excluded:
Configuration Manager 2012 processes that will be excluded are:
- Smsexec.exe
- Ccmexec.exe
- CmRcService.exe
- Sitecomp.exe
- Smswriter.exe
- Smssqlbbkup.exe
4. SQL Server Exclusion's:
SQL Server 2012 Processes exclude from virus scanning
- %ProgramFiles%\Microsoft SQL Server\MSSQL11. <InstanceName>\MSSQL\Binn\SQLServr.exe
- %ProgramFiles%\Microsoft SQL Server\MSRS11. <InstanceName>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
- %ProgramFiles%\Microsoft SQL Server\MSAS11. <InstanceName>\OLAP\Bin\MSMDSrv.exe
- SQL Server data files
- *.mdf
- *.ldf
- *.ndf
- SQL Server backup files
These files frequently have one of the following file-name extensions:- *.bak
- *.trn
- Full-Text catalog files
- %Program Files%\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\FTData
- %Program Files%\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\FTData
- Analysis Services backup files
C:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Backup
C:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Log
5. IIS Exclusions:
* .ida
%systemroot%\IIS Temporary Compressed Files
%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files
6. WSUS Exclusions:
*.cab
\WSUS\WSUSContent
\WSUS\UpdateServicesDBFiles
\SoftwareDistribution\Datastore
\SoftwareDistribution\DownloadReference Links:
https://community.mcafee.com/thread/59504
http://www.systemcenterblog.nl/2012/05/09/anti-virus-scan-exclusions-for-configuration-manager-2012/
http://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx
http://support.microsoft.com/kb/309422
http://support.microsoft.com/kb/821749
http://support.microsoft.com/kb/817442
http://support.microsoft.com/kb/900638/en-us
http://technet.microsoft.com/en-us/library/dd939908(WS.10).aspx#avMcAfee Exclusions for workstations:
Turn off scanning of Windows Update or Automatic Update related files
- Turn off scanning of the Windows Update or Automatic Update database file (Datastore.edb). This file is located in the following folder:
%windir%\SoftwareDistribution\Datastore
- Turn off scanning of the log files that are located in the following folder:
%windir%\SoftwareDistribution\Datastore\Logs
Specifically, exclude the following files:
- Res*.log
- Edb*.jrs
- Edb.chk
- Tmp.edb
Turn off scanning of Windows Security files
- Add the following files in the %windir%\Security\Database path of the exclusions list:
- *.edb
- *.sdb
- *.log
- *.chk
- *.jrs
Turn off scanning of Group Policy related files
- Group Policy user registry information. These files are located in the following folder:
%allusersprofile%\
Specifically, exclude the following file:
NTUser.pol
- Group Policy client settings file. This file is located in the following folder:
%Systemroot%\System32\GroupPolicy\
Specifically, exclude the following file: Registry.pol
For the configuration manager clients the following exclusion will be added:
- %windir%ccmcache
\SoftwareDistribution\Datastore
\SoftwareDistribution\DownloadReference Links:
http://support.microsoft.com/kb/822158/en-us
Regards, Syed Fahad Ali
- Edited by Syed Fahad Ali Thursday, December 12, 2013 4:56 PM
Thursday, December 12, 2013 4:54 PM
Answers
-
Thanks for sharing this.. Many people will find this useful.
http://www.enhansoft.com/
- Marked as answer by Xin GuoMicrosoft contingent staff Friday, December 20, 2013 9:57 AM
Saturday, December 14, 2013 5:03 PM
All replies
-
Thanks for sharing this.. Many people will find this useful.
http://www.enhansoft.com/
- Marked as answer by Xin GuoMicrosoft contingent staff Friday, December 20, 2013 9:57 AM
Saturday, December 14, 2013 5:03 PM -
Thank you for the comment :)
Regards, Syed Fahad Ali
Monday, December 16, 2013 3:28 PM -
Hello Syed
No suggestions we found to exclude \SoftwareDistribution\Download, so is it required to exclude the folder?
LMS
Sunday, August 9, 2015 6:32 AM -
Is most of this list still relevant in SCCM CB?Tuesday, April 5, 2016 9:52 PM
-
Is most of this list still relevant in SCCM CB?
100% of it still applies.Garth Jones
Blog: http://www.enhansoft.com/blog Old Blog: http://smsug.ca/blogs/garth_jones/default.aspx
Twitter: @GarthMJ Book: System Center Configuration Manager Reporting Unleased
- Proposed as answer by Sreenivas C Friday, May 20, 2016 5:54 AM
Tuesday, April 5, 2016 9:59 PM -
Ok thanks for the quick response.Tuesday, April 5, 2016 10:05 PM
-
Thanks Garth for sharing this info.
What are the issues we may expect if these AV exclusions are not placed?
Do we need to exclude provided full folders or only following processes for the above folders?
- Smsexec.exe
- Ccmexec.exe
- CmRcService.exe
- Sitecomp.exe
- Smswriter.exe
- Smssqlbbkup.exe
- Edited by Sreenivas C Friday, May 20, 2016 5:53 AM
Friday, May 20, 2016 5:50 AM -
There is no pre-defined set of issues, if they are not done. However at a minimum you can expect your AV software to slow down your site server.
Garth Jones
Blog: http://www.enhansoft.com/blog Old Blog: http://smsug.ca/blogs/garth_jones/default.aspx
Twitter: @GarthMJ Book: System Center Configuration Manager Reporting Unleased
- Proposed as answer by Sreenivas C Friday, May 20, 2016 4:38 PM
Friday, May 20, 2016 2:07 PM -
Can you please assist on the below query pls.
Do we need to exclude provided full folders(Directories) or only following processes for the above folders?
- Smsexec.exe
- Ccmexec.exe
- CmRcService.exe
- Sitecomp.exe
- Smswriter.exe
- Smssqlbbkup.exe
First off if this is urgent then you should open a Support case with CSS, they will work with you to solve this problem. Forums are for admin to help other admins, there is no guarantee that anyone will ever answer your questions. As such you should wait a minimum of 7 days before "bumping" a post.
No one can answer this question for you, as each AV software is different. You will need to talk to you AV person and ask them.
BTW I was travelling yesterday and as such we no where near the forums.
Garth Jones
Blog: http://www.enhansoft.com/blog Old Blog: http://smsug.ca/blogs/garth_jones/default.aspx
Twitter: @GarthMJ Book: System Center Configuration Manager Reporting Unleased
Saturday, May 21, 2016 1:57 PM -
Would you happen to know which file and folders should be excluded for System Center Endpoint Protection? Yes, we are running 2 anti-virus applications at the same time.Friday, November 18, 2016 10:10 PM
-
That's great do you have same for Symantec too or is it same for all antivirus?
Devraj88
Monday, July 16, 2018 8:56 AM -
it is the same for all av.
Garth Jones
Blog: https://www.enhansoft.com/blog Old Blog: https://sccmug.ca/
Twitter: @GarthMJ Book: System Center Configuration Manager Reporting Unleashed
Monday, July 16, 2018 11:44 AM