none
SCCM 2012 Antivirus Exclusions for Servers and Workstations RRS feed

  • Question

  • Hii,

    Just sharing the antivirus exclusions for Configuration Manager 2012 Servers and workstations as well.

    Please share if anything is missing.

     

    McAfee Exclusion's for Configuration Manager 2012:

     

    1. C:\Windows\TEMP\BootImages
    and subfolders.

    2. Directories:

    %allusersprofile%\NTUser.pol
    %systemroot%\system32\GroupPolicy\registry.pol
    %windir%\Security\database\*.chk
    %windir%\Security\database\*.edb
    %windir%\Security\database\*.jrs
    %windir%\Security\database\*.log
    %windir%\Security\database\*.sdb
    %windir%\SoftwareDistribution\Datastore\Datastore.edb
    %windir%\SoftwareDistribution\Datastore\Logs\edb.chk
    %windir%\SoftwareDistribution\Datastore\Logs\edb*.log
    %windir%\SoftwareDistribution\Datastore\Logs\Edbres00001.jrs
    %windir%\SoftwareDistribution\Datastore\Logs\Edbres00002.jrs
    %windir%\SoftwareDistribution\Datastore\Logs\Res1.log
    %windir%\SoftwareDistribution\Datastore\Logs\Res2.log
    %windir%\SoftwareDistribution\Datastore\Logs\tmp.edb
    %programfiles%\Microsoft Configuration Manager\Inboxes\*.*
    %programfiles(x86)%\Microsoft Configuration Manager\Inboxes\*.*
    %systemroot%\system32\GroupPolicy\Machine\registry.pol"
    %systemroot%\system32\GroupPolicy\User\registry.pol"
    \SCCMContentLib
    \SMSPKG
    \SMSPKGC$
    \SMSPKGSIG
    \SMSSIG$
    \Program Files\SMS_CCM\ServiceData
    \Program Files\SMS_CCM\Logs
    \Program Files\Microsoft Configuration Manager\Logs
    \Program Files\Microsoft Configuration Manager\Install.map
    \ConfigurationManager DB
    \SMSPKGSIG
    \SCCMContentLib
    \Sources
    \SCCMImages
    \DatabaseBackup
    \SMSPKGE$
    \SMSPKGSIG
    \SMSSIG$

    3. Processes that will be excluded:

    Configuration Manager 2012 processes that will be excluded are:

    • Smsexec.exe
    • Ccmexec.exe
    • CmRcService.exe
    • Sitecomp.exe
    • Smswriter.exe
    • Smssqlbbkup.exe

    4. SQL Server Exclusion's:

    SQL Server 2012 Processes exclude from virus scanning

    • %ProgramFiles%\Microsoft SQL Server\MSSQL11. <InstanceName>\MSSQL\Binn\SQLServr.exe
    • %ProgramFiles%\Microsoft SQL Server\MSRS11. <InstanceName>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
    • %ProgramFiles%\Microsoft SQL Server\MSAS11. <InstanceName>\OLAP\Bin\MSMDSrv.exe
    • SQL Server data files
          
          
      • *.mdf
      • *.ldf
      • *.ndf
    • SQL Server backup files
          
           These files frequently have one of the following file-name extensions:
      • *.bak
      • *.trn
    • Full-Text catalog files
      • %Program Files%\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\FTData
               
    • Analysis Services backup files
          
           C:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Backup
           C:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Log

    5. IIS Exclusions:

    * .ida

    %systemroot%\IIS Temporary Compressed Files

    %SystemDrive%\inetpub\temp\IIS Temporary Compressed Files

    6. WSUS Exclusions:

    *.cab

    \WSUS\WSUSContent
    \WSUS\UpdateServicesDBFiles
    \SoftwareDistribution\Datastore
    \SoftwareDistribution\Download

    Reference Links:

    https://community.mcafee.com/thread/59504
    http://www.systemcenterblog.nl/2012/05/09/anti-virus-scan-exclusions-for-configuration-manager-2012/
    http://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx
    http://support.microsoft.com/kb/309422
    http://support.microsoft.com/kb/821749
    http://support.microsoft.com/kb/817442
    http://support.microsoft.com/kb/900638/en-us
    http://technet.microsoft.com/en-us/library/dd939908(WS.10).aspx#av

    McAfee Exclusions for workstations:

    Turn off scanning of Windows Update or Automatic Update related files

    • Turn off scanning of the Windows Update or Automatic Update database file (Datastore.edb). This file is located in the following folder:

    %windir%\SoftwareDistribution\Datastore

    • Turn off scanning of the log files that are located in the following folder:

    %windir%\SoftwareDistribution\Datastore\Logs

    Specifically, exclude the following files:

    • Res*.log
    • Edb*.jrs
    • Edb.chk
    • Tmp.edb

    Turn off scanning of Windows Security files

    • Add the following files in the %windir%\Security\Database path of the exclusions list:
      • *.edb
      • *.sdb
      • *.log
      • *.chk
      • *.jrs

    Turn off scanning of Group Policy related files

    • Group Policy user registry information. These files are located in the following folder:

    %allusersprofile%\

    Specifically, exclude the following file:

    NTUser.pol

    • Group Policy client settings file. This file is located in the following folder:

    %Systemroot%\System32\GroupPolicy\

    Specifically, exclude the following file: Registry.pol

    For the configuration manager clients the following exclusion will be added:

    • %windir%ccmcache

    \SoftwareDistribution\Datastore
    \SoftwareDistribution\Download

    Reference Links:
    http://support.microsoft.com/kb/822158/en-us


    Regards, Syed Fahad Ali


    Thursday, December 12, 2013 4:54 PM

Answers

All replies