locked
Central process exclusions RRS feed

  • Question

  • Hi,

    I’m currently with a customer who uses Forefront Client Security v5 as antivirus solution. We are in the process of deploying a private cloud based on Hyper-V R2. The recommendation about antivirus exclusions from the article http://support.microsoft.com/kb/961804/en-us is:

    "To resolve this issue, configure the real-time scanning component within your antivirus software to exclude the following directories and files:

    • Default virtual machine configuration directory (C:\ProgramData\Microsoft\Windows\Hyper-V)        
    • Custom virtual machine configuration directories
    •  Default virtual hard disk drive directory (C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks)
    • Custom virtual hard disk drive directories
    • Snapshot directories
    • Vmms.exe (Note: May need to be configured as process exclusions within the antivirus software)
    • Vmwp.exe (Note: May need to be configured as process exclusions within the antivirus software)

    Additionally, when you use Live Migration together with Cluster Shared Volumes on Windows Server 2008 R2, exclude the CSV path "C:\Clusterstorage" and all its subdirectories."

    There is no option to exclude processes from the FCS GUI. There is a possibility to exclude processes with a registry key as described here: http://blogs.technet.com/b/clientsecurity/archive/2010/03/12/setting-a-process-exclusion-in-your-network.aspx But that seems not to be supported. Is there a solution to this Problem or at least an automated way to set the client local exclusions?

    Regards

    Alex

     

    Regards

    Wednesday, June 6, 2012 10:49 AM

Answers

  • Hi Alex,

    Thank you for the post.

    You mean GPO does not supported in private cloud based computer?
    You could also add process exclusions via registry entries on one client and export/import to other clients.
    1.Navigate to HKLM\SOFTWARE\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Exclusions\Processes
    2.Create new DWORD entry with process1 name like (c:\folder\process1.exe) and set its value to 0
    3.Create new DWORD entry with process2 name and set its value to 0
    ...

    If there are more inquiries on this issue, please feel free to let us know.

    Regards


    Rick Tan

    TechNet Community Support

    • Marked as answer by Rick Tan Monday, June 11, 2012 6:47 AM
    Thursday, June 7, 2012 4:16 AM
  • Hi Alex,

    Yes, no way to set exclusion via FCS GUI and the registry key is supported.

    If the exclusion does not work, please ensure the FCSAM service starts before the excluded process.
    http://social.technet.microsoft.com/wiki/contents/articles/fcs-how-to-add-centrally-managed-process-exclusions.aspx

    Regards


    Rick Tan

    TechNet Community Support

    • Marked as answer by Rick Tan Monday, June 11, 2012 6:47 AM
    Friday, June 8, 2012 1:58 AM

All replies

  • Hi Alex,

    Thank you for the post.

    You mean GPO does not supported in private cloud based computer?
    You could also add process exclusions via registry entries on one client and export/import to other clients.
    1.Navigate to HKLM\SOFTWARE\Microsoft\Microsoft Forefront\Client Security\1.0\AM\Exclusions\Processes
    2.Create new DWORD entry with process1 name like (c:\folder\process1.exe) and set its value to 0
    3.Create new DWORD entry with process2 name and set its value to 0
    ...

    If there are more inquiries on this issue, please feel free to let us know.

    Regards


    Rick Tan

    TechNet Community Support

    • Marked as answer by Rick Tan Monday, June 11, 2012 6:47 AM
    Thursday, June 7, 2012 4:16 AM
  • Thank you for your answer. This has nothing to do with the private cloud. There is in General no way to configure process exclusions in the FCS GUI, isn't it? I already wrote about the registry key. Is this supported by Microsoft?

    Regards Alex

    Thursday, June 7, 2012 6:18 AM
  • Hi Alex,

    Yes, no way to set exclusion via FCS GUI and the registry key is supported.

    If the exclusion does not work, please ensure the FCSAM service starts before the excluded process.
    http://social.technet.microsoft.com/wiki/contents/articles/fcs-how-to-add-centrally-managed-process-exclusions.aspx

    Regards


    Rick Tan

    TechNet Community Support

    • Marked as answer by Rick Tan Monday, June 11, 2012 6:47 AM
    Friday, June 8, 2012 1:58 AM