none
exchange 2010 安装 sep RRS feed

  • 问题

  • hi:

      如果要在exchange 服务器和AD服务器上安装SEP杀毒软件,需要排除那些进程、文件、目录!有什么注意的事项!

    谢谢!

    2015年3月24日 5:59

答案

  • 你好,

    具体可以参考下面的链接:

    Exchange 2010 上的文件级防病毒扫描

    如果要在 Exchange 2010 服务器上部署文件级扫描程序,请确保为按内存驻留扫描和文件级扫描设置适当的排除规则(例如目录排除、进程排除和文件扩展名排除)。本节介绍每个服务器或服务器角色的目录排除、进程排除和文件扩展名排除。

    针对运行当前受支持 Windows 版本的企业计算机的病毒扫描建议

    因为域控制器为客户端提供重要服务,因此必须将影响其活动的恶意代码、恶意软件或病毒所带来的风险降至最低。防病毒软件是一种广为接受的降低感染风险的方法。安装和配置防病毒软件,可以最大程度地降低域控制器的风险,将病毒对性能所造成的影响降至最低。下面的列表包含了一些有用的建议,可帮助您在 Windows Server 2008 R2、Windows Server 2008、Windows Server 2003 或 Windows 2000 域控制器上配置和安装防病毒软件.

    谢谢!


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Niko Cheng
    TechNet Community Support

    2015年3月25日 3:00
    版主

全部回复

  • exchange 服务器

    https://technet.microsoft.com/en-us/library/bb332342(v=exchg.150).aspx

    scanners are frequently used. However, if they are configured incorrectly, they can cause problems in Exchange 2010. There are two types of file-level scanners:

    • Memory-resident file-level scanning refers to a part of file-level antivirus software that is loaded in memory at all times. It checks all the files that are used on the hard disk and in computer memory.

    • On-demand file-level scanning refers to a part of file-level antivirus software that you can configure to scan files on the hard disk manually or on a schedule. Some versions of antivirus software start the on-demand scan automatically after virus signatures are updated to make sure that all files are scanned with the latest signatures.

    The following problems may occur when you use file-level scanners with Exchange 2010:

    • File-level scanners may scan a file when the file is being used or at a scheduled interval. This can cause the scanners to lock or quarantine an Exchange log or a database file while Microsoft Exchange tries to use the file. This behavior may cause a severe failure in Microsoft Exchange and may also cause -1018 errors.

    • File-level scanners don't provide protection against e-mail viruses, such as the Storm Worm. Storm Worm was a backdoor Trojan horse virus that propagated itself through e-mail messages. The worm joined the infected computer to a botnet, where the computer was used to send spam e-mail messages in periodic bursts. Such viruses can affect the performance of the computer and the network that it is attached to.

    Recommendations for Using File-Level Scanning with Exchange 2010

    If you're deploying file-level scanners on Exchange 2010 servers, make sure that the appropriate exclusions, such as directory exclusions, process exclusions, and file name extension exclusions, are in place for both memory-resident and file-level scanning. This section describes directory exclusions, process exclusions, and file name extension exclusions for each server or server role.

    Directory Exclusions

    You must exclude specific directories for each Exchange server or server role on which you run a file-level antivirus scanner. This section describes the directories that you should exclude from file-level scanning for each server or server role.

    Mailbox server role
    • Exchange databases, checkpoint files, and log files. By default, these are located in sub-folders under the %ExchangeInstallPath%\Mailbox folder. You can obtain the directory location by running the following commands in the Exchange Management Shell:

      • To determine the location of a mailbox database, transaction log, and checkpoint file, run the following command: Get-MailboxDatabase -server <servername>| format-list *path*

    • Database content indexes. By default, these are located in the same folder as the database file.

    • Group Metrics files. By default, these files are located in the %ExchangeInstallPath%\GroupMetrics folder.

    • General log files, such as message tracking and calendar repair log files. By default, these files are located in subfolders under the %ExchangeInstallPath%\TransportRoles\Logs folder and %ExchangeInstallPath%\Logging folder. To determine the log paths being used, run the following command in the Exchange Management Shell: Get-MailboxServer <servername> | format-list *path*

    • The Offline Address Book files. By default, these are located in subfolders under the %ExchangeInstallPath%\ExchangeOAB folder

    • IIS system files in the %SystemRoot%\System32\Inetsrv folder

    • The temporary folder that is used with offline maintenance utilities, such as Eseutil.exe. By default, this folder is the location where the .exe file is run from. However, you can configure where you perform the operation when you run the utility.

    • The Mailbox database temporary folder: %ExchangeInstallPath%\Mailbox\MDBTEMP

    • Any Exchange-aware antivirus program folders

    Mailbox server that is a member of a Database Availability Group

    All the items listed in the Mailbox server role list and in the %Winnt%\Cluster folder.

    Witness server
    • The witness directory files. These are located on another server in the environment, typically a Hub Transport server. By default, these files are located in \\%SystemDrive%:\DAGFileShareWitnesses\<DAGFQDN> and default share (<DAGFQDN>) on that server. For more information about a database availability group (DAG) and witness servers, see Managing Database Availability Groups.

    Hub Transport server role
    • General log files, for example, message tracking and connectivity logs. By default, these files are located in subfolders under the %ExchangeInstallPath%\TransportRoles\Logs folder. To determine the log paths being used, run the following command in the Exchange Management Shell: Get-TransportServer <servername>| format-list *logpath*,*tracingpath*

    • Pickup and Replay message directory folders. By default, these folders are located under the %ExchangeInstallPath%\TransportRoles folder. To determine the paths being used, run the following command in the Exchange Management Shell: Get-TransportServer <servername>| fl *dir*path*

    • The transport server role queue database, checkpoint, and log files. By default, these are located in the %ExchangeInstallPath%\TransportRoles\Data\Queue folder. For more information, see Managing Transport Queues.

    • The transport server role Sender Reputation database, checkpoint, and log files. By default, these are located in the %ExchangeInstallPath%\TransportRoles\Data\SenderReputation folder.

    • The transport server role IP filter database, checkpoint, and log files. By default, these are located in the %ExchangeInstallPath%\TransportRoles\Data\IpFilter folder.

    • The temporary folders that are used to perform conversions:

      • By default, content conversions are performed in the Exchange server’s TMP folder.

      • By default, OLE conversions are performed in %ExchangeInstallPath%\Working\OleConvertor folder.

    • Any Exchange-aware antivirus program folders

    Edge Transport server role
    • The Active Directory Lightweight Directory Service database (AD LDS) and log files. By default, these are located in the %ExchangeInstallPath%\TransportRoles\Data\Adam folder. For more information about AD LDS database files, see Modify AD LDS Configuration.

    • General log files, for example message tracking. By default, these files are located in subfolders under the %ExchangeInstallPath%\TransportRoles\Logs folder. To determine the log paths being used, run the following command in the Exchange Management Shell: Get-TransportServer <servername> | format-list *logpath*,*tracingpath*

    • The Pickup and Replay message folders. By default, these are located under the %ExchangeInstallPath%\TransportRoles folder. To determine the log paths being used, run the following command in the Exchange Management Shell: Get-TransportServer <servername>| format-list *dir*path*

    • The transport server role queue database, checkpoint, and log files. By default, these are located in the %ExchangeInstallPath%\TransportRoles\Data\Queue folder. For more information about transport server queues, see Managing Transport Queues.

    • The transport server role Sender Reputation database, checkpoint, and log files. By default, these are located in the %ExchangeInstallPath%\TransportRoles\Data\SenderReputation folder

    • The transport server role IP filter database, checkpoint, and log files. By default, these are located in the %ExchangeInstallPath%\TransportRoles\Data\IpFilter folder

    • The temporary folders that are used to perform conversions:

      • By default, content conversions are performed in the server’s TMP folder.

      • By default, OLE conversions are performed in %ExchangeInstallPath%\Working\OleConvertor folder.

    • Any Exchange-aware antivirus program folders

    Client Access server role
    • For servers using Internet Information Services (IIS) 7.0, the compression folder that is used with Microsoft Outlook Web App. By default, the compression folder for IIS 7.0 is located at %SystemDrive%\inetpub\temp\IIS Temporary Compressed Files.

    • For servers using IIS 6.0, the compression folder that is used with Microsoft Outlook Web App. By default, the compression folder for IIS 6.0 is located at %systemroot%\IIS Temporary Compressed Files. For more information about possible errors resulting from scanning the IIS compression folder, see Microsoft Knowledge Base article 817442, A 0-byte file may be returned when compression is enabled on a server that is running IIS.

    • IIS system files in the %SystemRoot%\System32\Inetsrv folder

    • Inetpub\logs\logfiles\w3svc

    • The Internet-related files that are stored in the sub-folders of the %ExchangeInstallPath%\ClientAccess folder

    • For servers that have protocol logging enabled for POP3 or IMAP4, the following folders:

      • POP3 folder: %ExchangeInstallPath%\Logging\POP3

      • IMAP4 folder: %ExchangeInstallPath%\Logging\IMAP4

    • The temporary folders that are used to perform conversions:

      • By default, content conversions are performed in the server’s TMP folder.

      • By default, OLE conversions are performed in %ExchangeInstallPath%\Working\OleConvertor folder.

    Unified Messaging server role
    • The grammar files for different locales, for example en-EN or es-ES. By default, these are stored in the subfolders in the %ExchangeInstallPath%\UnifiedMessaging\grammars folder.

    • The voice prompts, greetings and informational message files. By default, these are stored in the subfolders in the %ExchangeInstallPath%\UnifiedMessaging\Prompts folder

    • The voicemail files that are temporarily stored in the %ExchangeInstallPath%\UnifiedMessaging\voicemail folder.

    • The temporary files generated by Unified Messaging. By default, these are stored in the %ExchangeInstallPath%\UnifiedMessaging\temp folder.

    Microsoft Forefront Protection for Exchange
    • The Forefront installation folder. By default, this is %Program Files (x86)%\Microsoft Forefront Protection for Exchange Server\.

    • Any archived messages. By default, these are stored in the %Program Files (x86)%\Microsoft Forefront Protection for Exchange Server\Data\Archive folder.

    • Any quarantined files. By default, these are stored in the %Program Files (x86)%\Microsoft Forefront Protection for Exchange Server\Data\Quarantine folder.

    • The antivirus engine files. By default, these are stored in the subfolders of %Program Files (x86)%\Microsoft Forefront Protection for Exchange Server\Data\Engines\x86 folder or the %Program Files (x86)%\Microsoft Forefront Protection for Exchange Server\Data\Engines\amd64 folder.

    • The configuration files. By default, these are stored in the %Program Files (x86)%\Microsoft Forefront Protection for Exchange Server\Data folder.

    Process Exclusions

    Many file-level scanners now support the scanning of processes, which can adversely affect Microsoft Exchange if the incorrect processes are scanned. Therefore, you should exclude the following processes from file-level scanners.

     

    Cdb.exe

    Microsoft.Exchange.Search.Exsearch.exe

    Cidaemon.exe

    Microsoft.Exchange.Servicehost.exe

    Clussvc.exe

    MSExchangeADTopologyService.exe

    Dsamain.exe

    MSExchangeFDS.exe

    Microsoft.Exchange.EdgeCredentialSvc.exe

    MSExchangeMailboxAssistants.exe

    EdgeTransport.exe

    MSExchangeMailboxReplication.exe

    ExFBA.exe

    MSExchangeMailSubmission.exe

    GalGrammarGenerator.exe

    MSExchangeRepl.exe

    Inetinfo.exe

    MSExchangeTransport.exe

    Mad.exe

    MSExchangeTransportLogSearch.exe

    Microsoft.Exchange.AddressBook.Service.exe

    MSExchangeThrottling.exe

    Microsoft.Exchange.AntispamUpdateSvc.exe

    Msftefd.exe

    Microsoft.Exchange.ContentFilter.Wrapper.exe

    Msftesql.exe

    Microsoft.Exchange.EdgeSyncSvc.exe

    OleConverter.exe

    Microsoft.Exchange.Imap4.exe

    Powershell.exe

    Microsoft.Exchange.Imap4service.exe

    SESWorker.exe

    MSExchangeMailboxAssistants.exe

    SpeechService.exe

    Microsoft.Exchange.Monitoring.exe

    Store.exe

    Microsoft.Exchange.Pop3.exe

    TranscodingService.exe

    Microsoft.Exchange.Pop3service.exe

    UmService.exe

    Microsoft.Exchange.ProtectedServiceHost.exe

    UmWorkerProcess.exe

    Microsoft.Exchange.RPCClientAccess.Service.exe

    W3wp.exe

    If you're also deploying Forefront Protection for Exchange Server, exclude the following processes.

     

    Adonavsvc.exe

    FscStatsServ.exe

    FscController.exe

    FscTransportScanner.exe

    FscDiag.exe

    FscUtility.exe

    FscExec.exe

    FsEmailPickup.exe

    FscImc.exe

    FssaClient.exe

    FscManualScanner.exe

    GetEngineFiles.exe

    FscMonitor.exe

    PerfmonitorSetup.exe

    FscRealtimeScanner.exe

    ScanEngineTest.exe

    FscStarter.exe

    SemSetup.exe

    File Name Extension Exclusions

    In addition to excluding specific directories and processes, you should exclude the following Exchange-specific file name extensions in case directory exclusions fail or files are moved from their default locations.

    Application-related extensions
    • .config

    • .dia

    • .wsb

    Database-related extensions

     

    .chk

    .jrs

    .log

    .edb

    .jsl

    .que

    Offline address book-related extensions
    • .lzx

    Content Index-related extensions

     

    .ci

    .wid

    .001

    .dir

    .000

    .002

    Unified Messaging-related extensions
    • .cfg

    • .grxml

    GroupMetrics
    • .dsc

    • .bin

    • .xml

    Forefront Protection for Exchange Server–related extensions

     

    .avc

    .dt

    .lst

    .cab

    .fdb

    .mdb

    .cfg

    .fdm

    .ppl

    .config

    .ide

    .set

    .da1

    .key

    .v3d

    .dat

    .klb

    .vdb

    .def

    .kli

    .vdm

    The file name extensions listed for Forefront Protection for Exchange Server are the signature files from various antivirus directory engines. In most cases, these file name extensions don't change. However, file name extensions may be added in the future as third-party antivirus vendors update their antivirus signature files.

    2015年3月25日 0:40
  • AD 服务器

    https://technet.microsoft.com/en-us/library/cc816917(v=ws.10).aspx

    Because domain controllers provide critical services to their clients, it is crucial to minimize the risk of any disruption of these services that may be caused by malicious code.

    You can generally use antivirus software to mitigate the risk of malicious code. However, installing antivirus software (from any vendor) on a domain controller and configuring it to scan everything is not a reliable or recommended solution because the antivirus software may interfere with domain controller performance. Specifically, the scanning procedures that most antivirus applications use require exclusive locks on files. In many cases, these locks can interfere with the real-time data replication that domain controllers use to stay synchronized with the rest of the network.

    The antivirus software that you use must be compatible with Windows operating systems in general and domain controllers in particular. Antivirus software must be installed in a manner that protects against attacks as much as possible while not interfering with domain controller performance. For example, antivirus software must be able to scan Distributed File System (DFS) files that are replicated by File Replication Service (FRS) or DFS Replication in a way that does not initiate full synchronization of files and folders in SYSVOL or of DFS roots and links. Any antivirus vendor should provide specific instructions to correctly configure their product to work with domain controllers that are running versions of Windows Server and that have Active Directory Domain Services (AD DS) installed.

    We cannot guarantee the interoperability of any antivirus software with DFS Replication, including any tests recommended in this guide. The need for extensive testing can be avoided completely by asking their antivirus software vendor to disclose their tested interoperability with DFS Replication. Vendors that have tested their software are happy to stand by their products. For a list of antivirus software vendors, see article 49500 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=22381).

    Guidelines for managing antivirus software on Active Directory domain controllers

    Follow the guidelines from your antivirus software vendor. Verify that the antivirus software you select is confirmed to be compatible with your domain controllers. Test your chosen antivirus software solution thoroughly in a lab environment to ensure that the software does not compromise the stability of your system.

    Antivirus software has been known to cause blue screens on domain controllers. Before you install antivirus software or any update to that software on domain controllers in a domain, test lab domain controllers for the following issues:

    • Stability issues
    • Memory leaks
    • High CPU usage
    • Interruptions or failure of inbound and outbound replication

    The following recommendations are general and should not be construed as more important than the specific recommendations of your antivirus software vendor. These guidelines must be followed for correct Active Directory file replication operation:

    • Antivirus software must be installed on all domain controllers in the enterprise. Ideally, such software should also be installed on all other server and client computers that have to interact with the domain controllers. Catching the virus at the earliest point—at the firewall or at the client computer on which the virus is first introduced—is the best way to prevent the virus from ever reaching the infrastructure systems on which all client computers depend. 
    • Use a version of antivirus software that is confirmed to work with AD DS and that uses the correct application programming interfaces (APIs) for accessing files on the server. Some versions of antivirus software inappropriately modify file metadata as it is scanned, causing the FRS replication engine to perceive a file as having changed and to schedule it for replication. Some newer versions of antivirus software prevent this problem. For more information about antivirus software versions and FRS, see article 815263 in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=120540) and see the vendor-specific sites for compliant versions.

      Verify antivirus compatibility with DFS Replication, as described in Testing Antivirus Application Interoperability with DFS Replication (http://go.microsoft.com/fwlink/?LinkId=122787).
      noteNote
      If you are using ForeFront Client Security, see article 956123 in the Microsoft Knowledge Base for a hotfix (http://go.microsoft.com/fwlink/?LinkId=131409).

    • Prevent the use of domain controller systems as general workstations. Users should not use a domain controller to surf the Web or to perform any other activities that can allow the introduction of malicious code. Allow browsing of known safe sites only for the purpose of supporting server operation and maintenance.
    • When possible, do not use a domain controller as a file sharing server. Virus scanning software must be run against all files in the shared folders, and it can place a large resource load on the processor and memory resources of the server. For the same reason, the SYSVOL and Netlogon shares that are automatically created on domain controllers should not be used to distribute software or for to store data.

    Files to exclude from scanning

    For a list of files to exclude from scanning on a domain controller, see article 822158 (http://go.microsoft.com/fwlink/?LinkID=187091) in the Microsoft Knowledge Base.

    2015年3月25日 0:41
  • 你好,

    具体可以参考下面的链接:

    Exchange 2010 上的文件级防病毒扫描

    如果要在 Exchange 2010 服务器上部署文件级扫描程序,请确保为按内存驻留扫描和文件级扫描设置适当的排除规则(例如目录排除、进程排除和文件扩展名排除)。本节介绍每个服务器或服务器角色的目录排除、进程排除和文件扩展名排除。

    针对运行当前受支持 Windows 版本的企业计算机的病毒扫描建议

    因为域控制器为客户端提供重要服务,因此必须将影响其活动的恶意代码、恶意软件或病毒所带来的风险降至最低。防病毒软件是一种广为接受的降低感染风险的方法。安装和配置防病毒软件,可以最大程度地降低域控制器的风险,将病毒对性能所造成的影响降至最低。下面的列表包含了一些有用的建议,可帮助您在 Windows Server 2008 R2、Windows Server 2008、Windows Server 2003 或 Windows 2000 域控制器上配置和安装防病毒软件.

    谢谢!


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Niko Cheng
    TechNet Community Support

    2015年3月25日 3:00
    版主