cancel
Showing results for 
Search instead for 
Did you mean: 
SergeM
Level 9
Report Inappropriate Content
Message 11 of 49

More references

There have already been several threads on similar issues (VSE exclusions) so I'll mention them here for additional reference

VSE and MS SQL : thread 223368

Server Exclusions : thread 223361

Exclusions for servers : thread 225146

enjoy
Serge
jawuk
Level 7
Report Inappropriate Content
Message 12 of 49

My Complete list of Virus Scan Exclusions as per 05/09

I have spent all afternoon compiling this for my own reference from various sources and of course from this forum. There were some ammendments i made to suggestions made in previous posts



Please make sure you READ THIS FIRST and understand the usage of \ and * etc etc

https://kc.mcafee.com/corporate/index?page=content&id=KB50998&pmv=print



Windows XP, 2003, 2003, Vista, 2008 (non domain)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _


%windir%\SoftwareDistribution\Datastore\Datastore.edb
%windir%\SoftwareDistribution\Datastore\Logs\Edb*.log
%windir%\SoftwareDistribution\Datastore\Logs\Edb.chk
%windir%\SoftwareDistribution\Datastore\Logs\tmp.edb
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00001.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00002.jrs
%windir%\security\*.edb
%windir%\security\*.sdb
%windir%\security\*.log
%windir%\security\*.chk
%windir%\softwaredistribution\*.cab
%windir%\system32\ccm\cache\*.cab
%windir%\SoftwareDistribution\Datastore\Logs\Res1.log
%windir%\SoftwareDistribution\Datastore\Logs\Res2.log
%windir%\security\database\*.sdb

%allusersprofile%\NTUser.pol
%Systemroot%\system32\GroupPolicy\**\registry.pol


File Exclusions: -
Wsusscan.cab file and the Wsusscn2.cab





For Windows 2000, 2003 and 2008 Domain controllers
_ _ _ _ _ _ _ _ _ _ _ _ _ _

%windir%\ntds\Ntds.dit
%windir%\ntds\Ntds.pat
%windir%\ntds\EDB*.log
%windir%\ntds\Res1.log
%windir%\ntds\Edbres00001.jrs
%windir%\ntds\Res2.log
%windir%\ntds\Edbres00002.jrs
%windir%\ntds\Ntds.pat
%windir%\ntds\Temp.edb
%windir%\ntds\Edb.chk


%windir%\ntfrs\jet\sys\edb.chk
%windir%\ntfrs\jet\ntfrs.jbd
%windir%\ntfrs\jet\log\*.log
%windir%\ntfrs\jet\log\edbres00001.jrs
%windir%\ntfrs\jet\log\edbres00002.jrs


%systemroot%\sysvol\ (only this folder, not all subfolders!!!)
%systemroot%\sysvol\domain\DO_NOT_REMOVE_NtFrs_Pre Install_Directory
%systemroot%\sysvol\staging
%systemroot%\sysvol\staging areas\ (all subfolders)
%systemroot%\sysvol\sysvol\ (all subfolders)
%windir%\ntfrs


Cluster Services: -
%windir%\Cluster
Q:\ (quorum)


DHCP:
%windir%\system32\dhcp (all subfolders and files)

DNS:
%windir%\system32\dns (all subfolders and files)

WINS:
%windir%\system32\wins (all subfolders and files)

Print Servers:
%systemroot\System32\Spool (all subfolders and files)


Microsoft IIS 6.0 and 7.0 :
_ _ _ _ _ _ _ _ _ _ _ _ _ _

%SystemRoot%\System32\Inetsrv\
%SystemRoot%\IIS Temporary Compressed Files\
%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files\ (IIS 7.0)



Microsoft Internet Security and Acceleration (ISA) Server (up to 2006) : -
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

This Exclusion should only be used if problems are experienced, since Microsoft detail, but do not recommend this exclusion

Drive:\Program Files\Microsoft ISA Server\ISALogs






Microsoft Exchange 2007 (Multiple Server Roles)
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _


Exchange 2007 Application-related extension Exclusions:
%ProgramFiles%\Microsoft\Exchange Server\**\*.config
%ProgramFiles%\Microsoft\Exchange Server\**\*.dia
%ProgramFiles%\Microsoft\Exchange Server\**\*.wsb

Exchange 2007 Database-related extension Exclusions:
%ProgramFiles%\Microsoft\Exchange Server\**\*.edb
%ProgramFiles%\Microsoft\Exchange Server\**\*.log
%ProgramFiles%\Microsoft\Exchange Server\**\*.chk
%ProgramFiles%\Microsoft\Exchange Server\**\*.jrs
%ProgramFiles%\Microsoft\Exchange Server\**\*.que

Exchange 2007 Offline Address Book-related extension Exclusions:
%ProgramFiles%\Microsoft\Exchange Server\**\*.lzx


Exchange 2007 Content Index-related extension Exclusions:
%ProgramFiles%\Microsoft\Exchange Server\**\*.ci
%ProgramFiles%\Microsoft\Exchange Server\**\*.wid
%ProgramFiles%\Microsoft\Exchange Server\**\*.dir
%ProgramFiles%\Microsoft\Exchange Server\**\*.000
%ProgramFiles%\Microsoft\Exchange Server\**\*.001
%ProgramFiles%\Microsoft\Exchange Server\**\*.002

Exchange 2007 Unified Messaging-related extension Exclusions:
%ProgramFiles%\Microsoft\Exchange Server\**\*.cfg
%ProgramFiles%\Microsoft\Exchange Server\**\*.grx

Exchange 2007 Working and Conversion folder Exclusions:
\Temp (some content conversions are performed in this folder)
%ProgramFiles%\Microsoft\Exchange Server\MDBTEMP\
%ProgramFiles%\Microsoft\Exchange Server\Working\OleConvertor\

Exchange 2007 file Exclusion:
C:\Program Files\Microsoft\Exchange Server\Bin\EdgeTransport.exe

IIS Working folder Exclusions:
%SystemRoot%\System32\Inetsrv\
%SystemRoot%\IIS Temporary Compressed Files\
%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files\

File Share Witness folder Exclusions:
\MNS_FSW_DIR*

NOTE: there will be multiple/different directories per Hub Transport server to support the various clusters in each data center.

GroupShield 7 for Exchange 2007
DRIVE\Program Files\McAfee\McAfee GroupShield\bin\Runscheduled.exe
DRIVE\Program Files\McAfee\McAfee GroupShield\bin\Runscheduledx64.exe
DRIVE\Program Files\McAfee\McAfee GroupShield\bin\SafeService.exe




Microsoft Windows SharePoint Services 3.0
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Drive:\Program Files\Common Files\Microsoft Shared\Web Service Extensions (All Files and all subfolders)

or only

Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\Logs\

Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\Data\Applications\


Note* The Applications folder must be excluded only if the computer is running the Windows SharePoint Services Search service.

If the folder that contains the index file is located in some other location, you must also exclude that folder.

Drive:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files

Drive:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files

Drive:\Documents and Settings\All Users\Application Data\Microsoft\SharePoint\Config

Drive:\Windows\Temp\WebTempDir
Drive:\Windows\Temp\FrontPageTempDir

Drive\Documents and Settings\*the account that the search service is running as*\Local Settings\Temp\
Drive:\WINDOWS\system32\LogFiles

Note If you use a specific account for SharePoint services or application pools identities, you may also have to exclude the following folders, replace *ServiceAccount with account name:
Drive:\Documents and Settings\*ServiceAccount*\Local Settings\Application Data
Drive:\Documents and Settings\*ServiceAccount*\Local Settings\Temp


Microsoft Office SharePoint Server 2007
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

Drive:\Program Files\Microsoft Office Servers (And all subfolders)

or only

Drive:\Program Files\Microsoft Office Servers\12.0\Data\
(This folder is used for the indexing process. If the Index files are configured to reside in a different folder, you also have to exclude that location.)

Drive:\Program Files\Microsoft Office Servers\12.0\Logs
Drive:\Program Files\Microsoft Office Servers\12.0\Bin



Microsoft SQL Server 2000/2005/2008
_ _ _ _ _ _ _ _ _ _ _ _

SQL Server data files: -

.mdf
.ldf
.ndf

SQL Server backup files: -

.bak
.trn

Analysis Manager Data and Temp folder.

DRIVE:\Program Files\Microsoft SQL Server\**\OLAP\Data\ (MSSQL folder name can be MSSQL.1 or MSSQL.2 etc etc. Using a '**' allows any number to be allowed in mcafee)
DRIVE:\Program Files\Microsoft SQL Server\**\OLAP\Backup\
DRIVE:\Program Files\Microsoft SQL Server\**\OLAP\Log\


Considerations for clustering: -

Cluster Services: -
%windir%\Cluster
Q:\ (quorum)




Microsoft Operations Manager 2005 and 2007 (management servers and agents):
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

MOM 2005 (management servers and agents):

These include the queue and log files used by Operations Manager.

DRIVE:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Operations Manager\


File Type Exclusions: -
WKF, PQF, PQF0, PQF1



OpsMgr 2007 : -

DRIVE:\Program Files\System Center Operations Manager 2007\Health Service State\Health Service Store\


File Type Exclusions: -
EDB, CHK, LOG.



System Center Configuration Manager 2007
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _


DRIVE:\SCCM\Inboxes (all subfolders and files)
DRIVE:\SCCM\Logs (all subfolders and files)


Windows Software Update Services (WSUS) Server: -
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

DRIVE:\MSSQL$WSUS
DRIVE:\WSUS

file exclusions: -
Wsusscan.cab file and the Wsusscn2.cab


















References: -

resources:-

http://support.microsoft.com/kb/822158

https://kc.mcafee.com/corporate/index?page=content&id=KB50998&pmv=print

https://kc.mcafee.com/corporate/index?page=content&id=KB51471&actp=search&searchid=1241712473624

Recommended Forefront Client Security file and folder exclusions for Microsoft products :-null
http://support.microsoft.com/kb/943556

ISA Exclusions
http://support.microsoft.com/kb/887311/

Folders may have to be excluded from antivirus scanning when you use a file-level antivirus program in Windows SharePoint Services 3.0 or in SharePoint Server 2007
http://support.microsoft.com/kb/952167


Guidelines for choosing antivirus software to run on the computers that are running SQL Server
http://support.microsoft.com/kb/309422


Antivirus exclusions for Operations Manager 2007
http://blogs.msdn.com/nickmac/archive/2008/07/18/antivirus-exclusions-for-operations-manager-2007.as...


http://support.microsoft.com/kb/900638
WSUS: -Multiple symptoms occur if an antivirus scan occurs while the Wsusscan.cab file or the Wsusscn2.cab file is copied

RE: My Complete list of Virus Scan Exclusions as per 05/09

Great post mate, thanks for that, I just came back to this post to undertake this type of task for myself, you have saved me a lot of time here.

RE: My Complete list of Virus Scan Exclusions as per 05/09

Great Work - Thanks happy

RE: My Complete list of Virus Scan Exclusions as per 05/09

Can you use the following wildcard example for OAS exclusions in ePO 4.0? Or do you have to provide the actual path?

%windir%
Highlighted

RE: My Complete list of Virus Scan Exclusions as per 05/09



Have you seen this discussion ?

http://forums.mcafeehelp.com/showthread.php?t=225146

Jim

Re: RE: My Complete list of Virus Scan Exclusions as per 05/09

Does anyone have some best practice VSE exclusions for Avaya VoIP applications?

Thanks in advance!

- AB

jawuk
Level 7
Report Inappropriate Content
Message 18 of 49

RE: My Complete list of Virus Scan Exclusions as per 05/09

I believe so yes, but only in VS8.5i and above, so long as the clients you are deploying the policies to understand the environmental variables it should work.

quote ''Utilizing system variables for Exclusions are only supported on VSE 8.5i.''

%windir% is the same as %systemroot% by the way

regards

Jamie


Easy exclusion entry solution?

Something that I haven't seen mentioned is whether or not there is a simple (read "easy") way to enter these many, many exclusions into your ePo-managed policies rather than the line-by-line-by-line-by-line method.

And, if there isn't, why not? 'Twould make sense if there were pre-configured generic exclusion packages based upon the OS being protected. Something for the future, perhaps?

Jim

RE: Easy exclusion entry solution?

I did it by exporting, modifiying and importing XML file. It wasn't too hard.

edit - I do agree though, it is a real pain that there is no way to simply import a text file with a list of exclusions etc, it really is a hassle.

As I say the best way around it I found is to enter the data once, then export those entries as an xml, then export the policies of the place you want to add it to, then modify that one, then re-import it.
Not that hard, but still a pain in the butt, would be much better if we could simply import it.

Guess this is now getting off topic of the thread though...
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community