cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

ePO: Virus scanning recommendations for computers that are running Windows*

Jump to solution

Dear, I'm workig with ePO 5.1.0 and I need to know if there is any exclusion recommendation list for Windows server by functionality as PDC, Exchange/Mail, SQL, etc.

I know there are some related Microsoft KB's, but I want to know if there is something oriented to ePO...or do I have to read the Microsoft KB and after that exclude everything by hand?

Thanks a lot.

1 Solution

Accepted Solutions

Re: ePO: Virus scanning recommendations for computers that are running Windows*

Jump to solution

Hi

Here is our standard exclusions list which covers things like:

Active Directory Database files (NTDS)

Active Directory sysvol

Windows Updates Databases

Windows Security Databases

Registry Database

Group Policy Database

NTFRS and DFSR Databases

IP Services Databases (DNS/DHCP/WINS)

Tis list has been compiled over time based in Microsoft KB Articles for Antivirus Exclusion recommendations.

%windir%\ntds\Ntds.dit

%windir%\ntds\Ntds.pat

%SystemRoot%\ntfrs\jet\log\edbres00001.jrs

%SystemRoot%\ntfrs\jet\log\edbres00002.jrs

%systemroot%\sysvol\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory\

%systemroot%\sysvol\staging\

%systemroot%\sysvol\staging areas\

%windir%\SoftwareDistribution\Datastore\Datastore.edb

%windir%\SoftwareDistribution\Datastore\Logs\Res*.log

%windir%\SoftwareDistribution\Datastore\Logs\Edb*.jrs

%windir%\SoftwareDistribution\Datastore\Logs\Edb.chk

%windir%\SoftwareDistribution\Datastore\Logs\Tmp.edb

%windir%\ntds\EDB*.log

%windir%\Security\Database\*.edb

%windir%\Security\Database\*.sdb

%windir%\Security\Database\*.log

%windir%\Security\Database\*.chk

%windir%\Security\Database\*.jrs

%allusersprofile%\NTUser.pol

%Systemroot%\System32\GroupPolicy\Registry.pol

%systemroot%\Sysvol\Domain\**\*.adm

%systemroot%\Sysvol\Domain\**\*.admx

%systemroot%\Sysvol\Domain\**\*.adml

%windir%\ntds\Res1.log

%systemroot%\Sysvol\Domain\**\Registry.pol

%systemroot%\Sysvol\Domain\**\*.aas

%systemroot%\Sysvol\Domain\**\*.inf

%systemroot%\Sysvol\Domain\**\FDeploy.inf

%systemroot%\Sysvol\Domain\**\Scripts.ini

%systemroot%\Sysvol\Domain\**\*.ins

%systemroot%\Sysvol\Domain\**\Oscfilter.ini

%systemdrive%\System Volume Information\DFSR\**\$db_normal$

%systemdrive%\System Volume Information\DFSR\**\FileIDTable_*

%systemdrive%\System Volume Information\DFSR\**\SimilarityTable_*

%windir%\ntds\Res2.log

%systemdrive%\System Volume Information\DFSR\**\*.xml

%systemdrive%\System Volume Information\DFSR\**\$db_dirty$

%systemdrive%\System Volume Information\DFSR\**\$db_lost$

%systemdrive%\System Volume Information\DFSR\**\Dfsr.db

%systemdrive%\System Volume Information\DFSR\**\Fsr.chk

%systemdrive%\System Volume Information\DFSR\**\*.frx

%systemdrive%\System Volume Information\DFSR\**\*.log

%systemdrive%\System Volume Information\DFSR\**\Fsr*.jrs

%systemdrive%\System Volume Information\DFSR\**\Tmp.edb

%systemroot%\System32\DHCP\*.mdb

%windir%\ntds\Temp.edb

%systemroot%\System32\DHCP\*.pat

%systemroot%\System32\DHCP\*.log

%systemroot%\System32\DHCP\*.chk

%systemroot%\System32\DHCP\*.edb

%systemroot%\System32\Dns\*.log

%systemroot%\System32\Dns\*.dns

%systemroot%\System32\Dns\BOOT\

%systemroot%\System32\Wins\*.chk

%systemroot%\System32\Wins\*.log

%systemroot%\System32\Wins\*.mdb

%windir%\ntds\Edb.chk

%windir%\SoftwareDistribution\Datastore\Logs\edb.log

%SystemRoot%\ntfrs\jet\sys\edb.chk

%SystemRoot%\ntfrs\jet\ntfrs.jdb

%SystemRoot%\ntfrs\jet\log\*.log

In addition to these default rules you could also declare Low-Risk processes (stuff you trust) such as Sqlservr.exe in the On-Access Low Risk Process policies.

Regards

Rich

Volunteer Moderator

Certified McAfee Product Specialist - ePO

View solution in original post

3 Replies

Re: ePO: Virus scanning recommendations for computers that are running Windows*

Jump to solution

Hi

Here is our standard exclusions list which covers things like:

Active Directory Database files (NTDS)

Active Directory sysvol

Windows Updates Databases

Windows Security Databases

Registry Database

Group Policy Database

NTFRS and DFSR Databases

IP Services Databases (DNS/DHCP/WINS)

Tis list has been compiled over time based in Microsoft KB Articles for Antivirus Exclusion recommendations.

%windir%\ntds\Ntds.dit

%windir%\ntds\Ntds.pat

%SystemRoot%\ntfrs\jet\log\edbres00001.jrs

%SystemRoot%\ntfrs\jet\log\edbres00002.jrs

%systemroot%\sysvol\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory\

%systemroot%\sysvol\staging\

%systemroot%\sysvol\staging areas\

%windir%\SoftwareDistribution\Datastore\Datastore.edb

%windir%\SoftwareDistribution\Datastore\Logs\Res*.log

%windir%\SoftwareDistribution\Datastore\Logs\Edb*.jrs

%windir%\SoftwareDistribution\Datastore\Logs\Edb.chk

%windir%\SoftwareDistribution\Datastore\Logs\Tmp.edb

%windir%\ntds\EDB*.log

%windir%\Security\Database\*.edb

%windir%\Security\Database\*.sdb

%windir%\Security\Database\*.log

%windir%\Security\Database\*.chk

%windir%\Security\Database\*.jrs

%allusersprofile%\NTUser.pol

%Systemroot%\System32\GroupPolicy\Registry.pol

%systemroot%\Sysvol\Domain\**\*.adm

%systemroot%\Sysvol\Domain\**\*.admx

%systemroot%\Sysvol\Domain\**\*.adml

%windir%\ntds\Res1.log

%systemroot%\Sysvol\Domain\**\Registry.pol

%systemroot%\Sysvol\Domain\**\*.aas

%systemroot%\Sysvol\Domain\**\*.inf

%systemroot%\Sysvol\Domain\**\FDeploy.inf

%systemroot%\Sysvol\Domain\**\Scripts.ini

%systemroot%\Sysvol\Domain\**\*.ins

%systemroot%\Sysvol\Domain\**\Oscfilter.ini

%systemdrive%\System Volume Information\DFSR\**\$db_normal$

%systemdrive%\System Volume Information\DFSR\**\FileIDTable_*

%systemdrive%\System Volume Information\DFSR\**\SimilarityTable_*

%windir%\ntds\Res2.log

%systemdrive%\System Volume Information\DFSR\**\*.xml

%systemdrive%\System Volume Information\DFSR\**\$db_dirty$

%systemdrive%\System Volume Information\DFSR\**\$db_lost$

%systemdrive%\System Volume Information\DFSR\**\Dfsr.db

%systemdrive%\System Volume Information\DFSR\**\Fsr.chk

%systemdrive%\System Volume Information\DFSR\**\*.frx

%systemdrive%\System Volume Information\DFSR\**\*.log

%systemdrive%\System Volume Information\DFSR\**\Fsr*.jrs

%systemdrive%\System Volume Information\DFSR\**\Tmp.edb

%systemroot%\System32\DHCP\*.mdb

%windir%\ntds\Temp.edb

%systemroot%\System32\DHCP\*.pat

%systemroot%\System32\DHCP\*.log

%systemroot%\System32\DHCP\*.chk

%systemroot%\System32\DHCP\*.edb

%systemroot%\System32\Dns\*.log

%systemroot%\System32\Dns\*.dns

%systemroot%\System32\Dns\BOOT\

%systemroot%\System32\Wins\*.chk

%systemroot%\System32\Wins\*.log

%systemroot%\System32\Wins\*.mdb

%windir%\ntds\Edb.chk

%windir%\SoftwareDistribution\Datastore\Logs\edb.log

%SystemRoot%\ntfrs\jet\sys\edb.chk

%SystemRoot%\ntfrs\jet\ntfrs.jdb

%SystemRoot%\ntfrs\jet\log\*.log

In addition to these default rules you could also declare Low-Risk processes (stuff you trust) such as Sqlservr.exe in the On-Access Low Risk Process policies.

Regards

Rich

Volunteer Moderator

Certified McAfee Product Specialist - ePO

View solution in original post

Re: ePO: Virus scanning recommendations for computers that are running Windows*

Jump to solution

Dear Rich, thanks a lot for your responde....it's very important to me.

But let me ask you this:

This list also is intended to use in SQL/WSUS/Exchange/PDC servers ???

Or for the above servers do I have to search the corresponding Microsoft KBs in order to exclude more files/folders from ePO ???

Thanks again, regards.

Re: ePO: Virus scanning recommendations for computers that are running Windows*

Jump to solution

Hi

I have just found this page which might help your discovery process

http://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.a...

Regards

Rich

Volunteer Moderator

Certified McAfee Product Specialist - ePO

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community