2 Replies Latest reply on Jun 29, 2012 4:50 PM by ncruz1980

    Preparing Windows Domain Controller for Agent 4.6 and VirusScan 8.8 SP1

      Hello everyone,

       

      I subscribed to this forum because I recently gained the responsibility of managing and maintaining ePO for our company. My very first wide project is to move everyone in the firm to Agent 4.6 and VirusScan 8.8 SP1.

      I read the best practices PDF provided by McAfee, but I was wondering what others are doing for preparing Domain Controllers to receive the Agent and VirusScan along with policies and client tasks. This task I would like to complete by end of week since none of our DC servers have been set properly by the previous admin, but I want to ensure things don’t get broken. We have many DCs in many locations (UK, Tokyo and multiple locations troughout the US). We have them all in one three (syncing from AD) which makes it very simple to apply policies and tasks, but again I would like to know what exclusions and best practices I should be concerned for.

       

      Thank you in advance.

       

      Message was edited by: ncruz1980 on 6/26/12 6:53:21 PM EDT
        • 1. Re: Preparing Windows Domain Controller for Agent 4.6 and VirusScan 8.8 SP1

          posted for 2 days and no activities. is anyone reading this?

          • 2. Re: Preparing Windows Domain Controller for Agent 4.6 and VirusScan 8.8 SP1

            Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows 2000, Windows XP, Windows Vista, or Windows 7

             

            Resources:
            http://support.microsoft.com/kb/822158
            https://kc.mcafee.com/corporate/index?page=content&id=KB57308

             

            • Turn off scanning of the Microsoft Forefront "tmp.edb" file and log file

            %windir%\SoftwareDistribution\Datastore\ tmp.edb

            %ProgramData%\Microsoft\Search\Data\Applications\Windows\*.log

             

            • Turn off scanning of Windows Update or Automatic Update related files

            %windir%\SoftwareDistribution\Datastore\ Datastore.edb

            %windir%\SoftwareDistribution\Datastore\Logs
            Res*.log

            Edb*.jrs

            Edb.chk

            Tmp.edb

             

            • Turn off scanning of Windows Security file

            %windir%\Security\Database path of the exclusions list:*.edb
            *.sdb
            *.log
            *.chk
            *.jrs

            • Turn off scanning of Group Policy related files

            %allusersprofile%\NTUser.pol

            %Systemroot%\System32\GroupPolicy\

            Registry.pol

            Turn off scanning of Active Directory-related files

            • Exclude the Main NTDS database files.

            HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\DSA Database File

            %windir%\Ntds.
            Specifically, exclude the following files:
            Ntds.dit and Ntds.pat

            • Active Directory Transaction Log Files
              HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\Database Log Files Path

            %windir%\Ntds. Specifically, exclude the following files:

            EDB*.log, Res*.log, Edb*.jrs, Ntds.pat

            • Working Folder

            HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\DSA Working Directory

            Specifically, exclude the following files:

            Temp.edb

            Edb.chk

            Turn off scanning of SYSVOL files, DFS and FRS.

             

            • The same resources that are excluded for a SYSVOL replica set must also be excluded when FRS or DFSR is used.
              HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Working Directory

            %windir%\Ntfrs.
            Exclude the following files that exist in the folder:

            edb.chk in the %windir%\Ntfrs\jet\sys folder

            Ntfrs.jdb in the %windir%\Ntfrs\jet folder

            *.log in the %windir%\Ntfrs\jet\log folder

            • FRS Log Database Log Files
              HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\Ntfrs\Parameters\DB Log File Directory

            %windir%\Ntfrs. Exclude the following files:

            Edb*.log
            FRS Working Dir\Jet\Log\Edb*.jrs

            • Staging Folder

            HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\NtFrs\Parameters\Replica Sets\GUID\Replica Set Stage

            %systemroot%\Sysvol\Staging areas

            Exclude the following files:

            Nntfrs_cmp*.*

            • Turn off scanning of files in the Sysvol\Sysvol folder. %systemroot%\Sysvol\Domain

            Exclude the following files from this folder and all its subfolders:

            *.adm

            *.admx

            *.adml

            Registry.pol

            *.aas

            *.inf

            Fdeploy.inf

            Scripts.ini

            *.ins

            Oscfilter.ini

            • Turn off scanning of files in the FRS Preinstall folder:

            Replica_root\DO_NOT_REMOVE_NtFrs_PreInstall_Directory

            %systemroot%\sysvol Exclude

            %systemroot%\sysvol\domain Scan

            %systemroot%\sysvol\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory Exclude

            %systemroot%\sysvol\domain\Policies Scan

            %systemroot%\sysvol\domain\Scripts Scan

            %systemroot%\sysvol\staging Exclude

            %systemroot%\sysvol\staging areas Exclude

            %systemroot%\sysvol\sysvol Exclude

            Ntfrs*.*

             

            • Turn off scanning of files in the DFSR database and working folders. HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\DFSR\Parameters\Replication Groups\GUID\Replica Set Configuration File=Path >

            %systemdrive%\System Volume Information\DFSR (Exclude the following files from this folder and all its subfolders)

            $db_normal$

            FileIDTable_*

            SimilarityTable_*

            *.xml

            $db_dirty$

            $db_lost$

            Dfsr.db

            Fsr.chk

            *.frx

            *.log

            Fsr*.jrs

            Tmp.edb

            • Turn off scanning of DHCP files

            %systemroot%\System32\DHCP (Exclude the following files from this folder and all its subfolders)

            *.mdb

            *.pat

            *.log

            *.chk

            *.edb

             

            HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCPServer\Parameters (Exclude the following files from this folder and all its subfolders)

            • Turn off scanning of DNS files

            %systemroot%\System32\Dns (Exclude the following files from this folder and all its subfolders)

            *.log

            *.dns

            BOOT

            • Turn off scanning of WINS files

            %systemroot%\System32\Wins

            *.chk

            *.log

            *.mdb