3 Replies Latest reply on Apr 30, 2015 10:17 AM by Richard Carpenter

    ePO: Virus scanning recommendations for computers that are running Windows*

    alejandritox

      Dear, I'm workig with ePO 5.1.0 and I need to know if there is any exclusion recommendation list for Windows server by functionality as PDC, Exchange/Mail, SQL, etc.

       

      I know there are some related Microsoft KB's, but I want to know if there is something oriented to ePO...or do I have to read the Microsoft KB and after that exclude everything by hand?

       

      Thanks a lot.

        • 1. Re: ePO: Virus scanning recommendations for computers that are running Windows*
          Richard Carpenter

          Hi alejandritox

           

          Here is our standard exclusions list which covers things like:

           

          Active Directory Database files (NTDS)

          Active Directory sysvol

          Windows Updates Databases

          Windows Security Databases

          Registry Database

          Group Policy Database

          NTFRS and DFSR Databases

          IP Services Databases (DNS/DHCP/WINS)

           

          Tis list has been compiled over time based in Microsoft KB Articles for Antivirus Exclusion recommendations.

           

          %windir%\ntds\Ntds.dit

          %windir%\ntds\Ntds.pat

          %SystemRoot%\ntfrs\jet\log\edbres00001.jrs

          %SystemRoot%\ntfrs\jet\log\edbres00002.jrs

          %systemroot%\sysvol\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory\

          %systemroot%\sysvol\staging\

          %systemroot%\sysvol\staging areas\

          %windir%\SoftwareDistribution\Datastore\Datastore.edb

          %windir%\SoftwareDistribution\Datastore\Logs\Res*.log

          %windir%\SoftwareDistribution\Datastore\Logs\Edb*.jrs

          %windir%\SoftwareDistribution\Datastore\Logs\Edb.chk

          %windir%\SoftwareDistribution\Datastore\Logs\Tmp.edb

          %windir%\ntds\EDB*.log

          %windir%\Security\Database\*.edb

          %windir%\Security\Database\*.sdb

          %windir%\Security\Database\*.log

          %windir%\Security\Database\*.chk

          %windir%\Security\Database\*.jrs

          %allusersprofile%\NTUser.pol

          %Systemroot%\System32\GroupPolicy\Registry.pol

          %systemroot%\Sysvol\Domain\**\*.adm

          %systemroot%\Sysvol\Domain\**\*.admx

          %systemroot%\Sysvol\Domain\**\*.adml

          %windir%\ntds\Res1.log

          %systemroot%\Sysvol\Domain\**\Registry.pol

          %systemroot%\Sysvol\Domain\**\*.aas

          %systemroot%\Sysvol\Domain\**\*.inf

          %systemroot%\Sysvol\Domain\**\FDeploy.inf

          %systemroot%\Sysvol\Domain\**\Scripts.ini

          %systemroot%\Sysvol\Domain\**\*.ins

          %systemroot%\Sysvol\Domain\**\Oscfilter.ini

          %systemdrive%\System Volume Information\DFSR\**\$db_normal$

          %systemdrive%\System Volume Information\DFSR\**\FileIDTable_*

          %systemdrive%\System Volume Information\DFSR\**\SimilarityTable_*

          %windir%\ntds\Res2.log

          %systemdrive%\System Volume Information\DFSR\**\*.xml

          %systemdrive%\System Volume Information\DFSR\**\$db_dirty$

          %systemdrive%\System Volume Information\DFSR\**\$db_lost$

          %systemdrive%\System Volume Information\DFSR\**\Dfsr.db

          %systemdrive%\System Volume Information\DFSR\**\Fsr.chk

          %systemdrive%\System Volume Information\DFSR\**\*.frx

          %systemdrive%\System Volume Information\DFSR\**\*.log

          %systemdrive%\System Volume Information\DFSR\**\Fsr*.jrs

          %systemdrive%\System Volume Information\DFSR\**\Tmp.edb

          %systemroot%\System32\DHCP\*.mdb

          %windir%\ntds\Temp.edb

          %systemroot%\System32\DHCP\*.pat

          %systemroot%\System32\DHCP\*.log

          %systemroot%\System32\DHCP\*.chk

          %systemroot%\System32\DHCP\*.edb

          %systemroot%\System32\Dns\*.log

          %systemroot%\System32\Dns\*.dns

          %systemroot%\System32\Dns\BOOT\

          %systemroot%\System32\Wins\*.chk

          %systemroot%\System32\Wins\*.log

          %systemroot%\System32\Wins\*.mdb

          %windir%\ntds\Edb.chk

          %windir%\SoftwareDistribution\Datastore\Logs\edb.log

          %SystemRoot%\ntfrs\jet\sys\edb.chk

          %SystemRoot%\ntfrs\jet\ntfrs.jdb

          %SystemRoot%\ntfrs\jet\log\*.log

           

          In addition to these default rules you could also declare Low-Risk processes (stuff you trust) such as Sqlservr.exe in the On-Access Low Risk Process policies.

           

          Regards

          Rich

          Volunteer Moderator

          Certified McAfee Product Specialist - ePO

          • 2. Re: ePO: Virus scanning recommendations for computers that are running Windows*
            alejandritox

            Dear Rich, thanks a lot for your responde....it's very important to me.

             

            But let me ask you this:

             

            This list also is intended to use in SQL/WSUS/Exchange/PDC servers ???

             

            Or for the above servers do I have to search the corresponding Microsoft KBs in order to exclude more files/folders from ePO ???

             

            Thanks again, regards.

            • 3. Re: ePO: Virus scanning recommendations for computers that are running Windows*
              Richard Carpenter

              Hi alejandritox

               

              I have just found this page which might help your discovery process

               

              http://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-vi rus-exclusion-list.aspx

               

              Regards

              Rich

              Volunteer Moderator

              Certified McAfee Product Specialist - ePO