I am looking for feedback/thoughts on the exclusions released by MS. Has anyone noticed any performance increase with these exclusions around Windows Updates/Group Policy? Have you strictly disregarded these exclusions?
Turn off scanning of Windows Update or Automatic Update related files
Turn off scanning of the Windows Update or Automatic Update database file (Datastore.edb). This file is located in the following folder:%windir%\SoftwareDistribution\Datastore
Turn off scanning of the log files that are located in the following folder:%windir%\SoftwareDistribution\Datastore\LogsSpecifically, exclude the following files:
The wildcard character (*) indicates that there may be several files.
Turn off scanning of Windows Security files
Add the following files in the %windir%\Security\Database path of the exclusions list:
Note If these files are not excluded, antivirus software may prevent proper access to these files, and security databases can become corrupted. Scanning these files can prevent the files from being used or may prevent a security policy from being applied to the files. These files should not be scanned because antivirus software may not correctly treat them as proprietary database files.
Turn off scanning of Group Policy related files
Group Policy user registry information. These files are located in the following folder:%allusersprofile%\Specifically, exclude the following file:NTUser.pol
Group Policy client settings files. These files are located in the following folder:%SystemRoot%\System32\GroupPolicy\Machine\ %SystemRoot%\System32\GroupPolicy\User\Specifically, exclude the following file:Registry.pol