0 Replies Latest reply on Dec 11, 2008 4:41 AM by Quitch

    Microsoft update their recommended exclusions for Windows

    Quitch
      I thought this might be of interest to those of you responsible for AV, Microsoft have expanded their AV scanning exclusions:

      http://support.microsoft.com/kb/822158

      The revision date at the top appears to be incorrect, I check this article each time I setup a new PC and plenty of stuff in the first segment of exclusions has changed, and all that %windir%\security stuff is new too.

      The section is becoming quite a mess though, hope someone will clean it up. All I really want are a series of lines I can copy & paste.

      Having checked my Vista machine, it appears many of the files the article suggests are under %windir%\security are in fact within the subfolder called database. This makes me wonder whether those exclusions are supposed to be applied to subfolders, or if the article got the path wrong.

      Indeed, I can't find a security.sdb but there is a secedit.sdb file.

      Frankly that whole %windir%\security block is a mess. So far as I can tell the exclusions (based on Vista) should read:

      %windir%\Windows\security\database\edb.chk
      %windir%\Windows\security\database\edb.log (possibly edb*.log as the format seems to match SoftwareDistribution?)
      %windir%\Windows\security\database\edbres00001.jrs
      %windir%\Windows\security\database\edbres00002.jrs
      %windir%\Windows\security\database\Secedit.sdb
      %windir%\Windows\security\logs\*.log

      Having got my hands on an XP machine since it looks like the article's security block was written with only XP in mind, because in XP the files mentioned ARE at the root of the security folder (excluding the sdb file mentioned), while under Vista they're in the Database folder, therefore I would now use the following exclusions:

      Vista:

      %windir%\Windows\SoftwareDistribution\Datastore\Datastore.edb
      %windir%\Windows\SoftwareDistribution\Datastore\Logs\edb*.log
      %windir%\Windows\SoftwareDistribution\Datastore\Logs\Edbres00001.jrs
      %windir%\Windows\SoftwareDistribution\Datastore\Logs\Edbres00002.jrs
      %windir%\Windows\SoftwareDistribution\Datastore\Logs\Edb.chk
      %windir%\Windows\SoftwareDistribution\Datastore\Logs\Tmp.edb
      %windir%\Windows\security\database\edb.chk
      %windir%\Windows\security\database\edb*.log
      %windir%\Windows\security\database\edbres00001.jrs
      %windir%\Windows\security\database\edbres00002.jrs
      %windir%\Windows\security\database\tmp.edb
      %windir%\Windows\security\database\Secedit.sdb

      XP:

      %windir%\Windows\SoftwareDistribution\Datastore\Datastore.edb
      %windir%\Windows\SoftwareDistribution\Datastore\Logs\edb*.log
      %windir%\Windows\SoftwareDistribution\Datastore\Logs\res1.log
      %windir%\Windows\SoftwareDistribution\Datastore\Logs\res2.log
      %windir%\Windows\SoftwareDistribution\Datastore\Logs\Edb.chk
      %windir%\Windows\SoftwareDistribution\Datastore\Logs\Tmp.edb
      %windir%\Windows\security\edb.chk
      %windir%\Windows\security\edb*.log
      %windir%\Windows\security\res1.log
      %windir%\Windows\security\res2.log
      %windir%\Windows\security\tmp.edb
      %windir%\Windows\security\database\Secedit.sdb

      I'm still torn as to whether the article wants .log files under the logs subfolder excluded. I've submitted feedback in the hope they'll fix this mess of an article.

      EDIT: There's a space in the filepaths, be sure to remove it. It's not appearing in the edit view so I can't fix it.