Follow by Email

Wednesday, 9 September 2015

McAfee Exclusion's for Configuration Manager 2012

 

1. C:\Windows\TEMP\BootImages
and subfolders.

2. Directories:

%allusersprofile%\NTUser.pol
%systemroot%\system32\GroupPolicy\registry.pol
%windir%\Security\database\*.chk
%windir%\Security\database\*.edb
%windir%\Security\database\*.jrs
%windir%\Security\database\*.log
%windir%\Security\database\*.sdb
%windir%\SoftwareDistribution\Datastore\Datastore.edb
%windir%\SoftwareDistribution\Datastore\Logs\edb.chk
%windir%\SoftwareDistribution\Datastore\Logs\edb*.log
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00001.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00002.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Res1.log
%windir%\SoftwareDistribution\Datastore\Logs\Res2.log
%windir%\SoftwareDistribution\Datastore\Logs\tmp.edb
%programfiles%\Microsoft Configuration Manager\Inboxes\*.*
%programfiles(x86)%\Microsoft Configuration Manager\Inboxes\*.*
%systemroot%\system32\GroupPolicy\Machine\registry.pol"
%systemroot%\system32\GroupPolicy\User\registry.pol"
\SCCMContentLib
\SMSPKG
\SMSPKGC$
\SMSPKGSIG
\SMSSIG$
\Program Files\SMS_CCM\ServiceData
\Program Files\SMS_CCM\Logs
\Program Files\Microsoft Configuration Manager\Logs
\Program Files\Microsoft Configuration Manager\Install.map
\ConfigurationManager DB
\SMSPKGSIG
\SCCMContentLib
\Sources
\SCCMImages
\DatabaseBackup
\SMSPKGE$
\SMSPKGSIG
\SMSSIG$

3. Processes that will be excluded:

Configuration Manager 2012 processes that will be excluded are:

· Smsexec.exe

· Ccmexec.exe

· CmRcService.exe

· Sitecomp.exe

· Smswriter.exe

· Smssqlbbkup.exe

4. SQL Server Exclusion's:

SQL Server 2012 Processes exclude from virus scanning

· %ProgramFiles%\Microsoft SQL Server\MSSQL11. <InstanceName>\MSSQL\Binn\SQLServr.exe

· %ProgramFiles%\Microsoft SQL Server\MSRS11. <InstanceName>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe

· %ProgramFiles%\Microsoft SQL Server\MSAS11. <InstanceName>\OLAP\Bin\MSMDSrv.exe

· SQL Server data files

· *.mdf

· *.ldf

· *.ndf

· SQL Server backup files
     These files frequently have one of the following file-name extensions:

· *.bak

· *.trn

· Full-Text catalog files

· %Program Files%\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\FTData

· Analysis Services backup files
     C:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Backup
     C:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Log

5. IIS Exclusions:

* .ida

%systemroot%\IIS Temporary Compressed Files

%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files

6. WSUS Exclusions:

*.cab

\WSUS\WSUSContent
\WSUS\UpdateServicesDBFiles
\SoftwareDistribution\Datastore
\SoftwareDistribution\Download

Reference Links:

https://community.mcafee.com/thread/59504
http://www.systemcenterblog.nl/2012/05/09/anti-virus-scan-exclusions-for-configuration-manager-2012/
http://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx
http://support.microsoft.com/kb/309422
http://support.microsoft.com/kb/821749
http://support.microsoft.com/kb/817442
http://support.microsoft.com/kb/900638/en-us
http://technet.microsoft.com/en-us/library/dd939908(WS.10).aspx#av

McAfee Exclusions for workstations:

Turn off scanning of Windows Update or Automatic Update related files

· Turn off scanning of the Windows Update or Automatic Update database file (Datastore.edb). This file is located in the following folder:

%windir%\SoftwareDistribution\Datastore

· Turn off scanning of the log files that are located in the following folder:

%windir%\SoftwareDistribution\Datastore\Logs

Specifically, exclude the following files:

· Res*.log

· Edb*.jrs

· Edb.chk

· Tmp.edb

Turn off scanning of Windows Security files

· Add the following files in the %windir%\Security\Database path of the exclusions list:

· *.edb

· *.sdb

· *.log

· *.chk

· *.jrs

Turn off scanning of Group Policy related files

· Group Policy user registry information. These files are located in the following folder:

%allusersprofile%\

Specifically, exclude the following file:

NTUser.pol

· Group Policy client settings file. This file is located in the following folder:

%Systemroot%\System32\GroupPolicy\

Specifically, exclude the following file: Registry.pol

For the configuration manager clients the following exclusion will be added:

· %windir%ccmcache

\SoftwareDistribution\Datastore
\SoftwareDistribution\Download

Reference Links:
http://support.microsoft.com/kb/822158/en-us

 

https://social.technet.microsoft.com/Forums/en-US/753bddc0-0147-4b9a-901c-94e55d024850/sccm-2012-antivirus-exclusions-for-servers-and-workstations?forum=configmanagergeneral

No comments:

Post a Comment