1. C:\Windows\TEMP\BootImages
and subfolders.
2. Directories:
%allusersprofile%\NTUser.pol
%systemroot%\system32\GroupPolicy\registry.pol
%windir%\Security\database\*.chk
%windir%\Security\database\*.edb
%windir%\Security\database\*.jrs
%windir%\Security\database\*.log
%windir%\Security\database\*.sdb
%windir%\SoftwareDistribution\Datastore\Datastore.edb
%windir%\SoftwareDistribution\Datastore\Logs\edb.chk
%windir%\SoftwareDistribution\Datastore\Logs\edb*.log
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00001.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00002.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Res1.log
%windir%\SoftwareDistribution\Datastore\Logs\Res2.log
%windir%\SoftwareDistribution\Datastore\Logs\tmp.edb
%programfiles%\Microsoft Configuration Manager\Inboxes\*.*
%programfiles(x86)%\Microsoft Configuration Manager\Inboxes\*.*
%systemroot%\system32\GroupPolicy\Machine\registry.pol"
%systemroot%\system32\GroupPolicy\User\registry.pol"
\SCCMContentLib
\SMSPKG
\SMSPKGC$
\SMSPKGSIG
\SMSSIG$
\Program Files\SMS_CCM\ServiceData
\Program Files\SMS_CCM\Logs
\Program Files\Microsoft Configuration Manager\Logs
\Program Files\Microsoft Configuration Manager\Install.map
\ConfigurationManager DB
\SMSPKGSIG
\SCCMContentLib
\Sources
\SCCMImages
\DatabaseBackup
\SMSPKGE$
\SMSPKGSIG
\SMSSIG$
3. Processes that will be excluded:
Configuration Manager 2012 processes that will be excluded are:
· Smsexec.exe
· Ccmexec.exe
· CmRcService.exe
· Sitecomp.exe
· Smswriter.exe
· Smssqlbbkup.exe
4. SQL Server Exclusion's:
SQL Server 2012 Processes exclude from virus scanning
· %ProgramFiles%\Microsoft SQL Server\MSSQL11. <InstanceName>\MSSQL\Binn\SQLServr.exe
· %ProgramFiles%\Microsoft SQL Server\MSRS11. <InstanceName>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
· %ProgramFiles%\Microsoft SQL Server\MSAS11. <InstanceName>\OLAP\Bin\MSMDSrv.exe
· SQL Server data files
· *.mdf
· *.ldf
· *.ndf
· SQL Server backup files
These files frequently have one of the following file-name extensions:
· *.bak
· *.trn
· Full-Text catalog files
· %Program Files%\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\FTData
· Analysis Services backup files
C:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Backup
C:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Log
5. IIS Exclusions:
* .ida
%systemroot%\IIS Temporary Compressed Files
%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files
6. WSUS Exclusions:
*.cab
\WSUS\WSUSContent
\WSUS\UpdateServicesDBFiles
\SoftwareDistribution\Datastore
\SoftwareDistribution\Download
Reference Links:
https://community.mcafee.com/thread/59504
http://www.systemcenterblog.nl/2012/05/09/anti-virus-scan-exclusions-for-configuration-manager-2012/
http://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx
http://support.microsoft.com/kb/309422
http://support.microsoft.com/kb/821749
http://support.microsoft.com/kb/817442
http://support.microsoft.com/kb/900638/en-us
http://technet.microsoft.com/en-us/library/dd939908(WS.10).aspx#av
McAfee Exclusions for workstations:
Turn off scanning of Windows Update or Automatic Update related files
· Turn off scanning of the Windows Update or Automatic Update database file (Datastore.edb). This file is located in the following folder:
%windir%\SoftwareDistribution\Datastore
· Turn off scanning of the log files that are located in the following folder:
%windir%\SoftwareDistribution\Datastore\Logs
Specifically, exclude the following files:
· Res*.log
· Edb*.jrs
· Edb.chk
· Tmp.edb
Turn off scanning of Windows Security files
· Add the following files in the %windir%\Security\Database path of the exclusions list:
· *.edb
· *.sdb
· *.log
· *.chk
· *.jrs
Turn off scanning of Group Policy related files
· Group Policy user registry information. These files are located in the following folder:
%allusersprofile%\
Specifically, exclude the following file:
NTUser.pol
· Group Policy client settings file. This file is located in the following folder:
%Systemroot%\System32\GroupPolicy\
Specifically, exclude the following file: Registry.pol
For the configuration manager clients the following exclusion will be added:
· %windir%ccmcache
\SoftwareDistribution\Datastore
\SoftwareDistribution\Download
Reference Links:
http://support.microsoft.com/kb/822158/en-us
0 Comments