Anti-virus Scan Exclusions for SCCM
I've not seen an official list, but I'd exclude the entire folder that you installed Configuration Manager to, both server roles and client. I know for SMS 2003 ITMU we had a release note on it for clients.
April 12th, 2008 6:26am

Thanks for the update! I also found some info online suggesting to exclude the folder that the SCCM inbox sits in
Free Windows Admin Tool Kit Click here and download it now
May 14th, 2008 9:04pm

That would be included in the path I said "The entire path Configuration Manager is installed to" :-)
May 15th, 2008 1:40am

There is a template white paper kicking around that details all sorts of anti-virus exclusions for Microsoft products. It had up to SMS 2003, but I'm guessing you can roughly use the same folders for ConfigMgr. It used to be hosted on, but it looks as if the link is now gone. I can send you a copy off line if you like.Tom Watson
Free Windows Admin Tool Kit Click here and download it now
June 18th, 2008 10:04am check that blog out as well... Mike D.
July 7th, 2008 7:35pm

This one?
Free Windows Admin Tool Kit Click here and download it now
July 7th, 2008 8:31pm

Deep in the bowels of the SCCM 2007 online documentation is the recommendations for improving SCCM performance. No specific section in the document addresses antivirus exclusions exclusively. Nor do they provide the exact paths to exclude. They leave you to figure this out on your own, and that can be fun if your using x64 platforms with x86 information, or your admin setup customized paths. 1st article applies to SMS 2003 and below, so I am not 100% if that applies but it may be relevant piece of information comes directly from the SCCM documentation and it's located here. Dig down until you get into the performance section and they will generically say exclude the inbox directories. SCCM accesses this location frequently, and it can cause serious performance issues with Disk and CPU utilization.'s some general steps to test if the exclusion works properly:1. Duplicate the EICAR antivirus test string and put it in a text file (disable AV while doing this). Test string can be found here: Place the test string file in the folder you desire to be excluded (assuming your excluding a directory). 3. Enable your antivirus and run a full SYSTEM SCAN, not a On-Demand directory scan of the excluded location. On-Demand type scans will likely ignore the exclusion you setup.If nothing is detected, you exclusion should be setup properly. You can verify by doing a scan on the actual excluded director, or you can remove the exclusion and rescan (time consuming but worth it).I have seen other recommendations and have written some in the McAfee antivirus forums. Good place to look for consolidated exclusion recommenations btw...Regards,Robertp.s. Don't forget to setup your SQL and SCCM client exclusions
January 6th, 2010 9:12pm

so with Article 1 from Robert's post, show reflection to 2 and 2k3, i guess excluding the entire CM folder? and how about the Patch folders? we are in the midst of deploying the upgrade of our AV solution and i have asked them to exclude our SCCM for now until i can find an answer on exclusions. thomas gonzalez
Free Windows Admin Tool Kit Click here and download it now
April 9th, 2010 8:00pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics