SCCM 2012 Antivirus Exclusions for Servers and Workstations

Hii,

Just sharing the antivirus exclusions for Configuration Manager 2012 Servers and workstations as well.

Please share if anything is missing.

 

McAfee Exclusion's for Configuration Manager 2012:

 

1. C:\Windows\TEMP\BootImages
and subfolders.

2. Directories:

%allusersprofile%\NTUser.pol
%systemroot%\system32\GroupPolicy\registry.pol
%windir%\Security\database\*.chk
%windir%\Security\database\*.edb
%windir%\Security\database\*.jrs
%windir%\Security\database\*.log
%windir%\Security\database\*.sdb
%windir%\SoftwareDistribution\Datastore\Datastore.edb
%windir%\SoftwareDistribution\Datastore\Logs\edb.chk
%windir%\SoftwareDistribution\Datastore\Logs\edb*.log
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00001.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00002.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Res1.log
%windir%\SoftwareDistribution\Datastore\Logs\Res2.log
%windir%\SoftwareDistribution\Datastore\Logs\tmp.edb
%programfiles%\Microsoft Configuration Manager\Inboxes\*.*
%programfiles(x86)%\Microsoft Configuration Manager\Inboxes\*.*
%systemroot%\system32\GroupPolicy\Machine\registry.pol"
%systemroot%\system32\GroupPolicy\User\registry.pol"
\SCCMContentLib
\SMSPKG
\SMSPKGC$
\SMSPKGSIG
\SMSSIG$
\Program Files\SMS_CCM\ServiceData
\Program Files\SMS_CCM\Logs
\Program Files\Microsoft Configuration Manager\Logs
\Program Files\Microsoft Configuration Manager\Install.map
\ConfigurationManager DB
\SMSPKGSIG
\SCCMContentLib
\Sources
\SCCMImages
\DatabaseBackup
\SMSPKGE$
\SMSPKGSIG
\SMSSIG$

3. Processes that will be excluded:

Configuration Manager 2012 processes that will be excluded are:

  • Smsexec.exe
  • Ccmexec.exe
  • CmRcService.exe
  • Sitecomp.exe
  • Smswriter.exe
  • Smssqlbbkup.exe

4. SQL Server Exclusion's:

SQL Server 2012 Processes exclude from virus scanning

  • %ProgramFiles%\Microsoft SQL Server\MSSQL11. <InstanceName>\MSSQL\Binn\SQLServr.exe
  • %ProgramFiles%\Microsoft SQL Server\MSRS11. <InstanceName>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
  • %ProgramFiles%\Microsoft SQL Server\MSAS11. <InstanceName>\OLAP\Bin\MSMDSrv.exe
  • SQL Server data files
        
        
    • *.mdf
    • *.ldf
    • *.ndf
  • SQL Server backup files
        
         These files frequently have one of the following file-name extensions:
    • *.bak
    • *.trn
  • Full-Text catalog files
    • %Program Files%\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\FTData
             
  • Analysis Services backup files
        
         C:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Backup
         C:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Log

5. IIS Exclusions:

* .ida

%systemroot%\IIS Temporary Compressed Files

%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files

6. WSUS Exclusions:

*.cab

\WSUS\WSUSContent
\WSUS\UpdateServicesDBFiles
\SoftwareDistribution\Datastore
\SoftwareDistribution\Download

Reference Links:

https://community.mcafee.com/thread/59504
http://www.systemcenterblog.nl/2012/05/09/anti-virus-scan-exclusions-for-configuration-manager-2012/
http://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx
http://support.microsoft.com/kb/309422
http://support.microsoft.com/kb/821749
http://support.microsoft.com/kb/817442
http://support.microsoft.com/kb/900638/en-us
http://technet.microsoft.com/en-us/library/dd939908(WS.10).aspx#av

McAfee Exclusions for workstations:

Turn off scanning of Windows Update or Automatic Update related files

  • Turn off scanning of the Windows Update or Automatic Update database file (Datastore.edb). This file is located in the following folder:

%windir%\SoftwareDistribution\Datastore

  • Turn off scanning of the log files that are located in the following folder:

%windir%\SoftwareDistribution\Datastore\Logs

Specifically, exclude the following files:

  • Res*.log
  • Edb*.jrs
  • Edb.chk
  • Tmp.edb

Turn off scanning of Windows Security files

  • Add the following files in the %windir%\Security\Database path of the exclusions list:
    • *.edb
    • *.sdb
    • *.log
    • *.chk
    • *.jrs

Turn off scanning of Group Policy related files

  • Group Policy user registry information. These files are located in the following folder:

%allusersprofile%\

Specifically, exclude the following file:

NTUser.pol

  • Group Policy client settings file. This file is located in the following folder:

%Systemroot%\System32\GroupPolicy\

Specifically, exclude the following file: Registry.pol

For the configuration manager clients the following exclusion will be added:

  • %windir%ccmcache

\SoftwareDistribution\Datastore
\SoftwareDistribution\Download

Reference Links:
http://support.microsoft.com/kb/822158/en-us

December 12th, 2013 4:54pm
Thanks for sharing this.. Many people will find this useful.
Free Windows Admin Tool Kit Click here and download it now
December 14th, 2013 5:03pm
Thank you for the comment :)
December 16th, 2013 3:28pm

Hello Syed

No suggestions we found to exclude \SoftwareDistribution\Download, so is it required to exclude the folder?
Free Windows Admin Tool Kit Click here and download it now
August 9th, 2015 6:32am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics