Home > Windows Servers > Recommended Anti Virus Exclusions

Recommended Anti Virus Exclusions

November 19th, 2008 Leave a comment Go to comments

All too often I run into corporate anti virus solutions without any exclusions configured. Exclusions are critical to ensuring that the real time scanners do not interfere with crucial Windows or application functions.

When the real time scanner of any anti virus application scans a file prior to reading or writing it, it locks the file to ensure it has exclusive access. If Windows attempts to access this file while it is locked by AV, seriously bad things can happen. I’ve had to restore more than one Active Directory and Exchange database because of this. Sadly, each case could have been avoided.

What follows are the virus exclusions recommended by Microsoft. Below each list is a reference KB article discussing the topic in greater detail.

Feel free to add your comments or links to other recommended exclusions. I’ll keep this post updated to maintain a comprehensive listing.

All Servers and Workstations

  • %windir%\SoftwareDistribution\Datastore

Reference: KB822158

Domain Controllers

  • %windir%\ntds
  • %windir%\ntfrs
  • %systemroot%\sysvol

Reference: KB822158

Exchange Server

  • Drive M (Only Exchange 2000)
  • Exchsrvr folder
  • %SystemRoot%\System32\Inetsrv

Reference: KB328841

IIS

  • %systemroot%\IIS Temporary Compressed Files(IIS 6)
  • %SystemDrive%\inetpub\temp\IIS Temporary Compressed Files (IIS 7)

Reference: KB817442

ISA Server

  • Program Files\Microsoft ISA Server

Reference: KB887311

Sharepoint

  • \Program Files\SharePoint Portal Server
  • \Program Files\Common Files\Microsoft Shared\Web Storage System
  • \Windows\Temp\Frontpagetempdir

Reference: KB320111

SQL Server

  • SQL Server data files: *.mdf, *.ldf, *.ndf
  • SQL Server backup files: *.bak, *.trn
  • Full text catalog files
  • Analysis Services: \Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Data
  • Analysis Services Backup: \Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Backup
  • Analysis Services Logs: \Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Log.
  • SQL Server Cluster
    • Q:\ (Quorum drive)
    • C:\windows\cluster

Reference: KB309422

Virtual Server

  • Vssrvc.exe process (Virtual Server 2005
  • Virtual PC.exe process (Virtual Server 2004)
  • File type exclusions: *.vhd, *.vmc, *.vsv, *.vud, *.vfd, *.iso

Reference: KB840193

MSMQ

  • %WinDir%\system32\MSMQ

References:

Categories: Windows Servers Tags:
  1. IJC
    July 14th, 2009 at 06:50 | #1
    Reply | Quote

    Consider adding %WinDir%\system32\MSMQ to your list for Microsoft Message Queueing.

  2. James
    July 22nd, 2009 at 00:52 | #2
    Reply | Quote

    I couldn’t verify that on Microsoft’s site, but I added it anyway. Better safe than sorry.

    Thanks!

  3. IJC
    August 26th, 2009 at 13:27 | #3
    Reply | Quote

    Actually, I found the MSMQ exclusion recommendations on Symantec’s website: http://seer.entsupport.symantec.com/docs/284807.htm

    They include some recommendations for their products which might tie nicely with your existing list. Thanks for maintaining this page by the way!

  4. James
    August 27th, 2009 at 10:30 | #4
    Reply | Quote

    Great! I’ve included that link in the references section.

    Thanks!