We have provided numerous additions and features to the Configuration Manager with the Current Branch model. As a result of the changes, you may have noticed your Antivirus exclusions may need to be updated. I hope this will provide you will important exclusions that are recommended you should implement within your environment.
This post is a complimentary resource to what Clifton Hughes (PFE) had posted in a previous blog with recommended Antivirus exclusions for a System Center 2012 Configuration Manager environment.
https://blogs.technet.microsoft.com/systemcenterpfe/2013/01/11/updated-system-center-2012-configuration-manager-antivirus-exclusions-with-more-details-on-osd-and-boot-images-etc/
The following details cover what you should be excluded in your environment. This is applicable to ConfigMgr version 1702 and below.
Specific details on variables:
<InstallDrive> can be multiple drives in some environments, so it is best to use a wildcard if possible for whatever Antivirus solution you have deployed in your environment. Please refer to your vendor’s documentation for further instructions.
<InstanceName> is the name of the SQL instance you are using in your environment. Please be aware if you use named instances or the default, “MSSQLServer“.
<SQL Version> is the version of SQL you are using in your environment. Please be aware what version you have installed. Example for SQL Server 2012: MSSQL11
Core Directories Exclusions
- %allusersprofile%NTUser.pol
- %windir%Securitydatabase*.chk
- %windir%Securitydatabase*.edb
- %windir%Securitydatabase*.jrs
- %windir%Securitydatabase*.log
- %windir%Securitydatabase*.sdb
- %windir%SoftwareDistributionDatastoreDatastore.edb
- %windir%SoftwareDistributionDatastoreLogsedb.chk
- %windir%SoftwareDistributionDatastoreLogsedb*.log
- %windir%SoftwareDistributionDatastoreLogsEdbres00001.jrs
- %windir%SoftwareDistributionDatastoreLogsEdbres00002.jrs
- %windir%SoftwareDistributionDatastoreLogsRes1.log
- %windir%SoftwareDistributionDatastoreLogsRes2.log
- %windir%SoftwareDistributionDatastoreLogstmp.edb
- %systemroot%system32GroupPolicyregistry.pol
- %systemroot%system32GroupPolicyMachineregistry.pol“
- %systemroot%system32GroupPolicyUserregistry.pol“
SCCM Core Installation Exclusions
- <InstallDrive>Program FilesMicrosoft Configuration Managercd.latest
- <InstallDrive>Program FilesMicrosoft Configuration ManagerClient
- <InstallDrive>Program FilesMicrosoft Configuration ManagerClientUpgrade
- <InstallDrive>Program FilesMicrosoft Configuration ManagerCMProviderLog
- <InstallDrive>Program FilesMicrosoft Configuration ManagerCMUClient
- <InstallDrive>Program FilesMicrosoft Configuration ManagerCMUStaging
- <InstallDrive>Program FilesMicrosoft Configuration ManagerEasySetupPayload
- <InstallDrive>Program FilesMicrosoft Configuration ManagerInboxes*.*
- <InstallDrive>Program FilesMicrosoft Configuration ManagerInstall.map
- <InstallDrive>Program FilesMicrosoft Configuration ManagerLogs
- <InstallDrive>Program FilesMicrosoft Configuration ManagerPilotingUpgrade
- <InstallDrive>Program FilesSMS_CCMLogs
- <InstallDrive>Program FilesSMS_CCMServiceData
SCCM Content Library Exclusions
- <InstallDrive>SMSPKG
- <InstallDrive>SMSPKGC$
- <InstallDrive>SMSPKGE$
- <InstallDrive>SMSPKGSIG
- <InstallDrive>SMSSIG$
- <InstallDrive>SCCMContentLib
- <InstallDrive><ConfigMgr Package Source Files>
- Ex. D:SCCMSource
- <InstallDrive><ConfigMgr OSD Images>
- Ex. D:SCCMImages
- <InstallDrive><ConfigMgr Backup Directory>
- Ex. D:SCCMBackup
SCCM Imaging Exclusions
- %windir%TEMPBootImages
- Include sub-folders
- <X:>ConfigMgr_OfflineImageServicing
- Include sub-folders
- %SystemDrive%_SMSTaskSequence
SCCM Processes Exclusions
- Smsexec.exe
- Ccmexec.exe
- CmRcService.exe
- Sitecomp.exe
- Smswriter.exe
- Smssqlbbkup.exe
- Wmiprvse.exe
SCCM SQL Server Exclusions
- SQL Server Processes Exclusions
- SQLServer.exe
- <InstallDrive>Microsoft SQL Server<SQL Version>. <InstanceName>MSSQLBinnSQLServr.exe
- ReportingServicesService.exe
- <InstallDrive>Microsoft SQL Server<SQL Version>. <InstanceName>Reporting ServicesReportServerBinReportingServicesService.exe
- MSMDSrv.exe
- <InstallDrive>Microsoft SQL Server<SQL Version>. <InstanceName>OLAPBinMSMDSrv.exe
- SQLServer.exe
- SQL Server data files
- *.mdf
- *.ldf
- *.ndf
- SQL Server backup files
- *.bak
- *.trn
- SQL Audit files
- *.sqlaudit
- *.sql
- Full-Text catalog files
- <InstallDrive>Microsoft SQL Server<SQL Version>. <InstanceName>MSSQLFTData
- Analysis Services backup files
- <InstallDrive>Microsoft SQL ServerMSSQL.XOLAPBackup
- <InstallDrive>Microsoft SQL ServerMSSQL.XOLAPLog
- If you are running antivirus software on a cluster, make sure you include these locations
- <Quorum Drive> (Ex. Q:)
- %windir%Cluster
SCCM IIS Exclusions
- * .ida
- %SystemDrive%inetpubtempIIS Temporary Compressed Files
SCCM WSUS Exclusions
- *.cab
- <InstallDrive>WSUSWSUSContent
- <InstallDrive>WSUSWSUSTemp
- <InstallDrive>WSUSUpdateServicesDBFiles
- <InstallDrive>SoftwareDistributionDatastore
- <InstallDrive>SoftwareDistributionDownload
I must thank our very own Kevin Kasalonis (PFE), Cameron Cox (PFE), and Santos Martinez (PFE) who were gracious enough to allow me to post in this blog.
Thank you!
Brandon McMillan, PFE, SCCM
References:
- http://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx
- https://blogs.technet.microsoft.com/systemcenterpfe/2013/01/11/updated-system-center-2012-configuration-manager-antivirus-exclusions-with-more-details-on-osd-and-boot-images-etc/
- https://blogs.technet.microsoft.com/configurationmgr/2010/11/30/configmgr-2007-antivirus-scan-and-exclusion-recommendations/
- http://support.microsoft.com/kb/309422
- http://support.microsoft.com/kb/821749
- http://support.microsoft.com/kb/817442
- http://support.microsoft.com/kb/900638/en-us
- http://support.microsoft.com/kb/822158/en-us
Disclaimer: The information on this site is provided “AS IS” with no warranties, confers no rights, and is not supported by the authors or Microsoft Corporation. Use of any included script samples are subject to the terms specified in the Terms of Use.