NOTE: Process name exclusions could potentially prevent some dangerous programs from being detected. Therefore exclusions based on processes might expose to security issues and should be avoided.
As we are all aware, antivirus exclusions can affect monitoring data generated, and affect system performance.
Best practice is to implement specific exclusions.
Hopefully this table is helpful (my thanks to the PFE UK team blog)
Please consult your Security Team for approval.
| ExclusionsRole | MS | DB | GW | RS | Web | Agent |
| Folder | ||||||
| Management Server installation folder Default: “C:Program FilesMicrosoft System Center 2016Operations ManagerServer” |
* | |||||
| Agent installation folder Default: “C:Program FilesMicrosoft Monitoring Agent” |
* | * | ||||
| Gateway installation folder Default: “C:Program FilesMicrosoft System Center 2016Operations ManagerGateway” |
* | |||||
| Reporting installation folder Default: “C:Program FilesMicrosoft System Center 2016Operations ManagerReporting” |
* | |||||
| WebConsole installation folder Default: “C:Program FilesMicrosoft System Center 2016Operations ManagerWebConsole” |
* | |||||
| SQL Data installation folder Default: “C:Program FilesMicrosoft SQL ServerMSSQL.1x<INSTANCENAME>MSSQLData” |
* | |||||
| SQL Log installation folder Default: “C:Program FilesMicrosoft SQL ServerMSSQL.1x<INSTANCENAME>MSSQLLog” |
* | |||||
| SQL Reporting installation folder Default: “C:Program FilesMicrosoft SQL ServerMSRS.1x<INSTANCENAME> |
* | |||||
| File Types | ||||||
| EDB | * | * | * | * | * | |
| CHK | * | * | * | * | * | |
| LOG | * | * | * | * | * | |
| LDF | * | * | ||||
| MDF | * | * | ||||
| NDF | * | * | ||||
| Processes | ||||||
| CShost.exe | * | |||||
| HealthService.exe | * | * | * | * | * | * |
| Microsoft.Mom.Sdk.ServiceHost.exe | * | |||||
| MonitoringHost.exe | * | * | * | * | * | * |
| SQL Server Default: “C:Program FilesMicrosoft SQL ServerMSSQL1x.<Instance Name>MSSQLBinnSQLServr.exe” |
* | |||||
| SQL Reporting Services Default: “C:Program FilesMicrosoft SQL ServerMSRS1x.<Instance Name>Reporting ServicesReportServerBinReportingServicesService.exe” |
* | * |
Useful information for decoding the matrix
SCOM 2012/2012R2 KB975931 https://support.microsoft.com/en-us/help/975931/recommendations-for-antivirus-exclusions-that-relate-to-operations-manager
PFE UK team blog https://blogs.technet.microsoft.com/manageabilityguys/2013/11/26/system-center-2012-r2-operations-manager-anti-virus-exclusions/
Version mapping by folder (my thanks to StackOverFlow https://stackoverflow.com/questions/18753886/sql-server-file-names-vs-versions )
100 = SQL Server 2008 = 10.00.xxxx
105 = SQL Server 2008 R2 = 10.50.xxxx
110 = SQL Server 2012 = 11.00.xxxx
120 = SQL Server 2014 = 12.00.xxxx
130 = SQL Server 2016 = 13.00.xxxx