Académique Documents
Professionnel Documents
Culture Documents
http://blogs.technet.com/operationsmgr/archive/2009/01/22/anti-virus-sof...
1 of 2
5/20/2009 3:28 PM
The Operations Manager Support Team Blog : Anti-virus software may ca...
http://blogs.technet.com/operationsmgr/archive/2009/01/22/anti-virus-sof...
  Earlier today I posted about an issue we're seeing with some degree of frequency in our OpsMgr
Anonymous comments are disabled 2009 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks | Privacy Statement
2 of 2
5/20/2009 3:28 PM
http://blogs.msdn.com/nickmac/archive/2008/07/18/antivirus-exclusions-f...
Nick MacKechnie
Antivirus exclusions for Operations Manager 2007 Hi All, We had some customers ask what they should exclude in terms antivirus for Operations Manager 2007, I was passed this information from a colleage. 1. The database server could be treated similar to normal SQL servers. Guidelines for configuring AV software on SQL servers along with clustering considerations Some antivirus programs cause issues with MSCS, how to fully disable filter drivers from monitoring shared cluster disks. 2. For the application side, there is no official document for SCOM AV exclusions, however, the product team recommends you consider excluding the following folders: I. Operations Manager Server: \Program Files\System Center Operations Manager\...\Health Service State and all sub-directories %windir\temp% or other directory depends on the directory store for the ETL files (defined in starttracing.cmd) II. Operations Manager Agent: \Program Files\System Center Operations Manager\...\Health Service State and all sub-directories %windir\temp% or other directory depends on the directory store for the ETL files (defined in starttracing.cmd) III. Database server: OpsMgr /DW database directory and all other database directories IV. OpsMgr Console: \Documents and Settings\<USER>\Local Settings\...\Microsoft.MOM.UI.Console V. In addition to the following directories: %installdir%\Health Service State %installdir%\Config Service State %installdir%\SDK Service State %installdir%\tools\tmf %windir%\temp\OpsMgrTrace VI. Additionally, checking http://blogs.technet.com/kevinholman/archive/2007/12/12/antivirusexclusions-for-mom-and-opsmgr.aspx VII. A recommendation about excluding File Type Extension of EDB, CHK, and LOG from the AV scanning scope. Nick.
1 of 2
5/20/2009 3:29 PM
http://blogs.msdn.com/nickmac/archive/2008/07/18/antivirus-exclusions-f...
Published Friday, July 18, 2008 3:17 PM by nickmac Filed under: SCOM 2007, MOM, System Center, Operations, Antivirus
Comments
# OpsMgr 2007: Antivirus software may cause script failures in Operations Manager 2007
See this blog post for more details. For those of you who did not get a chance to deal with anti-virus Thursday, January 22, 2009 9:00 PM by Scott Moss at myITforum.com Anonymous comments are disabled
2009 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks | Privacy Statement
2 of 2
5/20/2009 3:29 PM
Kevin Holman's OpsMgr Blog : Antivirus Exclusions for MOM and OpsMgr
http://blogs.technet.com/kevinholman/archive/2007/12/12/antivirus-exclu...
Processes:
Excluding by process executable is very dangerous, in that it limits the control of scanning potentially dangerous les handled by the process, because it excludes any and all les involved. For this reason, unless absolutely necessary, we will not exclude any process executables in AV congurations for MOM servers. If you do want to exclude the processes they are documented below: MOM 2005 momhost.exe OpsMgr 2007 monitoringhost.exe
Exclusion by Directories:
Realtime, scheduled scanner and local scanner le extension specic exclusions for Operations Manager: The directories listed here are default application directories. You may need to modify these paths based on your client specic designs. Only the following MOM\OpsMgr related directories should be excluded. Important Note: When a directory to be excluded is greater than 8 characters in length, add both the short and long le names of the directory into the exclusion list. To traverse the subdirectories, this is required by some AV programs. SQL Database Servers: These include the SQL Server database les used by Operations Manager components as well as system database les for the master database and tempdb. To exclude these by directory, exclude the directory for the LDF and MDF les: Examples: C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data D:\MSSQL\DATA E:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Log
1 of 3
5/20/2009 3:29 PM
Kevin Holman's OpsMgr Blog : Antivirus Exclusions for MOM and OpsMgr
http://blogs.technet.com/kevinholman/archive/2007/12/12/antivirus-exclu...
MOM 2005 (management servers and agents): These include the queue and log les used by Operations Manager. Example: C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Operations Manager\
OpsMgr 2007 (management servers and agents): These include the queue and log les used by Operations Manager. Example: C:\Program Files\System Center Operations Manager 2007\Health Service State\Health Service Store
Notes:
Page les should also be excluded from any real time scanning. Published Wednesday, December 12, 2007 5:05 PM by kevinhol Filed under: agents
2 of 3
5/20/2009 3:29 PM
Kevin Holman's OpsMgr Blog : Antivirus Exclusions for MOM and OpsMgr
http://blogs.technet.com/kevinholman/archive/2007/12/12/antivirus-exclu...
Comment Notification If you would like to receive an email when updates are made to this post, please register here Subscribe to this post's comments using RSS
Comments
# Antivirus exclusions for Operations Manager 2007
Thursday, July 17, 2008 10:17 PM by Nick MacKechnie Hi All, We had some customers ask what they should exclude in terms antivirus for Operations Manager
# OpsMgr 2007: Antivirus software may cause script failures in Operations Manager 2007
Thursday, January 22, 2009 9:00 PM by Scott Moss at myITforum.com See this blog post for more details. For those of you who did not get a chance to deal with anti-virus
2009 Microsoft Corporation. All rights reserved. Terms of Use | Trademarks | Privacy Statement
3 of 3
5/20/2009 3:29 PM
Guidelines for choosing antivirus software to run on the computers that are...
http://support.microsoft.com/kb/309422/
Guidelines for choosing antivirus software to run on the computers that are running SQL Server
This article was previously published under Q309422
This article provides general guidelines to help you decide which type of antivirus software to run on the computers that are running SQL Server in your environment.
Microsoft strongly recommends that you individually assess the security risk for each computer that is running SQL Server in your environment and that you select the tools that are appropriate for the security risk level of each computer that is running SQL Server. Additionally, Microsoft recommends that before you roll out any virus protection project, test the whole system under a full load to measure any changes to stability and performance. Virus protection software requires some system resources to execute. You must perform testing before and after you install your antivirus software to determine if there is performance impact to the computer that is running SQL Server.
High-risk servers
Any server is at some risk of infection. The highest risk servers generally meet one or more of the following criteria: The servers are on the public Internet. The servers have open ports to servers that are not behind a firewall. The servers read or execute files from other servers. The servers run HTTP servers, such as Microsoft Internet Information Services (IIS) or Apache. (For example: SQL XML for SQL Server 2000.) The servers are also hosting file shares. The servers use SQL Mail to handle inbound or outbound e-mail messages. Servers that do not meet the criteria for a high-risk server are generally at a lower risk, although not always.
1 of 4
5/20/2009 5:04 PM
Guidelines for choosing antivirus software to run on the computers that are...
http://support.microsoft.com/kb/309422/
computer, typically without your consent. For more information about how to help protect the computer from spyware and unwanted software, visit the following Microsoft Web site: http://www.microsoft.com/protect Additionally, Microsoft /computer/spyware/default.mspx (http://www.microsoft.com/protect/computer/spyware/default.mspx) has released the Microsoft Windows Malicious Software Removal Tool to help remove specific, prevalent malicious software from computers that are running Microsoft Windows Server 2003, Microsoft Windows XP, or Microsoft Windows 2000. For more information about the Microsoft Windows Malicious Software Removal Tool, click the following article number to view the article in the Microsoft Knowledge Base: 890830 (http://support.microsoft.com/kb/890830/ ) The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows Vista, Windows Server 2003, Windows XP, or Windows 2000
2 of 4
5/20/2009 5:04 PM
Guidelines for choosing antivirus software to run on the computers that are...
http://support.microsoft.com/kb/309422/
Note By default, in Analysis Services 2005 and in Analysis Services 2008, the backup file location is the location that is specified by the BackupDir property. By default, this directory is C:\Program Files\Microsoft SQL Server\MSSQL.X \OLAP\Backup. You can change this directory in the Analysis Services instance properties. Any backup command can point to a different location. Or, the backup files may be copied elsewhere. The directory that holds Analysis Services log files Note By default, in Analysis Services 2005 and in Analysis Services 2008, the backup file location is the location that is specified by the LogDir property. By default, this directory is C:\Program Files\Microsoft SQL Server\MSSQL.X \OLAP\Log. Directories for any Analysis Services 2005 or Analysis Services 2008 partitions that are not stored in the default data directory When you create the partitions, these locations are defined in the Storage location section of the Processing and Storage Locations page of the Partition Wizard.
For updated security related information, Microsoft recommends that you subscribe to the security alert alias. To subscribe, visit the following Microsoft Web site, and then view the Security Bulletins To find general information regarding section: http://www.microsoft.com/security/ (http://www.microsoft.com/security/) SQL Server security, including best practices, various security models, and security bulletins, visit the following Microsoft Web site: http://www.microsoft.com/sql/technologies/security/default.mspx (http://www.microsoft.com/sql/technologies
/security/default.mspx)
For more information about additional antivirus considerations on a cluster, click the following article 250355 (http://support.microsoft.com/kb/250355/ ) Antivirus
number to view the article in the Microsoft Knowledge Base: software may cause problems with Cluster services
APPLIES TO
Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft Microsoft SQL SQL SQL SQL SQL SQL SQL SQL SQL SQL SQL SQL SQL SQL SQL SQL Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server Server 7.0 Standard Edition 2000 Developer Edition 2000 Enterprise Edition 2000 Enterprise Edition 64-bit 2000 Personal Edition 2000 Standard Edition 2005 Standard Edition 2005 Developer Edition 2005 Enterprise Edition 2005 Express Edition 2005 Workgroup Edition 2008 Developer 2008 Enterprise 2008 Standard 2008 Web 2008 Workgroup
3 of 4
5/20/2009 5:04 PM
Guidelines for choosing antivirus software to run on the computers that are...
http://support.microsoft.com/kb/309422/
2009 Microsoft
4 of 4
5/20/2009 5:04 PM
Antivirus software that is not cluster-aware may cause problems with Clus...
http://support.microsoft.com/kb/250355
Article ID: 250355 - Last Review: February 18, 2009 - Revision: 5.0
Antivirus software that is not cluster-aware may cause problems with Cluster Services
This article was previously published under Q250355
Antivirus software that is not cluster-aware may cause unexpected problems on a server that is running Cluster Services. For example, you may experience resource failures or problems when you try to move a group to a different node.
Warning This workaround may make a computer or a network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk. Note Antivirus software helps protect your computer from viruses. You must not download or open files from sources that you do not trust, visit Web sites that you do not trust, or open e-mail attachments when the antivirus software is disabled. For more information about computer viruses, click the following article number to view the article in the Microsoft Knowledge Base: 129972 (http://support.microsoft.com/kb/129972/ ) Computer viruses: description, prevention, and recovery Most antivirus software uses filter drivers (device drivers) that work together with a service to scan for viruses. These filter drivers reside above the file system recognizer and scan files as they are opened and closed on a local hard disk. Antivirus software may not understand the shared disk model and may not correctly allow for failover. If you are troubleshooting failover issues or general problems with a Cluster services and antivirus software is installed, temporarily uninstall the antivirus software or check with the manufacturer of the software to determine whether the antivirus software works with Cluster services. Just disabling the antivirus software is insufficient in most cases. Even if you disable the antivirus software, the filter driver is still loaded when you restart the computer. For more information about how to fully disable antivirus software, click the following article number to view the article in the Microsoft Knowledge Base: 240309 (http://support.microsoft.com/kb/240309/ ) How to fully disable antivirus software from filtering files Even if you are not monitoring the shared disk, the filter drivers are still loaded and may affect the operation of the cluster. You can run antivirus software on a SQL Server cluster. However, you must make sure that the antivirus software is clusteraware. Contact your antivirus software vendor about cluster-aware versions and interoperability. Additionally, you should exclude the following file system locations from virus scanning on a server that is running Cluster Services: The path of the \mscs folder on the quorum hard disk. For example, exclude the Q:\mscs folder from virus scanning. The %Systemroot%\Cluster folder. The temp folder for the Cluster Service account. For example, exclude the \clusterserviceaccount\Local Settings\Temp folder from virus scanning.
For more information about running antivirus software on servers that are running SQL Server, click the following article number to view the article in the Microsoft Knowledge Base: 309422 (http://support.microsoft.com/kb/309422/ ) Guidelines for choosing antivirus software to run on the computers that are running SQL Server
APPLIES TO
1 of 2
5/20/2009 5:05 PM
Antivirus software that is not cluster-aware may cause problems with Clus...
http://support.microsoft.com/kb/250355
Server 2003, Enterprise Edition (32-bit x86) Server 2003, Datacenter Edition (32-bit x86) 2000 Advanced Server 2000 Datacenter Server NT Server 4.0 Enterprise Edition
2009 Microsoft
2 of 2
5/20/2009 5:05 PM