Virus Scan Exclusions For Microsoft Products

Virus Scan Exclusions for Microsoft Products
One of phases in implementation of complex antimalware protection system is creating of antivirus policies
and related procedures where virus scanning tasks will exist as one of points. But scanning of all objects
could be the cause of potential instability of system. Thats why some vendors provide information what
files, folders, processes and file extensions could be excluded from scanning. Its not a strict
recommendation but possible workaround because from another point of view such exclusions lead to less
safety of system. So the real goal is the balance between safety and stability.

You could also face with these questions during maintenance phase or when new product is added to the
protection scope. These questions are rather important and sometimes it takes more time to make decision
on them than to deploy antivirus software itself.

This article describes exclusions provided by Microsoft for its products. Kaspersky Anti-Virus 6.0 MP4 for
Windows Workstations (KAV WKS) and Kaspersky Anti-Virus 6.0 MP4 for Windows Servers (KAV FS) are
considered when we are talking about antivirus software. Transport level or product aware scanners like
Kaspersky Anti-Virus for Microsoft ISA Server and Kaspersky Security for Microsoft Exchange Server are out
of scope of this document. For protection of some server products its recommended to disable firewall
component of antivirus software but KAV FS does not have this component opposite to KAV WKS which has
it (Anti-Hacker module). All recommendations are given for default paths. If you use non default locations
than you should adjust these settings. All settings should be applied temporary at first to evaluate a system.

In the current article you can find exclusions for:
- Windows operating systems (from Windows 2000 to Windows 7 and Windows 2008 R2).
- Domain controllers.
- DHCP, DNS and WINS servers.
- IIS 6.0/7.0 servers.
- WSUS servers.
- Cluster servers.
- SQL 2000/2005/2008 servers.
- ISA and Forefront servers (ISA 2000/2004/2006, TMG 2010, IAG 2007, UAG 2010).
- System Center products (SMS 2003, SCCM 2007, MOM 2005, SCOM 2007, SCDPM 2007).
- SharePoint Servers 2001/2003/2007 and Services 3.0.
- Hyper-V servers.
- Exchange 2003/2007/2010 servers.
- BizTalk 2004 servers.

Information about how to add these exclusions is located at the end of article.

General Exclusions for Microsoft Windows 2008 R2, Windows 2008, Windows 2003 R2, Windows 2003,
Windows 2000, Windows 7, Windows Vista and Windows XP

Windows Updates or Automatic Updates related files (database).
Exclude:
%windir%\SoftwareDistribution\Datastore\Datastore.edb

Windows Updates or Automatic Updates related files (logs).
Exclude:
%windir%\SoftwareDistribution\Datastore\Logs\Res*.log
%windir%\SoftwareDistribution\Datastore\Logs\Res*.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Edb.chk
%windir%\SoftwareDistribution\Datastore\Logs\Tmp.edb

Windows Security files - scanning of these files may prevent security policy from being applied.
Exclude:
%windir%\Security\Database\*.edb
%windir%\Security\Database\*.sdb
%windir%\Security\Database\*.log
%windir%\Security\Database\*.chk
%windir%\Security\Database\*.jrs

Group Policy related files.
Exclude:
%allusersprofile%\NTUser.pol
%Systemroot%\System32\GroupPolicy\Registry.pol

Print Spooler (service which manages print queues and controls printing jobs).
Exclude spoolsv.exe process

Paging file (which is an important part of virtual memory implementation).
Exclude pagefile.sys

MSMQ (which is a messaging protocol that allows applications running on separate servers to
communicate in a failsafe manner).
Exclude:
%SystemRoot%\system32\MSMQ\
%SystemRoot%\system32\MSMQ\storage

Please use this link for more detailed information.

Domain Controllers on Microsoft Windows 2008 R2, Windows 2008, Windows 2003 R2, Windows 2003,
Windows 2000

Active Directory related files (NTDS database).
Exclude:
%windir%\Ntds\Ntds.dit
%windir%\Ntds\Ntds.pat

Non default path could be found here:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\DSA Database File

Active Directory related files (transaction logs).
Exclude:
%windir%\Ntds\EDB*.log
%windir%\Ntds\Res*.log
%windir%\Ntds\Res*.jrs

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\DSA Working Directory

Active Directory related files (NTDS working directory).
Exclude:
%windir%\Ntds\Temp.edb
%windir%\Ntds\Edb.chk

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\DSA Working Directory

Sysvol files (FRS working directory) System volume is a shared folder that stores public files (elements
of Group Policy, scripts, etc) distributed to other domain controllers via File Replication service.
Exclude:
%windir%\Ntfrs\edb.chk
%windir%\Ntfrs\Ntfrs.jdb
%windir%\Ntfrs\*.log

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Working Directory

Sysvol files (FRS database logs) are located in %windir%\Ntfrs.
Exclude:
Eedb*.log (if the registry key is not set)
FRS Working Dir\Jet\Log\Edb*.jrs (Windows 2008 and Windows 2008 R2)

HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\Ntfrs\Parameters\DB Log File Directory

Sysvol files (staging files).
Exclude:
%systemroot%\Sysvol\Staging areas\Nntfrs_cmp*.*

HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\NtFrs\Parameters\Replica Sets\GUID\Replica
Set Stage

Sysvol subfolder.
Default location is %systemroot%\Sysvol\Sysvol.

Exclude the following files from this folder and all its subfolders:
*.adm
*admx
*.adml
Registry.pol
*.aas
*.inf
Fdeploy.inf
Scripts.ini
*.ins
Oscfilter.ini

Sysvol files (FRS preinstall directory).
Exclude:
%windir%\sysvol\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory.

DFS files (database, logs and working folders) Distributed File System technology offers WAN friendly
replication and simplified fault-tolerant access to geographically dispersed files.
Default location is %systemdrive%\System Volume Information\DFSR.

$db_normal$
FileIDTable_2
SimilarityTable_2
*.xml
$db_dirty$
Dfsr.db
Fsr.chk
*.frx
*.log
Fsr*.jrs
Tmp.edb

HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\DFSR\Parameters\Replication
Groups\GUID\Replica Set Configuration File=Path >


DHCP Servers

By default DHCP related files are located in %systemroot%\System32\DHCP.

*.mdb
*.pat
*.log
*.chk
*.edb

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCPServer\Parameters


DNS Servers

By default DNS related files are located in %systemroot%\System32\Dns.

*.log
*.dns
BOOT


WINS Servers

By default WINS related files are located in %systemroot%\System32\Wins.

*.chk
*.log
*.mdb


IIS Servers 6.0/7.0

Exclude:
%systemroot%\IIS Temporary Compressed Files (IIS 6.0)
%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files (IIS 7.0)
%systemroot%\system32\inetsrv


WSUS Servers

Exclude:
Wsusscan.cab
Wsusscn2.cab


Cluster Servers (MSCS)

Exclude:
MSCS folder on quorum disk.
%Systemroot%\Cluster
\clusterserviceaccount\Local Settings\Temp (temp folder for Cluster Service account)


SQL Servers 2000/2003/2008

Exclude data files:
*.mdf
*.ndf

Exclude logs:
*.ldf

Exclude backup files:
*.bak
*.trn

Exclude full-text catalog files:
FTData folders

Exclude Analysis Services data:
%ProgramFiles%\Microsoft SQL Server\MSSQL.X\OLAP

Exclude Analysis Services backup files:
%ProgramFiles%\Microsoft SQL Server\MSSQL.X\OLAP\Backup

Exclude Analysis Services logs:
%ProgramFiles%\Microsoft SQL Server\MSSQL.X\OLAP\Log


ISA and Forefront Servers

This section contains information about:
- Internet Security and Acceleration (ISA) Server 2000/2004/2006 Standard/Enterprise Editions.
- Intelligent Application Gateway (IAG) 2007.
- Forefront Threat Management Gateway (TMG) Medium Business Edition.
- Forefront Threat Management Gateway (TMG) 2010.
- Forefront Unified Access Gateway (UAG) 2010.

General exclusions:
- Applications working directory
- Logs
- Configuration storage
- Cache storage
- Applications processes
- General folders and files mentioned in sections above
- ISA/Forefront-aware antivirus program folders.

ISA 2000.
Exclude paths:
%ProgramFiles%\Microsoft ISA Server
%ProgramFiles%\Microsoft ISA Server\ISALogs
ISA Server Web cache

Exclude processes:
%ProgramFiles%\Microsoft ISA Server\dailysum.exe
%ProgramFiles%\Microsoft ISA Server\repgen.exe
%ProgramFiles%\Microsoft ISA Server\mspadmin.exe
%ProgramFiles%\Microsoft ISA Server\w3prefch.exe
%ProgramFiles%\Microsoft ISA Server\wspsrv.exe

ISA 2004/2006 SE/EE.
Exclude paths:
%ProgramFiles%\Microsoft SQL Server
ISA Server Web cache

Exclude processes:
%ProgramFiles%\Microsoft ISA Server\dailysum.exe
%ProgramFiles%\Microsoft ISA Server\isastg.exe
%ProgramFiles%\Microsoft ISA Server\mspadmin.exe
%ProgramFiles%\Microsoft ISA Server\w3prefch.exe
%ProgramFiles%\Microsoft ISA Server\wspsrv.exe
%ProgramFiles%\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL$MSFW\sqlservr.exe
%WinDir%\System32\dsamain.exe (Enterprise version only)

IAG 2007.
Exclude paths:
The same files which were excluded for IIS.
The same files which were excluded for ISA 2006.

Exclude processes:
%WinDir%\System32\inetsrv\inetinfo.exe
%WinDir%\System32\inetsrv\w3wp.exe

TMG MBE.
Exclude paths:
%ProgramFiles(x86)%\Microsoft SQL Server
%SystemRoot%\Temp\ScanStorage
%ProgramFiles(x86)%\Microsoft ISA Server\Logs
TMG Web cache
%SystemDrive%\InetPub

Exclude processes:
%ProgramFiles(x86)%\Microsoft ISA Server\isastg.exe
%ProgramFiles(x86)%\Microsoft ISA Server\mspadmin.exe
%ProgramFiles(x86)%\Microsoft ISA Server\wspsrv.exe
%ProgramFiles(x86)%\Microsoft ISA Server\w3prefch.exe
%ProgramFiles(x86)%\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
%ProgramFiles(x86)%\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
%ProgramFiles(x86)%\Microsoft SQL Server\90\Shared\sqlwriter.exe
%WinDir%\System32\dsamain.exe
%WinDir%\System32\inetsrv\inetinfo.exe
%WinDir%\System32\inetsrv\w3wp.exe

TMG 2010.
Exclude paths:
%ProgramFiles%\Microsoft Forefront Threat Management Gateway
%ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS
%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSFW
%SystemRoot%\Temp\ScanStorage
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\Logs
Web cache

Exclude processes:
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\IsaManagedCtrl.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\isastg.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\mspadmin.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\wspsrv.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\w3prefch.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS\MSSQL\Binn\sqlservr.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS\MSSQL\Binn\ReportingServicesService.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSFW\MSSQL\Binn\sqlservr.exe
%WinDir%\System32\dsamain.exe

UAG 2010.
Exclude:
The same files which were excluded for IIS.
The same files which were excluded for TMG 2010.
%ProgramFiles%\Microsoft Forefront Unified Access Gateway.


System Center Products and Their Predecessors

This section contains information about:
- Systems Management Server (SMS) 2003 and Configuration Manager (SCCM) 2007.
- System Center Data Protection Manager (SCDPM) 2007.
- System Center Operations Manager (SCOM) 2007 and Operations Manager (MOM) 2005.

SMS 2003.
Exclude:
SMS\Inboxes directory on Microsoft Systems Management Server site servers.
SMS_CCM\ServiceData directory on Microsoft SMS Management Points.


SCCM 2007.
Exclude:
%ProgramFiles%\Microsoft Configuration Manager\Inboxes


SCDPM 2007.
Exclude:
%ProgramFiles%\Microsoft Data Protection Manager\DPM\XSD
%ProgramFiles%\Microsoft Data Protection Manager\DPM\Temp\MTA
%ProgramFiles%\Microsoft Data Protection Manager\DPM\bin\dpmra.exe
%WinDir%\Microsoft.net\Framework\v2.0.50727\csc.exe


SCOM 2007 and MOM 2005.
Exclude:
Momhost.exe (MOM 2005)
Monitoringhost.exe (SCOM 2007)
%allusersprofile%\Application Data\Microsoft\Microsoft Operations Manager\ (MOM 2005)
%ProgramFiles%\System Center Operations Manager 2007\Health Service State\Health Service Store
(SCOM 2007)


SharePoint Servers & Services

SharePoint Server 2007.
Exclude:
%ProgramFiles%\Microsoft Office Servers\12.0\Data
%ProgramFiles%\Microsoft Office Servers\12.0\Logs
%ProgramFiles%\Microsoft Office Servers\12.0\Bin


SharePoint Service 3.0.
Exclude:
%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\Logs
%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\Data\Applications (if the
computer is running the Windows SharePoint Services Search service)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files
%WinDir%\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files (on 64bit systems)
%allusersprofile%\Application Data\Microsoft\SharePoint\Config
%WinDir%\Temp\WebTempDir
%SystemDrive%\Documents and Settings\service_account\Local Settings\Temp\


SharePoint Portal Server 2001/2003.
Exclude:
%ProgramFiles%\SharePoint Portal Server
%ProgramFiles%\Common Files\Microsoft Shared\Web Storage System
%WinDir%\Temp\Frontpagetempdir (If use are using SPS 2003 SP1)


Hyper-V Servers

Exclude:
\Vmms.exe
\Vmwp.exe
Virtual hard disk drives.
Snapshots.


Exchange 2003 Servers

Exclude paths:
Databases and log files across all storage groups are located in Exchsrvr\Mdbdata.

MTA files are located in Exchsrvr\Mtadata.

Additional log files such as Exchsrvr\server_name.log directory.

Exchsrvr\Mailroot virtual server folder.

Working folder used to store streaming .tmp files that are used for message conversion is located in
Exchsrvr\Mdbdata.

Temporary folder used in conjunction with offline maintenance utilities such as Eseutil.exe is located in
folder where the .exe file is run from.

Site Replication Service files are located in Exchsrvr\Srsdata.

IIS system files are located in %SystemRoot%\System32\Inetsrv.

IIS 6.0 compression folder used with Outlook Web Access 2003 is located in %systemroot%\IIS Temporary
Compressed Files.

Quorum disk and %Winnt%\Cluster (for clusters).

Exchsrvr\Conndata.

Exchange-aware antivirus program folders.

Exclude processes:
Cdb.exe
Cidaemon.exe
Store.exe
Emsmta.exe
Mad.exe
Mssearch.exe
Inetinfo.exe
W3wp.exe



Mailbox server role including clustered mailbox server.
Exclude:

Databases, checkpoint files, log files and database content indexes located in subfolders under
%Program Files%\Microsoft\Exchange Server\Mailbox.

General log files like message tracking log files are located in subfolders under
%Program Files%\Microsoft\Exchange Server\TransportRoles\Logs and
%Program Files%\Microsoft\Exchange Server\Logging.

Offline Address Book files are located in subfolders under
%Program Files%\Microsoft\Exchange Server\ExchangeOAB.

IIS system files located in %SystemRoot%\System32\Inetsrv.


Temporary folders used for conversions are located in servers TMP folder,
%Program Files%\Microsoft\Exchange Server\Working\OleConvertor
and %Program Files%\Microsoft\Exchange Server\Mailbox\MDBTEMP.

The quorum disk and the %Winnt%\Cluster.


Hub Transport server role.
Exclude:

General log files are located in subfolders under
%Program Files%\Microsoft\Exchange Server\TransportRoles\Logs.

Message folders are located in subfolders under
%Program Files%\Microsoft\Exchange Server\TransportRoles.

Queue database, checkpoint and log files are located in
%Program Files%\Microsoft\Exchange Server\TransportRoles\Data\Queue.

Sender Reputation database, checkpoint and log files are located in
%Program Files%\Microsoft\Exchange Server\TransportRoles\Data\SenderReputation.

IP filter database, checkpoint and log files are located in
%Program Files%\Microsoft\Exchange Server\TransportRoles\Data\IpFilter.

Temporary folders used for conversions are located in servers TMP folder and
%Program Files%\Microsoft\Exchange Server\Working\OleConvertor.


Edge Transport server role.
Exclude:

Active Directory Application Mode (ADAM) database and log files are located in
%Program Files%\Microsoft\Exchange Server\TransportRoles\Data\Adam.

General log files are located in subfolders under
%Program Files%\Microsoft\Exchange Server\TransportRoles\Logs.

Message folders are located in %Program Files%\Microsoft\Exchange Server\TransportRoles.

%Program Files%\Microsoft\Exchange Server\TransportRoles\Data\Queue.

%Program Files%\Microsoft\Exchange Server\TransportRoles\Data\SenderReputation.

%Program Files%\Microsoft\Exchange Server\TransportRoles\Data\IpFilter.

%Program Files%\Microsoft\Exchange Server\Working\OleConvertor.


Client Access server role.
Exclude:

Internet Information Services (IIS) 6.0 compression folder used with Microsoft Outlook Web Access is
located in %systemroot%\IIS Temporary Compressed Files.


Internet-related files are located in subfolders under
%Program Files%\Microsoft\Exchange Server\ClientAccess.

Temporary folder used for conversions is located in servers TMP folder.

Unified Messaging server role.
Exclude:

Grammar files are located in subfolders under
%Program Files%\Microsoft\Exchange Server\UnifiedMessaging\grammars.

Voice prompts located in subfolders under
%Program Files%\Microsoft\Exchange Server\UnifiedMessaging\Prompts.

Voicemail files are located in %Program Files%\Microsoft\Exchange Server\UnifiedMessaging\voicemail.

Bad voicemail files are located in
%Program Files%\Microsoft\Exchange Server\UnifiedMessaging\badvoicemail.

Process exclusions:
Cdb.exe
Cidaemon.exe
Cluster.exe
Dsamain.exe
Edgecredentialsvc.exe
Edgetransport.exe
Galgrammargenerator.exe
Inetinfo.exe
Mad.exe
Microsoft.Exchange.Antispamupdatesvc.exe
Microsoft.Exchange.Contentfilter.Wrapper.exe
Microsoft.Exchange.Cluster.Replayservice.exe
Microsoft.Exchange.Edgesyncsvc.exe
Microsoft.Exchange.Imap4.exe
Microsoft.Exchange.Imap4service.exe
Microsoft.Exchange.Infoworker.Assistants.exe
Microsoft.Exchange.Monitoring.exe
Microsoft.Exchange.Pop3.exe
Microsoft.Exchange.Pop3service.exe
Microsoft.Exchange.Search.Exsearch.exe
Microsoft.Exchange.Servicehost.exe
Msexchangeadtopologyservice.exe
Msexchangefds.exe
Msexchangemailboxassistants.exe
Msexchangemailsubmission.exe
Msexchangetransport.exe
Msexchangetransportlogsearch.exe
Msftefd.exe
Msftesql.exe
Oleconverter.exe
Powershell.exe
Sesworker.exe
Speechservice.exe
Store.exe
Transcodingservice.exe
Umservice.exe
Umworkerprocess.exe
W3wp.exe

Extension exclusions.

In addition to excluding specific directories and processes, you should exclude the following Exchange-
specific file name extensions in case directory exclusions fail or files are moved from their default locations.

Application-related extensions:
.config
.dia
.wsb

Database-related extensions:
.chk
.log
.edb
.jrs
.que

Offline address book-related extensions:
.lzx

Content Index-related extensions:
.ci
.dir
.wid
.000
.001
.002

Unified Messaging-related extensions:
.cfg
.grxml

GroupMetrics:
.dsc
.bin
.xml



Mailbox server role including clustered mailbox server.
Exclude:

Databases, checkpoint files, log files and database content indexes located in subfolders under
%ExchangeInstallPath%\Mailbox.

Group Metrics files are located in %ExchangeInstallPath%\GroupMetrics.

General log files like message tracking log files are located in subfolders under
%ExchangeInstallPath%\TransportRoles\Logs and %ExchangeInstallPath%\Logging.

Offline Address Book files are located in subfolders under %ExchangeInstallPath%\ExchangeOAB.

IIS system files located in %SystemRoot%\System32\Inetsrv.


Mailbox database temporary folder is located in %ExchangeInstallPath%\Mailbox\MDBTEMP.

The quorum disk and the %Winnt%\Cluster.


Hub Transport server role.
Exclude:

General log files are located in subfolders under %ExchangeInstallPath%\TransportRoles\Logs.

Pickup and Replay message directory folders are located in %ExchangeInstallPath%\TransportRoles.

%ExchangeInstallPath%\TransportRoles\Data\Queue.

%ExchangeInstallPath%\TransportRoles\Data\SenderReputation.

%ExchangeInstallPath%\TransportRoles\Data\IpFilter.

%ExchangeInstallPath%\Working\OleConvertor.


Edge Transport server role.
Exclude:

Active Directory Application Mode (ADAM) database and log files are located in
%ExchangeInstallPath%\TransportRoles\Data\Adam.

General log files are located in subfolders under %ExchangeInstallPath%\TransportRoles\Logs.
Pickup and Replay message folders are located in %ExchangeInstallPath%\TransportRoles.

%ExchangeInstallPath%\TransportRoles\Data\Queue.

%ExchangeInstallPath%\TransportRoles\Data\SenderReputation.

%ExchangeInstallPath%\TransportRoles\Data\IpFilter.



Client Access server role.
Exclude:

Internet Information Services (IIS) 7.0 compression folder used with Microsoft Outlook Web App is located
in %SystemDrive%\inetpub\temp\IIS Temporary Compressed Files.

Internet Information Services (IIS) 7.0 compression folder used with Microsoft Outlook Web App is located
in %systemroot%\IIS Temporary Compressed Files.


Inetpub\logs\logfiles\w3svc.

Internet-related files are located in subfolders under %ExchangeInstallPath%\ClientAccess.

For servers that have protocol logging enabled for POP3 or IMAP4: %ExchangeInstallPath%\Logging\POP3
and %ExchangeInstallPath%\Logging\IMAP4.

Temporary folder used for conversions is located in servers TMP folder and

Unified Messaging server role.
Exclude:

Grammar files are located in subfolders under %ExchangeInstallPath%\UnifiedMessaging\grammars.

Voice prompts, greetings and informational message files are located in subfolders under
%ExchangeInstallPath%\UnifiedMessaging\Prompts.

Voicemail files are located in %ExchangeInstallPath%\UnifiedMessaging\voicemail.

Temporary files generated by Unified Messaging are located in
%ExchangeInstallPath%\UnifiedMessaging\temp.

Process exclusions:
Cdb.exe
Cidaemon.exe
Cluster.exe
Dsamain.exe
EdgeCredentialSvc.exe
EdgeTransport.exe
ExFBA.exe
GalGrammarGenerator.exe
Inetinfo.exe
Mad.exe
Microsoft.Exchange.AddressBook.Service.exe
Microsoft.Exchange.AntispamUpdateSvc.exe
Microsoft.Exchange.ContentFilter.Wrapper.exe
Microsoft.Exchange.EdgeSyncSvc.exe
Microsoft.Exchange.Imap4.exe
Microsoft.Exchange.Imap4service.exe
Microsoft.Exchange.Infoworker.Assistants.exe
Microsoft.Exchange.Monitoring.exe
Microsoft.Exchange.Pop3.exe
Microsoft.Exchange.Pop3service.exe
Microsoft.Exchange.ProtectedServiceHost.exe
Microsoft.Exchange.RPCClientAccess.Service.exe
Microsoft.Exchange.Search.Exsearch.exe
Microsoft.Exchange.Servicehost.exe
MSExchangeASTopologyService.exe
MSExchangeFDS.exe
MSExchangeMailboxAssistants.exe
MSExchangeMailboxReplication.exe
MSExchangeMailSubmission.exe
MSExchangeRepl.exe
MSExchangeTransport.exe
MSExchangeTransportLogSearch.exe
MSExchangeThrottling.exe
Msftefd.exe
Msftesql.exe
OleConverter.exe
Powershell.exe
SESWorker.exe
SpeechService.exe
Store.exe
TranscodingService.exe
UmService.exe
UmWorkerProcess.exe
W3wp.exe

Extension exclusions.

In addition to excluding specific directories and processes, you should exclude the following Exchange-
specific file name extensions in case directory exclusions fail or files are moved from their default locations.

Application-related extensions:
.config
.dia
.wsb

Database-related extensions:
.chk
.log
.edb
.jrs
.que

Offline address book-related extensions:
.lzx

Content Index-related extensions:
.ci
.dir
.wid
.000
.001
.002

Unified Messaging-related extensions:
.cfg
.grxml

GroupMetrics:
.dsc
.bin
.xml


BizTalk 2004 Servers

Exclude any file receive queue folders.


How to Add Exclusions

To add exclusions right-click KAV icon in system tray -> Properties -> Protection -> Exclusions-> Trusted
Zones -> Configure Exclusion Rules and/or Trusted Applications. The same thing could be done via policy if
you use Kaspersky Administration Kit 8.0 (AK) to manage your hosts.

In the current example C:\Windows\SoftwareDistribution\Datastore\Datastore.edb was excluded as was
recommended in the beginning of the article:

Please use this link for more detailed information regarding creation of exception rules.
Here you can find information about masks usage.

Another way to exclude some objects is to check Exclude areas recommended by Microsoft from virus
scan box during KAV manual installation. Part of objects described in General exclusions section in the
beginning of the article will be excluded. This is available for server version only. Please use this link for
more detailed information.

If you use AK you can add the same exclusions to installation package (this is available for server version
only): Expand AK tree -> Repositories -> Installation Packages -> Right-click Kaspersky Anti-Virus 6.0 for
Windows Servers MP4 -> Properties -> Check Use exclusions specified by Microsoft box:

Virus Scan Exclusions For Microsoft Products

Transféré par

Informations du document

Description originale:

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Virus Scan Exclusions For Microsoft Products

Transféré par

Droits d'auteur :

Formats disponibles

Virus Scan Exclusions for Microsoft Products

Vous aimerez peut-être aussi