Kaspersky Lab Scan Exclusions

7/26/2019 Kaspersky Lab Scan Exclusions

1/29

Page 1 of 29

Kaspersky Lab Scan Exclusions by Application

One of the first steps in the implementation of antivirus protection is creation of antivirus policies. On aproduct by product basis, software vendors generally provide information as to what files, folders, processes

and file extensions should be excluded from scanning by an antivirus product. Its not a strict requirement

but it is generally done to improve performance of a system and/or increase system stability. In the end, it

becomes a determination of stability / performance versus security and should be handled on a case by case

basis given a specific product.

This article describes exclusions provided by Microsoft for its products specifically for:

Kaspersky Endpoint Security 10 for Windows

Kaspersky Anti-Virus 8.0 for Windows Servers Enterprise Edition

Transport level or product aware scanners like Kaspersky Anti-Virus for Microsoft ISA Server and Kaspersky

Security for Microsoft Exchange Server are out of scope of this document. In addition, non-Windows based

clients / servers are out of scope. In some cases, additional configuration, such as disabling the firewall

component of the antivirus software, is required for optimal operation of a server; however, agent

configuration beyond exclusions is out of scope.

Many of these items are also included in the default exclusion list available in KES 10 & WSEE 8.0 however

additional configuration may be required on a case by case basis. We have also included citations for the

specific Microsoft sites that discuss the exclusion in each section. Below, all recommendations are given for

default paths. If you use non default locations you should adjust these settings. All settings should be applied

temporary at first to evaluate a system.

In the current article you can find exclusions for:

Virus Scan Exclusions for Microsoft Products ..................................................................................................1

General Exclusions for Microsoft Windows 2008 R2, Windows 2008, Windows 2003 R2, Windows 2003,

Windows 2000, Windows 7, Windows Vista and Windows XP .........................................................................3

Windows Updates or Automatic Updates related files (database) ...........................................................3

Windows Updates or Automatic Updates related files (logs) ...................................................................4

Windows Security files ............................................................................................................................4

Group Policy related files. .......................................................................................................................4

Print Spooler ...........................................................................................................................................4

Paging file ...............................................................................................................................................4

MSMQ ....................................................................................................................................................4

Domain Controllers on Microsoft Windows 2008 R2, Windows 2008, Windows 2003 R2, Windows 2003,

Windows 2000 ................................................................................................................................................5

Active Directory related files (NTDS database).........................................................................................5Active Directory related files (transaction logs). ......................................................................................5


2/29

Page 2 of 29

Active Directory related files (NTDS working directory). ..........................................................................5

Sysvol files (FRS working directory) .........................................................................................................5

Sysvol files (FRS database logs)................................................................................................................5

Sysvol files (staging files). ........................................................................................................................6

Sysvol subfolder. .....................................................................................................................................6

Sysvol files (FRS preinstall directory). ......................................................................................................6

DFS files (database, logs and working folders) .........................................................................................6

DHCP Servers ..................................................................................................................................................7

DNS Servers ....................................................................................................................................................7

WINS Servers ..................................................................................................................................................7

IIS Servers 6.0/7.0 ...........................................................................................................................................7

WSUS Servers .................................................................................................................................................8

Server Clusters................................................................................................................................................8

SQL Servers.....................................................................................................................................................8

Common Exclusions ................................................................................................................................8

SQL Server 2005 ......................................................................................................................................9

SQL Server 2008 ......................................................................................................................................9

SQL Server 2008 R2 .................................................................................................................................9

SQL Server 2012 ......................................................................................................................................9

ISA and Forefront Servers ...............................................................................................................................9

ISA 2000 ................................................................................................................................................10

ISA 2004/2006 SE/EE .............................................................................................................................10

IAG 2007 ...............................................................................................................................................10

TMG MBE..............................................................................................................................................11TMG 2010. ............................................................................................................................................11

UAG 2010..............................................................................................................................................11

System Center Products and Their Predecessors ...........................................................................................12

SMS 2003. .............................................................................................................................................12

SCCM 2012 ...........................................................................................................................................12

SCCM 2007............................................................................................................................................13

SCDPM 2007. ........................................................................................................................................13

SCOM 2007/2012 and MOM 2005.........................................................................................................13


3/29

Page 3 of 29

SharePoint Servers & Services.......................................................................................................................13

SharePoint Service 3.0...........................................................................................................................13

SharePoint Portal Server 2001/2003. ....................................................................................................14

SharePoint Server 2007. ........................................................................................................................14

SharePoint Foundation 2010 .................................................................................................................14

SharePoint Server 2010 .........................................................................................................................14

SharePoint Foundation 2013 .................................................................................................................15

SharePoint Server 2013 .........................................................................................................................15

Virtualization Solutions .................................................................................................................................15

Hyper-V Servers ....................................................................................................................................15

MED-V ..................................................................................................................................................15

App-V ....................................................................................................................................................16

Microsoft SBS 2003 .......................................................................................................................................16

Microsoft Exchange Servers ..........................................................................................................................16

Exchange 2003 Servers..........................................................................................................................16



Lync Server 2010 ..........................................................................................................................................23

Data Protection Manager..............................................................................................................................24

Dynamics AX 2009 ........................................................................................................................................24

BizTalk 2004 Servers .....................................................................................................................................25

How to Add Exclusions in KES 10 for Windows ..............................................................................................26

How to Add Exclusions in KAV 8.0 for Windows Servers EE ...........................................................................28

Information about how to add these exclusions is located at the end of article.

General Exclusions for Microsoft Windows 2008 R2, Windows 2008,

Windows 2003 R2, Windows 2003, Windows 2000, Windows 7, Windows

Vista and Windows XP

Windows Updates or Automatic Updates related files (database)

Exclusion:

%windir%\SoftwareDistribution\Datastore\Datastore.edb


4/29

Page 4 of 29

Windows Updates or Automatic Updates related files (logs)

Exclusion: %windir%\SoftwareDistribution\Datastore\Logs\Res*.log

%windir%\SoftwareDistribution\Datastore\Logs\Res*.jrs

%windir%\SoftwareDistribution\Datastore\Logs\Edb.chk

%windir%\SoftwareDistribution\Datastore\Logs\Tmp.edb

Windows Security files

Scanning of these files may prevent security policy from being applied.

Exclusion:

%windir%\Security\Database\*.edb

%windir%\Security\Database\*.sdb %windir%\Security\Database\*.log

%windir%\Security\Database\*.chk

%windir%\Security\Database\*.jrs

Group Policy related files.

Exclusion:

%allusersprofile%\NTUser.pol

%Systemroot%\System32\GroupPolicy\Registry.pol

Print Spooler

Service which manages print queues and controls printing jobs

Exclusion:

spoolsv.exe

Paging file

An important part of virtual memory implementation

Exclusion:

pagefile.sys

MSMQA messaging protocol that allows applications running on separate servers to communicate in a failsafe

manner

Exclusion:

%SystemRoot%\system32\MSMQ\

%SystemRoot%\system32\MSMQ\storage

Please use thislinkfor more detailed information.
http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0


5/29

Page 5 of 29

Domain Controllers on Microsoft Windows 2008 R2, Windows 2008,

Windows 2003 R2, Windows 2003, Windows 2000

Active Directory related files (NTDS database).

Exclusion:

%windir%\Ntds\Ntds.dit

%windir%\Ntds\Ntds.pat

Non default path could be found here:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\DSA Database File

Active Directory related files (transaction logs).

Exclusion:

%windir%\Ntds\EDB*.log

%windir%\Ntds\Res*.log

%windir%\Ntds\Res*.jrs


HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\DSA Working

Directory

Active Directory related files (NTDS working directory).

Exclusion:

%windir%\Ntds\Temp.edb

%windir%\Ntds\Edb.chk


HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\DSA Working

Directory

Sysvol files (FRS working directory)

System volume is a shared folder that stores public files (elements of Group Policy, scripts, etc) distributed to

other domain controllers via File Replication service.

Exclusion:

%windir%\Ntfrs\edb.chk

%windir%\Ntfrs\Ntfrs.jdb

%windir%\Ntfrs\*.log


HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Working Directory

Sysvol files (FRS database logs)

Located in %windir%\Ntfrs.

Exclusion:

Eedb*.log (if the registry key is not set) FRS Working Dir\Jet\Log\Edb*.jrs (Windows 2008 and Windows 2008 R2)


6/29

Page 6 of 29


HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\Ntfrs\Parameters\DB Log File Directory

Sysvol files (staging files).

Exclusion:

%systemroot%\Sysvol\Staging areas\Nntfrs_cmp*.*


HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\NtFrs\Parameters\Replica

Sets\GUID\Replica\Set Stage

Sysvol subfolder.

Default location is %systemroot%\Sysvol\Sysvol.Exclude the following files from this folder and all its subfolders:

*.adm

*admx

*.adml

Registry.pol

*.aas

*.inf

Fdeploy.inf

Scripts.ini

*.ins

Oscfilter.ini

Sysvol files (FRS preinstall directory).

Exclusion:

%windir%\sysvol\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory

DFS files (database, logs and working folders)

Distributed File System technology offers WAN friendly replication and simplified fault-tolerant access to

geographically dispersed files.

Default location is %systemdrive%\System Volume Information\DFSR.

Exclude the following files from this folder and all its subfolders:

$db_normal$ FileIDTable_2

SimilarityTable_2

*.xml

$db_dirty$

Dfsr.db

Fsr.chk

*.log

Fsr*.jrs

Tmp.edb


7/29

Page 7 of 29

Also, exclude the following replicated folder:

%systemdrive%\\dfsrprivate\staging\*.frx


HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\DFSR\Parameters\Replication

Groups\GUID\Replica Set Configuration File=Path >

Please use thislink& thislinkfor more detailed information.

DHCP ServersBy default DHCP related files are located in %systemroot%\System32\DHCP.


*.mdb

*.pat

*.log

*.chk

*.edb


HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCPServer\Parameters


DNS ServersBy default DNS related files are located in %systemroot%\System32\Dns.


*.log

*.dns

BOOT


WINS Servers

By default WINS related files are located in %systemroot%\System32\Wins.Exclude the following files from this folder and all its subfolders:

*.chk

*.log

*.mdb


IIS Servers 6.0/7.0Exclude:

%systemroot%\IIS Temporary Compressed Files (IIS 6.0)

%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files (IIS 7.0)

%systemroot%\system32\inetsrv
http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://blogs.technet.com/b/askds/archive/2010/03/31/tuning-replication-performance-in-dfsr-especially-on-win2008-r2.aspxhttp://blogs.technet.com/b/askds/archive/2010/03/31/tuning-replication-performance-in-dfsr-especially-on-win2008-r2.aspxhttp://blogs.technet.com/b/askds/archive/2010/03/31/tuning-replication-performance-in-dfsr-especially-on-win2008-r2.aspxhttp://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://blogs.technet.com/b/askds/archive/2010/03/31/tuning-replication-performance-in-dfsr-especially-on-win2008-r2.aspxhttp://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0


8/29

Page 8 of 29


WSUS ServersExclude:

Wsusscan.cab

Wsusscn2.cab

\WSUS\WSUSContent

\WSUS\UpdateServicesDBFiles

\SoftwareDistribution\Datastore

\SoftwareDistribution\Download

Please use thislinkandlinkfor more detailed information.

Server Clusters

Exclude:

Q:\ (Quorum drive) - The path of the \mscs folder on the quorum hard disk. For example, exclude

the Q:\mscs folder from virus scanning.

C:\Windows\Cluster - The %Systemroot%\Cluster folder.

The temp folder for the Cluster Service account. For example, exclude the

\clusterserviceaccount\Local Settings\Temp folder from virus scanning.


SQL Servers

Common Exclusions

Exclude data files:

*.mdf

*.ndf

Exclude logs:

*.ldf

Exclude backup files:

*.bak

*.trn

Exclude SQL Audit Files

*.sqlaudit

Exclude SQL Trace Files

*.trc

Exclude full-text catalog files:FTData folders
http://support.microsoft.com/kb/821749http://support.microsoft.com/kb/821749http://support.microsoft.com/kb/821749http://support.microsoft.com/kb/900638http://support.microsoft.com/kb/900638http://support.microsoft.com/kb/900638http://technet.microsoft.com/en-us/library/dd939908(WS.10).aspx#avhttp://technet.microsoft.com/en-us/library/dd939908(WS.10).aspx#avhttp://technet.microsoft.com/en-us/library/dd939908(WS.10).aspx#avhttp://support.microsoft.com/kb/250355http://support.microsoft.com/kb/250355http://support.microsoft.com/kb/250355http://support.microsoft.com/kb/250355http://technet.microsoft.com/en-us/library/dd939908(WS.10).aspx#avhttp://support.microsoft.com/kb/900638http://support.microsoft.com/kb/821749


9/29

Page 9 of 29

Default instance: Program Files\Microsoft SQL Server\MSSQL\FTDATA

Named instance: Program Files\Microsoft SQL Server\MSSQL$instancename\FTDATA

Exclude Analysis Services data:

%ProgramFiles%\Microsoft SQL Server\MSSQL.X\OLAP\data

Exclude Analysis Services backup files:

%ProgramFiles%\Microsoft SQL Server\MSSQL.X\OLAP\Backup

Exclude Analysis Services logs:

%ProgramFiles%\Microsoft SQL Server\MSSQL.X\OLAP\Log

SQL Server 2005

%ProgramFiles%\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLServr.exe %ProgramFiles%\Microsoft SQL Server\MSSQL.3\Reporting

Services\ReportServer\Bin\ReportingServicesService.exe

%ProgramFiles%\Microsoft SQL Server\MSSQL.2\OLAP\Bin\MSMDSrv.exe

SQL Server 2008

%ProgramFiles%\Microsoft SQL Server\MSSQL10.\MSSQL\Binn\SQLServr.exe

%ProgramFiles%\Microsoft SQL Server\MSSQL10.\Reporting


%ProgramFiles%\Microsoft SQL Server\MSSQL10.\OLAP\Bin\MSMDSrv.exe

SQL Server 2008 R2 %ProgramFiles%\Microsoft SQL Server\MSSQL10_50.\MSSQL\Binn\SQLServr.exe

%ProgramFiles%\Microsoft SQL Server\MSSQL10_50.\Reporting


%ProgramFiles%\Microsoft SQL Server\MSSQL10_50.\OLAP\Bin\MSMDSrv.exe

SQL Server 2012

%ProgramFiles%\Microsoft SQL Server\MSSQL11.\MSSQL\Binn\SQLServr.exe

%ProgramFiles%\Microsoft SQL Server\MSRS11.\Reporting


%ProgramFiles%\Microsoft SQL Server\MSAS11.\OLAP\Bin\MSMDSrv.exe


ISA and Forefront ServersThis section contains information about:

Internet Security and Acceleration (ISA) Server 2000/2004/2006 Standard/Enterprise Editions.

Intelligent Application Gateway (IAG) 2007.

Forefront Threat Management Gateway (TMG) Medium Business Edition.

Forefront Threat Management Gateway (TMG) 2010.

Forefront Unified Access Gateway (UAG) 2010.

General exclusions: Applications working directory
http://support.microsoft.com/kb/309422http://support.microsoft.com/kb/309422http://support.microsoft.com/kb/309422http://support.microsoft.com/kb/309422


10/29

Page 10 of 29

Logs

Configuration storage

Cache storage Applications processes

General folders and files mentioned in sections above

ISA/Forefront-aware antivirus program folders.

ISA 2000

Exclude:

%ProgramFiles%\Microsoft ISA Server

%ProgramFiles%\Microsoft ISA Server\ISALogs

ISA Server Web cache

%ProgramFiles%\Microsoft ISA Server\dailysum.exe

%ProgramFiles%\Microsoft ISA Server\repgen.exe %ProgramFiles%\Microsoft ISA Server\mspadmin.exe

%ProgramFiles%\Microsoft ISA Server\w3prefch.exe

%ProgramFiles%\Microsoft ISA Server\wspsrv.exe

ISA 2004/2006 SE/EE

Exclude:

%ProgramFiles%\Microsoft ISA Server

%ProgramFiles%\Microsoft SQL Server

ISA Server Web cache

%ProgramFiles%\Microsoft ISA Server\dailysum.exe

%ProgramFiles%\Microsoft ISA Server\isastg.exe

%ProgramFiles%\Microsoft ISA Server\mspadmin.exe

%ProgramFiles%\Microsoft ISA Server\w3prefch.exe

%ProgramFiles%\Microsoft ISA Server\wspsrv.exe

%ProgramFiles%\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

%ProgramFiles%\Microsoft SQL Server\MSSQL$MSFW\sqlservr.exe

%WinDir%\System32\dsamain.exe (Enterprise version only)

IAG 2007

Exclude:

The same files which were excluded for IIS. The same files which were excluded for ISA 2006.

c:\whale-com\e-gap\

%WinDir%\System32\inetsrv\inetinfo.exe

%WinDir%\System32\inetsrv\w3wp.exe

%SystemDrive%\Whale-Com\e-Gap\common\bin\MonitorMgrCom.exe

%SystemDrive%\Whale-Com\e-Gap\common\bin\SessionMgrCom.exe

%SystemDrive%\Whale-Com\e-Gap\von\FileAccess\ShareAccess.exe

%SystemDrive%\Whale-Com\e-Gap\common\bin\UserMgrCom.exe

%SystemDrive%\Whale-Com\e-Gap\common\bin\whlerrsrvd.exe

%SystemDrive%\Whale-Com\e-Gap\common\bin\whlios.exe


11/29

Page 11 of 29

TMG MBE

Exclude:

%ProgramFiles%\Microsoft ISA Server %ProgramFiles(x86)%\Microsoft SQL Server

%SystemRoot%\Temp\ScanStorage

%ProgramFiles(x86)%\Microsoft ISA Server\Logs

TMG Web cache

%SystemDrive%\InetPub

%ProgramFiles(x86)%\Microsoft ISA Server\dailysum.exe

%ProgramFiles(x86)%\Microsoft ISA Server\isarepgen.exe

%ProgramFiles(x86)%\Microsoft ISA Server\isadlviewer.exe

%ProgramFiles(x86)%\Microsoft ISA Server\isastg.exe

%ProgramFiles(x86)%\Microsoft ISA Server\mspadmin.exe

%ProgramFiles(x86)%\Microsoft ISA Server\wspsrv.exe

%ProgramFiles(x86)%\Microsoft ISA Server\w3prefch.exe

%ProgramFiles(x86)%\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

%ProgramFiles(x86)%\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe

%ProgramFiles(x86)%\Microsoft SQL Server\90\Shared\sqlwriter.exe

%WinDir%\System32\dsamain.exe

%WinDir%\System32\inetsrv\inetinfo.exe

%WinDir%\System32\inetsrv\w3wp.exe

TMG 2010.

Exclude:

%ProgramFiles%\Microsoft Forefront Threat Management Gateway

%ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS

%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSFW

%SystemRoot%\Temp\ScanStorage

%ProgramFiles%\Microsoft Forefront Threat Management Gateway\Logs\Web cache

TMG Web cache

%ProgramFiles%\Microsoft Forefront Threat Management Gateway\dailysum.exe

%ProgramFiles%\Microsoft Forefront Threat Management Gateway\isarepgen.exe

%ProgramFiles%\Microsoft Forefront Threat Management Gateway\isadlviewer.exe

%ProgramFiles%\Microsoft Forefront Threat Management Gateway\IsaManagedCtrl.exe

%ProgramFiles%\Microsoft Forefront Threat Management Gateway\isastg.exe %ProgramFiles%\Microsoft Forefront Threat Management Gateway\mspadmin.exe

%ProgramFiles%\Microsoft Forefront Threat Management Gateway\wspsrv.exe

%ProgramFiles%\Microsoft Forefront Threat Management Gateway\w3prefch.exe

%ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS\MSSQL\Binn\sqlservr.exe

%ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS\MSSQL\Binn\ReportingServicesService.exe

%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSFW\MSSQL\Binn\sqlservr.exe

%WinDir%\System32\dsamain.exe

UAG 2010.

Exclude:

The same files which were excluded for IIS. The same files which were excluded for TMG 2010.


12/29

Page 12 of 29

%ProgramFiles%\Microsoft Forefront Unified Access Gateway.

%ProgramFiles%\Microsoft Forefront Unified Access Gateway\DnsAlgSrv.exe

%ProgramFiles%\Microsoft Forefront Unified Access Gateway\MonitorMgrCom.exe %ProgramFiles%\Microsoft Forefront Unified Access Gateway\SessionMgrCom.exe

%ProgramFiles%\Microsoft Forefront Unified Access Gateway\ShareAccess.exe

%ProgramFiles%\Microsoft Forefront Unified Access Gateway\uagqessvc.exe

%ProgramFiles%\Microsoft Forefront Unified Access Gateway\uagrdpsvc.exe

%ProgramFiles%\Microsoft Forefront Unified Access Gateway\UserMgrCom.exe

%ProgramFiles%\Microsoft Forefront Unified Access Gateway\WatchDogSrv.exe

%ProgramFiles%\Microsoft Forefront Unified Access Gateway\whlerrsrv.exe

%ProgramFiles%\Microsoft Forefront Unified Access Gateway\whlios.exe


System Center Products and Their PredecessorsThis section contains information about:

Systems Management Server (SMS) 2003 and Configuration Manager (SCCM) 2007.

System Center Data Protection Manager (SCDPM) 2007.

System Center Operations Manager (SCOM) 2007 and Operations Manager (MOM) 2005.

SMS 2003.

Exclude:

SMS\Inboxes directory on Microsoft Systems Management Server site servers.

SMS_CCM\ServiceData directory on Microsoft SMS Management Points.


SCCM 2012

Exclude:

C:\Windows\TEMP\BootImages\{GUID}

\Windows\TEMP\BootImages\*

\ConfigMgr_OfflineImageServicing

%allusersprofile%\NTUser.pol

%systemroot%\system32\GroupPolicy\registry.pol

%windir%\Security\database\*.chk %windir%\Security\database\*.edb

%windir%\Security\database\*.jrs

%windir%\Security\database\*.log

%windir%\Security\database\*.sdb

%windir%\SoftwareDistribution\Datastore\Datastore.edb

%windir%\SoftwareDistribution\Datastore\Logs\edb.chk

%windir%\SoftwareDistribution\Datastore\Logs\edb*.log

%windir%\SoftwareDistribution\Datastore\Logs\Edbres00001.jrs

%windir%\SoftwareDistribution\Datastore\Logs\Edbres00002.jrs

%windir%\SoftwareDistribution\Datastore\Logs\Res1.log

%windir%\SoftwareDistribution\Datastore\Logs\Res2.log %windir%\SoftwareDistribution\Datastore\Logs\tmp.edb
http://technet.microsoft.com/en-us/library/cc707727.aspxhttp://technet.microsoft.com/en-us/library/cc707727.aspxhttp://technet.microsoft.com/en-us/library/cc707727.aspxhttp://support.microsoft.com/kb/327453http://support.microsoft.com/kb/327453http://support.microsoft.com/kb/327453http://support.microsoft.com/kb/327453http://technet.microsoft.com/en-us/library/cc707727.aspx


13/29

Page 13 of 29

%programfiles%\Microsoft Configuration Manager\Inboxes\*.*

%programfiles(x86)%\Microsoft Configuration Manager\Inboxes\*.*


SCCM 2007.

Exclude:

%ProgramFiles%\Microsoft Configuration Manager\Inboxes


SCDPM 2007.

Exclude:

%ProgramFiles%\Microsoft Data Protection Manager\DPM\XSD %ProgramFiles%\Microsoft Data Protection Manager\DPM\Temp\MTA

%ProgramFiles%\Microsoft Data Protection Manager\DPM\bin\dpmra.exe

%WinDir%\Microsoft.net\Framework\v2.0.50727\csc.exe


SCOM 2007/2012 and MOM 2005.

Exclude:

Momhost.exe (MOM 2005)

Monitoringhost.exe (SCOM 2007 & SCOM 2012)

%allusersprofile%\Application Data\Microsoft\Microsoft Operations Manager\ (MOM 2005) %ProgramFiles%\System Center Operations Manager 2007\Health Service State\Health Service Store

(SCOM 2007)

%ProgramFiles%\System Center 2012\Operations Manager\\Health Service

State\Health Service Store (SCOM 2012)

%Program Files%\Microsoft SQL Server\MSSQL.1\MSSQL\Data

%ProgramFiles%\Microsoft SQL Server\MSSQL.1\MSSQL\Log

Extensions: WKF, PQF, PQF0, PQF1, EDB, CHK, LOG, MDF, LDF


SharePoint Servers & Services

SharePoint Service 3.0.

Exclude:

%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\Logs

%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\Data\Applications (if

the computer is running the Windows SharePoint Services Search service)

%WinDir%\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files

%WinDir%\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files (on 64bit systems)

%allusersprofile%\Application Data\Microsoft\SharePoint\Config

%WinDir%\Temp\WebTempDir

%SystemDrive%\Documents and Settings\service_account\Local Settings\Temp\
http://blogs.technet.com/b/systemcenterpfe/archive/2013/01/11/updated-system-center-2012-configuration-manager-antivirus-exclusions-with-more-details.aspxhttp://blogs.technet.com/b/systemcenterpfe/archive/2013/01/11/updated-system-center-2012-configuration-manager-antivirus-exclusions-with-more-details.aspxhttp://blogs.technet.com/b/systemcenterpfe/archive/2013/01/11/updated-system-center-2012-configuration-manager-antivirus-exclusions-with-more-details.aspxhttp://technet.microsoft.com/en-us/library/bb932206.aspxhttp://technet.microsoft.com/en-us/library/bb932206.aspxhttp://technet.microsoft.com/en-us/library/bb932206.aspxhttp://technet.microsoft.com/en-us/library/bb808691.aspxhttp://technet.microsoft.com/en-us/library/bb808691.aspxhttp://technet.microsoft.com/en-us/library/bb808691.aspxhttp://support.microsoft.com/kb/975931http://support.microsoft.com/kb/975931http://support.microsoft.com/kb/975931http://support.microsoft.com/kb/975931http://technet.microsoft.com/en-us/library/bb808691.aspxhttp://technet.microsoft.com/en-us/library/bb932206.aspxhttp://blogs.technet.com/b/systemcenterpfe/archive/2013/01/11/updated-system-center-2012-configuration-manager-antivirus-exclusions-with-more-details.aspx


14/29

Page 14 of 29


SharePoint Portal Server 2001/2003.

Exclude:

%ProgramFiles%\SharePoint Portal Server

%ProgramFiles%\Common Files\Microsoft Shared\Web Storage System

%WinDir%\Temp\Frontpagetempdir (If use are using SPS 2003 SP1)


SharePoint Server 2007.

Exclude:

%ProgramFiles%\Microsoft Office Servers\12.0\Data %ProgramFiles%\Microsoft Office Servers\12.0\Logs

%ProgramFiles%\Microsoft Office Servers\12.0\Bin


SharePoint Foundation 2010

Exclude:

Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Logs

Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Data\Applications

Drive:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files

Drive: \Users\ServiceAccount\AppData\Local\Temp\WebTempDir Drive:\ProgramData\Microsoft\SharePoint

Drive:\Users\account that the search service is running as\AppData\Local\Temp

Drive:\WINDOWS\system32\LogFiles

Drive:\Windows\Syswow64\LogFiles

Drive:\Users\ServiceAccount\AppData\Local\Temp

Drive:\Users\Default\AppData\Local\Temp


SharePoint Server 2010

Exclude: Drive:\Program Files\Microsoft Office Servers\14.0\Data (This folder is used for the indexing process.

If the Index files are configured to be located in a different folder, you also have to exclude that

location.)

Drive:\Program Files\Microsoft Office Servers\14.0\Logs

Drive:\Program Files\Microsoft Office Servers\14.0\Bin

Drive:\Program Files\Microsoft Office Servers\14.0\Synchronization Service

Any location in which you decided to store the disk-based binary large object (BLOB) cache (for

example, C:\Blobcache)

http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/?id=320111http://support.microsoft.com/?id=320111http://support.microsoft.com/?id=320111http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/?id=320111http://support.microsoft.com/kb/952167


15/29

Page 15 of 29

SharePoint Foundation 2013

Exclude:

Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\Logs Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\Data\Applications

Drive:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files

Drive: \Users\ServiceAccount\AppData\Local\Temp\WebTempDir

Drive:\ProgramData\Microsoft\SharePoint

Drive:\Users\account that the search service is running as\AppData\Local\Temp

Drive:\WINDOWS\System32\LogFiles

Drive:\Windows\Syswow64\LogFiles

Drive:\Users\ServiceAccount\AppData\Local\Temp

Drive:\Users\Default\AppData\Local\Temp


SharePoint Server 2013

Exclude:

Drive:\Program Files\Microsoft Office Servers\15.0\Data (This folder is used for the indexing process.

If the index files are configured to be located in a different folder, you also have to exclude that

location.)

Drive:\Program Files\Microsoft Office Servers\15.0\Logs

Drive:\Program Files\Microsoft Office Servers\15.0\Bin

Drive:\Program Files\Microsoft Office Servers\15.0\Synchronization Service

Any location in which you decided to store the disk-based binary large object (BLOB) cache (forexample, C:\Blobcache).


Virtualization SolutionsHyper-V Servers

Exclude:

Vmms.exe

Vmwp.exe

C:\ProgramData\Microsoft\Windows\Hyper-V

C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks

%systemdrive%\ProgramData\Microsoft\Windows\Hyper-V\Snapshots


MED-V

Exclude:

*.VHD- These represent the Virtual Hard Disk Image files. These will appear on test workstations

when test images are being used to finalize workspace policies.

*.VUD- These represent Virtual PC Undo Disk Files. These will appear on test workstations when test

images are being used to finalize workspace policies.
http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/961804http://support.microsoft.com/kb/961804http://support.microsoft.com/kb/961804http://support.microsoft.com/kb/961804http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167


16/29

Page 16 of 29

*.VSV- These represent Virtual PC Saved State files. These will be on all MED-V clients running

Workspaces.

*.CKM- This is the packed image format used by MED-V (Kidaro Compressed Machine.) These willbe present on MED-V Servers, Image Distribution Servers, locally packed images on MED-V

Administration workstations, and as pre-staged images on clients.

*.VMC- These represent the Base Virtual Machine Settings File. Will be found on all MED-V Clients

and Test Workstations.

*.INDEX- These are index files used by the TrimTransfer Feature. These will be found on both clients

and servers.

*.EVHD- These are the encrypted virtual hard disk files used on MED-V Clients running workspaces.


App-VWindows Vista, Windows Server 2008 or later

%USERPROFILE%\AppData\Local\SoftGrid Client

%USERPROFILE%\AppData\Roaming\SoftGrid Client

%PROGRAMDATA%\Microsoft\Application Virtualization Client\SoftGrid Client

Windows XP or Windows Server 2003

%USERPROFILE%\Application Data\SoftGrid Client

%ALLUSERSPROFILE%\Application Data\Microsoft\Application Virtualization Client\

%ALLUSERSPROFILE%\Documents\SoftGrid Client


Microsoft SBS 2003 %PROGRAMFILES%\Exchsrvr\Mailroot\vsi 1\PickUp

%PROGRAMFILES%\Exchsrvr\Mailroot\

%PROGRAMFILES%\Microsoft Windows Small Business Server\\Networking\POP3\Failed Mail


Microsoft Exchange Servers

Exchange 2003 ServersExclude:

Databases and log files across all storage groups are located in Exchsrvr\Mdbdata.

MTA files are located in Exchsrvr\Mtadata.

Additional log files such as Exchsrvr\server_name.log directory.

Exchsrvr\Mailroot virtual server folder.Working folder used to store streaming .tmp files that are

used for message conversion is located in

Exchsrvr\Mdbdata.

Temporary folder used in conjunction with offline maintenance utilities such as Eseutil.exe is located

in folder where the .exe file is run from.

Site Replication Service files are located in Exchsrvr\Srsdata.

IIS system files are located in %SystemRoot%\System32\Inetsrv.
http://social.technet.microsoft.com/wiki/contents/articles/566.aspxhttp://social.technet.microsoft.com/wiki/contents/articles/566.aspxhttp://social.technet.microsoft.com/wiki/contents/articles/566.aspxhttp://support.microsoft.com/kb/2576031http://support.microsoft.com/kb/2576031http://support.microsoft.com/kb/2576031http://support.microsoft.com/kb/885685http://support.microsoft.com/kb/885685http://support.microsoft.com/kb/885685http://support.microsoft.com/kb/885685http://support.microsoft.com/kb/2576031http://social.technet.microsoft.com/wiki/contents/articles/566.aspx


17/29

Page 17 of 29

IIS 6.0 compression folder used with Outlook Web Access 2003 is located in %systemroot%\IIS

Temporary

Compressed Files. Quorum disk and %Winnt%\Cluster (for clusters).

Exchsrvr\Conndata.

Exchange-aware antivirus program folders.

Cdb.exe

Cidaemon.exe

Store.exe

Emsmta.exe

Mad.exe

Mssearch.exe

Inetinfo.exe

W3wp.exe


Exchange 2007 Servers

Mailbox server role including clustered mailbox server

Exclude:

Databases, checkpoint files, log files and database content indexes located in subfolders under

%Program Files%\Microsoft\Exchange Server\Mailbox.

General log files like message tracking log files are located in subfolders under %Program

Files%\Microsoft\Exchange Server\TransportRoles\Logs and %Program Files%\Microsoft\Exchange

Server\Logging.

Offline Address Book files are located in subfolders under %Program Files%\Microsoft\Exchange

Server\ExchangeOAB.

IIS system files located in %SystemRoot%\System32\Inetsrv.


in the folder where the .exe file is run from.

Temporary folders used for conversions are located in servers TMP folder, %Program

Files%\Microsoft\Exchange Server\Working\OleConvertor and %Program

Files%\Microsoft\Exchange Server\Mailbox\MDBTEMP.

The quorum disk and the %Winnt%\Cluster.


Hub Transport server role

Exclude:

General log files are located in subfolders under %Program Files%\Microsoft\Exchange

Server\TransportRoles\Logs.

Message folders are located in subfolders under %Program Files%\Microsoft\Exchange

Server\TransportRoles.

Queue database, checkpoint and log files are located in %Program Files%\Microsoft\Exchange

Server\TransportRoles\Data\Queue.

Sender Reputation database, checkpoint and log files are located in %Program

Files%\Microsoft\Exchange Server\TransportRoles\Data\SenderReputation.
http://support.microsoft.com/kb/823166http://support.microsoft.com/kb/823166http://support.microsoft.com/kb/823166http://support.microsoft.com/kb/823166


18/29

Page 18 of 29

IP filter database, checkpoint and log files are located in %Program Files%\Microsoft\Exchange

Server\TransportRoles\Data\IpFilter.

Temporary folders used for conversions are located in servers TMP folder and %ProgramFiles%\Microsoft\Exchange Server\Working\OleConvertor.


Edge Transport server role.

Exclude:

Active Directory Application Mode (ADAM) database and log files are located in %Program

Files%\Microsoft\Exchange Server\TransportRoles\Data\Adam.

General log files are located in subfolders under %Program Files%\Microsoft\Exchange

Server\TransportRoles\Log

Message folders are located in %Program Files%\Microsoft\Exchange Server\TransportRoles.

Queue database, checkpoint and log files are located in %Program Files%\Microsoft\ExchangeServer\TransportRoles\Data\Queue.

Sender Reputation database, checkpoint and log files are located in %Program

Files%\Microsoft\Exchange Server\TransportRoles\Data\SenderReputation.

IP filter database, checkpoint and log files are located in %Program Files%\Microsoft\Exchange

Server\TransportRoles\Data\IpFilter.

Temporary folders used for conversions are located in servers TMP folder and %Program

Files%\Microsoft\Exchange Server\Working\OleConvertor.Exchange-aware antivirus program

folders.

Client Access server role

Exclude: Internet Information Services (IIS) 6.0 compression folder used with Microsoft Outlook Web Access is

located in %systemroot%\IIS Temporary Compressed Files.


Internet-related files are located in subfolders under %Program Files%\Microsoft\Exchange

Server\ClientAccess.

Temporary folder used for conversions is located in servers TMP folder.

Unified Messaging server role

Exclude:

Grammar files are located in subfolders under %Program Files%\Microsoft\Exchange

Server\UnifiedMessaging\grammars.

Voice prompts located in subfolders under %Program Files%\Microsoft\Exchange

Server\UnifiedMessaging\Prompts.

Voicemail files are located in %Program Files%\Microsoft\Exchange

Server\UnifiedMessaging\voicemail.

Bad voicemail files are located in %Program Files%\Microsoft\Exchange

Server\UnifiedMessaging\badvoicemail.

Cdb.exe

Cidaemon.exe

Cluster.exe

Dsamain.exe

Edgecredentialsvc.exe


19/29

Page 19 of 29

Edgetransport.exe

Galgrammargenerator.exe

Inetinfo.exe Mad.exe

Microsoft.Exchange.Antispamupdatesvc.exe

Microsoft.Exchange.Contentfilter.Wrapper.exe

Microsoft.Exchange.Cluster.Replayservice.exe

Microsoft.Exchange.Edgesyncsvc.exe

Microsoft.Exchange.Imap4.exe

Microsoft.Exchange.Imap4service.exe

Microsoft.Exchange.Infoworker.Assistants.exe

Microsoft.Exchange.Monitoring.exe

Microsoft.Exchange.Pop3.exe

Microsoft.Exchange.Pop3service.exe

Microsoft.Exchange.Search.Exsearch.exe

Microsoft.Exchange.Servicehost.exe

Msexchangeadtopologyservice.exe

Msexchangefds.exe

Msexchangemailboxassistants.exeMsexchangemailsubmission.exe

Msexchangetransport.exe

Msexchangetransportlogsearch.exe

Msftefd.exe

Msftesql.exe

Oleconverter.exe Powershell.exe

Sesworker.exe

Speechservice.exe

Store.exe

Transcodingservice.exe

Umservice.exe

Umworkerprocess.exe

W3wp.exe

Extension exclusions

In addition to excluding specific directories and processes, you should exclude the following Exchange specificfile name extensions in case directory exclusions fail or files are moved from their default locations.

Application-related extensions:

.config

.dia

.wsb

Database-related extensions:

.chk

.log

.edb

.jrs


20/29

Page 20 of 29

.que

Offline address book-related extensions: .lzx

Content Index-related extensions:

.ci

.dir

.wid

.000

.001

.002

Unified Messaging-related extensions: .cfg

.grxml

GroupMetrics:

.dsc

.bin

.xml


Exchange 2010 Servers

Mailbox server role including clustered mailbox server

Exclude:

Databases, checkpoint files, log files and database content indexes located in subfolders under

%ExchangeInstallPath%\Mailbox.

Group Metrics files are located in %ExchangeInstallPath%\GroupMetrics.

General log files like message tracking log files are located in subfolders under

%ExchangeInstallPath%\TransportRoles\Logs and %ExchangeInstallPath%\Logging.

Offline Address Book files are located in subfolders under %ExchangeInstallPath%\ExchangeOAB.

IIS system files located in %SystemRoot%\System32\Inetsrv.


in the folder where the .exe file is run from.

Mailbox database temporary folder is located in %ExchangeInstallPath%\Mailbox\MDBTEMP.

The quorum disk and the %Winnt%\Cluster.


Hub Transport server role

Exclude:

General log files are located in subfolders under %ExchangeInstallPath%\TransportRoles\Logs.

Pickup and Replay message directory folders are located in %ExchangeInstallPath%\TransportRoles.

Queue database, checkpoint and log files are located in%ExchangeInstallPath%\TransportRoles\Data\Queue.
http://technet.microsoft.com/en-us/library/bb332342(EXCHG.80).aspxhttp://technet.microsoft.com/en-us/library/bb332342(EXCHG.80).aspxhttp://technet.microsoft.com/en-us/library/bb332342(EXCHG.80).aspxhttp://technet.microsoft.com/en-us/library/bb332342(EXCHG.80).aspx


21/29

Page 21 of 29

Sender Reputation database, checkpoint and log files are located in

%ExchangeInstallPath%\TransportRoles\Data\SenderReputation.

IP filter database, checkpoint and log files are located in%ExchangeInstallPath%\TransportRoles\Data\IpFilter.

Temporary folders used for conversions are located in servers TMP folder and

%ExchangeInstallPath%\Working\OleConvertor.


Edge Transport server role

Exclude:

Active Directory Application Mode (ADAM) database and log files are located in

%ExchangeInstallPath%\TransportRoles\Data\Adam.

General log files are located in subfolders under %ExchangeInstallPath%\TransportRoles\Logs.Pickup

and Replay message folders are located in %ExchangeInstallPath%\TransportRoles. Queue database, checkpoint and log files are located in

%ExchangeInstallPath%\TransportRoles\Data\Queue.

Sender Reputation database, checkpoint and log files are located in

%ExchangeInstallPath%\TransportRoles\Data\SenderReputation.

IP filter database, checkpoint and log files are located in

%ExchangeInstallPath%\TransportRoles\Data\IpFilter.

Temporary folders used for conversions are located in servers TMP folder and



Client Access server roleExclude:

Internet Information Services (IIS) 7.0 compression folder used with Microsoft Outlook Web App is

located in %SystemDrive%\inetpub\temp\IIS Temporary Compressed Files.

Internet Information Services (IIS) 7.0 compression folder used with Microsoft Outlook Web App is

located in %systemroot%\IIS Temporary Compressed Files.


Inetpub\logs\logfiles\w3svc.

Internet-related files are located in subfolders under %ExchangeInstallPath%\ClientAccess.

For servers that have protocol logging enabled for POP3 or IMAP4:

%ExchangeInstallPath%\Logging\POP3 and %ExchangeInstallPath%\Logging\IMAP4.

Temporary folder used for conversions is located in servers TMP folder and


Unified Messaging server role

Exclude:

Grammar files are located in subfolders under %ExchangeInstallPath%\UnifiedMessaging\grammars.

Voice prompts, greetings and informational message files are located in subfolders under

%ExchangeInstallPath%\UnifiedMessaging\Prompts.

Voicemail files are located in %ExchangeInstallPath%\UnifiedMessaging\voicemail.

Temporary files generated by Unified Messaging are located in

%ExchangeInstallPath%\UnifiedMessaging\temp.

Cdb.exe


22/29

Page 22 of 29

Cidaemon.exe

Cluster.exeDsamain.exe

EdgeCredentialSvc.exe EdgeTransport.exe

ExFBA.exe

GalGrammarGenerator.exe

Inetinfo.exe

Mad.exe

Microsoft.Exchange.AddressBook.Service.exe

Microsoft.Exchange.AntispamUpdateSvc.exe

Microsoft.Exchange.ContentFilter.Wrapper.exe

Microsoft.Exchange.EdgeSyncSvc.exe

Microsoft.Exchange.Imap4.exe

Microsoft.Exchange.Imap4service.exe

Microsoft.Exchange.Infoworker.Assistants.exe

Microsoft.Exchange.Monitoring.exe

Microsoft.Exchange.Pop3.exe

Microsoft.Exchange.Pop3service.exe

Microsoft.Exchange.ProtectedServiceHost.exe

Microsoft.Exchange.RPCClientAccess.Service.exe

Microsoft.Exchange.Search.Exsearch.exe

Microsoft.Exchange.Servicehost.exe

MSExchangeASTopologyService.exe

MSExchangeFDS.exe MSExchangeMailboxAssistants.exe

MSExchangeMailboxReplication.exe

MSExchangeMailSubmission.exe

MSExchangeRepl.exe

MSExchangeTransport.exe

MSExchangeTransportLogSearch.exe

MSExchangeThrottling.exe

Msftefd.exe

Msftesql.exe

OleConverter.exe

Powershell.exe SESWorker.exe

SpeechService.exe

Store.exe

TranscodingService.exe

UmService.exe

UmWorkerProcess.exe

W3wp.exe

Extension exclusions

In addition to excluding specific directories and processes, you should exclude the following Exchange specific

file name extensions in case directory exclusions fail or files are moved from their default locations.


23/29

Page 23 of 29

Application-related extensions:

.config .dia

.wsb

Database-related extensions:

.chk.log

.edb

.jrs

.que

Offline address book-related extensions:

.lzx

Content Index-related extensions:

.ci

.dir

.wid

.000

.001

.002

Unified Messaging-related extensions:

.cfg

.grxml

GroupMetrics:

.dsc

.bin

.xml


Lync Server 2010Processes:

ASMCUSvc.exe

AVMCUSvc.exe

DataMCUSvc.exe

DataProxy.exe

FileTransferAgent.exe

IMMCUSvc.exe

MasterReplicatorAgent.exe

MediaRelaySvc.exe

MediationServerSvc.exe MeetingMCUSvc.exe
http://technet.microsoft.com/en-us/library/bb332342.aspxhttp://technet.microsoft.com/en-us/library/bb332342.aspxhttp://technet.microsoft.com/en-us/library/bb332342.aspxhttp://technet.microsoft.com/en-us/library/bb332342.aspx


24/29

Page 24 of 29

MRASSvc.exe

OcsAppServerHost.exe

QmsSvc.exe ReplicaReplicatorAgent.exe

RTCArch.exe

RtcCdr.exe

RTCSrv.exe

IIS processes:

%systemroot%\system32\inetsrv\w3wp.exe

%systemroot%\SysWOW64\inetsrv\w3wp.exe

SQL Server processes:

%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLServr.exe %ProgramFiles%\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting


%ProgramFiles%\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\Bin\MSMDSrv.exe

Directories and files:

%systemroot%\System32\LogFiles

%systemroot%\SysWow64\LogFiles

%systemroot%\Windows\Assembly\GAC_MSIL

%programfiles%\Microsoft Lync Server 2010

%programfiles%\commonfiles\Microsoft Lync Server 2010

%SystemDrive%\RtcReplicaRoot

File share store (specified in Topology Builder). File stores are specified in Topology Builder.

SQL Server data and log files, including those for the back-end database, user store, archiving store,

monitoring store, and application store. Database and log files can be specified in Topology Builder.


Data Protection Manager

\XSD

\Temp\MTA Dpmra.exe

Csc.exe


Dynamics AX 2009For versions up to AX 2009 exclude:

All the AOD, AOI, ADD, ADI, KHD & KHI files, or

alternatively, the whole application folder
http://technet.microsoft.com/en-us/library/gg195736.aspxhttp://technet.microsoft.com/en-us/library/gg195736.aspxhttp://technet.microsoft.com/en-us/library/gg195736.aspxhttp://technet.microsoft.com/en-us/library/ff399439.aspxhttp://technet.microsoft.com/en-us/library/ff399439.aspxhttp://technet.microsoft.com/en-us/library/ff399439.aspxhttp://technet.microsoft.com/en-us/library/ff399439.aspxhttp://technet.microsoft.com/en-us/library/gg195736.aspx


25/29

Page 25 of 29


BizTalk 2004 Servers

Exclude any file receive queue folders.

EntSSO.exe, MSDTC.exe, BTSNTSvc.exe, BTSNTSvc64.exe, SQLServr.exe, but also others as IIS, Customer WCF

services, MSMQ, Rule Engine, SQL Agent, SSIS, SSNS and other applications used in integration scenarios.

http://blogs.msdn.com/b/czdaxsup/archive/2010/05/13/ax-application-files-locked-by-another-process.aspxhttp://blogs.msdn.com/b/czdaxsup/archive/2010/05/13/ax-application-files-locked-by-another-process.aspxhttp://blogs.msdn.com/b/czdaxsup/archive/2010/05/13/ax-application-files-locked-by-another-process.aspxhttp://support.microsoft.com/?id=318941http://support.microsoft.com/?id=318941http://support.microsoft.com/?id=318941http://support.microsoft.com/?id=318941http://blogs.msdn.com/b/czdaxsup/archive/2010/05/13/ax-application-files-locked-by-another-process.aspx


26/29

Page 26 of 29

How to Add Exclusions in KES 10 for Windows

The first way to create a default exclusion which includes many of the default Windows Workstation / Serverlists list is during policy creation.

During creation, the two checkboxes to create default rules will need to be checked.


27/29

Page 27 of 29

Examples of auto-generated rules:

Alternatively, specific exclusions can be created after the policy has been created in the General Protection

Settings area of the policy.


28/29

Page 28 of 29

How to Add Exclusions in KAV 8.0 for Windows Servers EE

Please note that many of the exclusions mentioned above are prepopulated due to this product being

specifically targeted at Server environment. Review these default exclusions will be necessary if there has

been customization in your environment, specifically looking for non-default installation paths and updating

as needed will ensure proper exclusion. The exclusion rules can be found in the Advanced area of the policy

under Trusted Zone -> Settings.


29/29

Kaspersky Lab Scan Exclusions

Documents

Transcript of Kaspersky Lab Scan Exclusions