McAfee Exclusion's for Configuration Manager 2012

Jacky Chua 16:15

 

1. C:\Windows\TEMP\BootImages
and subfolders.

2. Directories:

%allusersprofile%\NTUser.pol
%systemroot%\system32\GroupPolicy\registry.pol
%windir%\Security\database\*.chk
%windir%\Security\database\*.edb
%windir%\Security\database\*.jrs
%windir%\Security\database\*.log
%windir%\Security\database\*.sdb
%windir%\SoftwareDistribution\Datastore\Datastore.edb
%windir%\SoftwareDistribution\Datastore\Logs\edb.chk
%windir%\SoftwareDistribution\Datastore\Logs\edb*.log
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00001.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00002.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Res1.log
%windir%\SoftwareDistribution\Datastore\Logs\Res2.log
%windir%\SoftwareDistribution\Datastore\Logs\tmp.edb
%programfiles%\Microsoft Configuration Manager\Inboxes\*.*
%programfiles(x86)%\Microsoft Configuration Manager\Inboxes\*.*
%systemroot%\system32\GroupPolicy\Machine\registry.pol"
%systemroot%\system32\GroupPolicy\User\registry.pol"
\SCCMContentLib
\SMSPKG
\SMSPKGC$
\SMSPKGSIG
\SMSSIG$
\Program Files\SMS_CCM\ServiceData
\Program Files\SMS_CCM\Logs
\Program Files\Microsoft Configuration Manager\Logs
\Program Files\Microsoft Configuration Manager\Install.map
\ConfigurationManager DB
\SMSPKGSIG
\SCCMContentLib
\Sources
\SCCMImages
\DatabaseBackup
\SMSPKGE$
\SMSPKGSIG
\SMSSIG$

3. Processes that will be excluded:

Configuration Manager 2012 processes that will be excluded are:

· Smsexec.exe

· Ccmexec.exe

· CmRcService.exe

· Sitecomp.exe

· Smswriter.exe

· Smssqlbbkup.exe

4. SQL Server Exclusion's:

SQL Server 2012 Processes exclude from virus scanning

· %ProgramFiles%\Microsoft SQL Server\MSSQL11. <InstanceName>\MSSQL\Binn\SQLServr.exe

· %ProgramFiles%\Microsoft SQL Server\MSRS11. <InstanceName>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe

· %ProgramFiles%\Microsoft SQL Server\MSAS11. <InstanceName>\OLAP\Bin\MSMDSrv.exe

· SQL Server data files

· *.mdf

· *.ldf

· *.ndf

· SQL Server backup files
     These files frequently have one of the following file-name extensions:

· *.bak

· *.trn

· Full-Text catalog files

· %Program Files%\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\FTData

· Analysis Services backup files
     C:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Backup
     C:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Log

5. IIS Exclusions:

* .ida

%systemroot%\IIS Temporary Compressed Files

%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files

6. WSUS Exclusions:

*.cab

\WSUS\WSUSContent
\WSUS\UpdateServicesDBFiles
\SoftwareDistribution\Datastore
\SoftwareDistribution\Download

Reference Links:

https://community.mcafee.com/thread/59504
http://www.systemcenterblog.nl/2012/05/09/anti-virus-scan-exclusions-for-configuration-manager-2012/
http://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx
http://support.microsoft.com/kb/309422
http://support.microsoft.com/kb/821749
http://support.microsoft.com/kb/817442
http://support.microsoft.com/kb/900638/en-us
http://technet.microsoft.com/en-us/library/dd939908(WS.10).aspx#av

McAfee Exclusions for workstations:

Turn off scanning of Windows Update or Automatic Update related files

· Turn off scanning of the Windows Update or Automatic Update database file (Datastore.edb). This file is located in the following folder:

%windir%\SoftwareDistribution\Datastore

· Turn off scanning of the log files that are located in the following folder:

%windir%\SoftwareDistribution\Datastore\Logs

Specifically, exclude the following files:

· Res*.log

· Edb*.jrs

· Edb.chk

· Tmp.edb

Turn off scanning of Windows Security files

· Add the following files in the %windir%\Security\Database path of the exclusions list:

· *.edb

· *.sdb

· *.log

· *.chk

· *.jrs

Turn off scanning of Group Policy related files

· Group Policy user registry information. These files are located in the following folder:

%allusersprofile%\

Specifically, exclude the following file:

NTUser.pol

· Group Policy client settings file. This file is located in the following folder:

%Systemroot%\System32\GroupPolicy\

Specifically, exclude the following file: Registry.pol

For the configuration manager clients the following exclusion will be added:

· %windir%ccmcache

\SoftwareDistribution\Datastore
\SoftwareDistribution\Download

Reference Links:
http://support.microsoft.com/kb/822158/en-us

 

https://social.technet.microsoft.com/Forums/en-US/753bddc0-0147-4b9a-901c-94e55d024850/sccm-2012-antivirus-exclusions-for-servers-and-workstations?forum=configmanagergeneral

Jacky Chua

Posted by Jacky Chua

Jacky Chua has more than 17 years of IT industry experience. He specializes in SCCM,MDT, Windows Intune and others System Center products.Please feel free to leave a comment or email to [email protected].

Post a Comment

0 Comments