What FCS shouldn’t Scan

Have being digging around and looking for best practices on what not to scan, such as SQL and Exchange databases and the like.

Found this little gem in the depths of Ms Kb files:

Recommended Forefront Client Security file and folder exclusions for Microsoft products

Nice additional services covered here

Read it, print it then apply the separate policies to your server OU’s!

For Exchange 2007 more options = more complicated changes = File-Level Antivirus Scanning on Exchange 2007

TEST, TEST, TEST before putting it into production ;-)

Simple guide ripped from the above link:

Windows systems in general
• Microsoft Windows Update or Automatic Update related files
• The Windows Update or Automatic Update database file.

This file is located in the following folder:

%windir%\SoftwareDistribution\Datastore
Exclude the Datastore.edb file.
• The transaction log files.

These files are located in the following folder:

%windir%\SoftwareDistribution\Datastore\Logs
Exclude the following files:
• Edb*.log

Note The wildcard character indicates that there may be several files.
• Res1.log
• Res2.log
• Edb.chk
• Tmp.edb

Domain Controllers

pretty much the entire %windir%\ntds directory for AD

1. %systemroot%\sysvol Exclude
2. %systemroot%\sysvol\domain Scan
3. %systemroot%\sysvol\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory Exclude
4. %systemroot%\sysvol\domain\Policies Scan
5. %systemroot%\sysvol\domain\Scripts Scan
6. %systemroot%\sysvol\staging Exclude
7. %systemroot%\sysvol\staging areas Exclude
8. %systemroot%\sysvol\sysvol Exclude

Exchange Servers

The core list of files that should be exempted are all .edb files, .log files, .chk files, and STM files

IIS

%systemroot%\IIS Temporary Compressed Files

ISA (shouldn’t have AV on the ISA as IT’S not supposed to be used to do any thing other that protect the network!)

exclude the ISALogs

SharePoint
• Drive:\Program Files\SharePoint Portal Server
• Drive:\Program Files\Common Files\Microsoft Shared\Web Storage System

SQL

•SQL Server data files that have the .mdf extension, the .ldf extension, and the .ndf extension

SMS

Well look through the link and work out if it’s causing grief – http://support.microsoft.com/kb/327453/


For the more paranoid, I’d use direct path names to each file.Use folders only of those systems that generate files on the fly, such as databases

Reply now | Feed

Leave a Reply


XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Wp Logo Theme: Guangzhou
Home