Share via


BizTalk Server Anti-Virus Exclusions

Quite often when I'm onsite conducting BizTalk Health Checks, Architecture Design reviews or trouble shooting performance issues, customers ask about Anti-Virus exclusions for BizTalk Server. Here is a list I give them.

Windows Server

Turn off scanning of Windows Update or Automatic Update related files

  • Turn off scanning of the Windows Update or Automatic Update database file (Datastore.edb). This file is located in the following folder:

%windir%\SoftwareDistribution\Datastore

  •  Turn off scanning of the log files that are located in the following folder:

%windir%\SoftwareDistribution\Datastore\Logs

Specifically, exclude the following files:

  • Edb*.jrs

  • Edb.chk

  • Tmp.edb

     

•The wildcard character (*) indicates that there may be several files.

 

Turn off scanning of Windows Security files

  • Add the following files in the %windir%\Security\Database path of the exclusions list: ◦ *.edb
    • *.sdb
    • *.log
    • *.chk
    • *.jrs

 

Turn off scanning of Group Policy related files

  • Group Policy user registry information. These files are located in the folder %allusersprofile%\. Specifically, exclude the file NTUser.pol

 

  • Group Policy client settings files. These files are located in the following in %SystemRoot%\System32\GroupPolicy\Machine\ and %SystemRoot%\System32\GroupPolicy\User\

 

  • Specifically, exclude the file Registry.pol

 

For virus scanning recommendations for Enterprise Servers running Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, Windows Server 2008, please refer to

https://support.microsoft.com/kb/822158/en-us

 

BizTalk Server

Antivirus software real-time scanning of BizTalk Server executable files and any folders or file shares monitored by BizTalk Server receive locations can negatively affect BizTalk Server performance. If antivirus software is installed on the BizTalk Server computer, disable real-time scanning of non-executable file types referenced by any BizTalk Server receive locations (usually .XML, but can also be .csv, .txt, etc.) and configure antivirus software to exclude scanning of BizTalk Server executable files.

 

SQL Server

Real-time scanning of the SQL Server data and transaction files (.mdf, .ndf, .ldf, .mdb) can increase disk I/O contention and reduce SQL Server performance. So these should be exclude from any real-time scanning.Note that the names of the SQL Server data and transaction files may vary between BizTalk Server environments. In addition the backup files and transaction logs (*.bak, *.trn) should also be excluded.For more info please refer to https://support.microsoft.com/kb/309422

 

For SQL Clusters, it is advisable to check that the anti-virus software in use is cluster aware, see https://support.microsoft.com/kb/250355

Additionally, you should exclude the following file system location from virus scanning on a server that is running a Failover Cluster (Windows Server 2008 and later)

  • The %Systemroot%\Cluster folder.
  • The path of the \mscs folder on the quorum hard disk.
  • The temp folder for the Cluster Service account, ie \clusterserviceaccount\Local Settings\Temp folder

 

MSMQ

  • %SystemRoot%\system32\MSMQ\
  • %SystemRoot%\system32\MSMQ\storage

 

 

Internet Information Server 7.0

  • Location of the compressed file cache. Default is %SystemDrive%\inetpub\temp\IIS Temporary Compressed Files.