Share via

System Center Orchestrator Antivirus Exclusions

  • Article

This is a community-based article and not necessarily Microsoft recommendations. Please feel free to recommend amendments etc.

Due to the lack of official recommendations from Microsoft for Antivirus/Antimalware exclusions for Orchestrator, it would be good to put up a list so here goes:

The following are recommended exclusions for antivirus/antimalware scans in order to achieve optimum performance and minimise the risk of problematic behaviour in your Orchestrator infrastructure.

Exclusions by process executable

You must be very careful when you add exclusions that are based on executables as incorrect exclusions may prevent some potentially dangerous programs from being detected. Because of this, we do not recommend that you rely on exclusions that are based on any process executables for Orchestrator servers. However, if you have to make exclusions that are based on the process executables, use the following processes:

  • Management Service - ManagementService.exe
  • Remoting Service - OrchestratorRemotingService.exe
  • Run Program Service - OrchestratorRunProgramService.exe
  • Runbook Server Monitor Service - RunbookServerMonitorService.exe
  • Runbook Service - RunbookService.exe

Exclusions by folders

SQL Database servers

These exclusions include the SQL Server database files that are used by Orchestrator components and the system database files for the master database and for the tempdb database. To exclude these files by directory, exclude the directory for the .ldf and .mdf files.

For example:

  • C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data
  • D:\MSSQL\DATA
  • E:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Log

Standard Microsoft SQL Server specific exclusions should still apply - http://support.microsoft.com/kb/309422/en-us 

Orchestrator (Management Server, Runbook Server)

These exclusions include the default installation locations for all Orchestrator server roles. Any deviation from these default locations should be included also.

For a Management Server:

  • C:\Program Files (x86)\Microsoft System Center 2012 R2\Orchestrator\Management Server

For a Runbook Server:

  • C:\Program Files (x86)\Microsoft System Center 2012 R2\Orchestrator\Runbook Server

Exclusion of file type by extension

The following file name extension-specific exclusions for Orchestrator includes real-time scans, scheduled scans, and local scans.

SQL database servers

These exclusions include the SQL Server database files that are used by Orchestrator components and the system database files for the master database and for the tempdb database.

For example:

  • MDF
  • LDF
  • NDF

Standard Microsoft SQL Server specific exclusions should still apply - http://support.microsoft.com/kb/309422/en-us 

Orchestrator (Management Server, Runbook Server)

These exclusions include the log files that are used by Orchestrator.

For Example:

  • LOG

Page files should also be excluded from any real-time scans.