Поделиться через


Lista de exclusões para o antivírus:

 

A minha lista de exclusões de ficheiros/ serviços para o antivírus:

1.) %systemroot%\System32\Spool
2.) %systemroot%\SoftwareDistribution\Datastore

3.) Network Drives.
KB822158 - Virus scanning recommendations for computers that are running Windows
Server 2003, Windows 2000, or Windows XP
<https://support.microsoft.com/kb/822158>

1.) Domain Controller (DC) / DNS / DHCP
a.) %systemroot%\Sysvol)
b.) %systemroot%\system32\dhcp
c.) %systemroot%\system32\

d.) %systemroot%\ntds

KB822158 - Virus scanning recommendations for computers that are running Windows
Server 2003, Windows 2000, or Windows XP
<https://support.microsoft.com/kb/822158>

2.) File Replication (NTFR)

a.) %systemroot%\ntfrs
b.) * .log and *.dit

KB815263 - Antivirus, backup, and disk optimization programs that are compatible
with the File Replication Service
<https://support.microsoft.com/kb/815263>

3.) IIS:

a.) %systemroot%\IIS Temporary Compressed Files)
b.) %systemroot%\system32\inetsrv
c.) * .log extension

KB817442 - IIS 6.0: Antivirus Scanning of IIS Compression Directory May Result in 0-Byte File
<https://support.microsoft.com/kb/817442>
KB821749 - Antivirus software may cause IIS to stop unexpectedly
<https://support.microsoft.com/kb/821749>

4.) SQL

A pasta de SQL, as databases e os logs,

KB309422 - Guidelines for choosing antivirus software to run on the computers that
are running SQL Server
<https://support.microsoft.com/kb/309422>

5.) Exchange

A pasta de Exchange, as databases e os logs,

KB328841 - Exchange and antivirus software
<https://support.microsoft.com/kb/328841>
KB823166 - Overview of Exchange Server 2003 and antivirus software
<https://support.microsoft.com/kb/823166>
KB245822 - Recommendations for troubleshooting an Exchange Server computer with
antivirus software installed
<https://support.microsoft.com/kb/245822>

6.) Cluster,
KB250355 - Antivirus Software May Cause Problems with Cluster Services
<https://support.microsoft.com/kb/250355>

a.) Q:\ (Quorum drive)
b.) %systemroot%\Cluster
c.) SQL Server data files that have the .mdf extension, the .ldf extension, and
the .ndf extension

7.) Sharepoint
a.):\Program Files\SharePoint Portal Server
b.):\Program Files\Common Files\Microsoft Shared\Web Storage System
c.):\MSDEDatabases

KB320111 - Random Errors May Occur When Antivirus Software Scans Microsoft Web Storage System
<https://support.microsoft.com/kb/320111>

KB322941 - Microsoft's Position on Antivirus Solutions for Microsoft SharePoint Portal Server
<https://support.microsoft.com/kb/322941>
8.) (SMS),
a.) SMS\Inboxes
b.) SMS_CCM\ServiceData

KB327453 - Antivirus programs may contribute to file backlogs in SMS 2.0 and in SMS 2003
<https://support.microsoft.com/kb/327453>

9.) MOM (Microsoft Operations Manager).

a.):\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Operations Manager
b.) Drive:\Program Files\Microsoft Operations Manager 2005

10.) Internet Security and Acceleration Server (ISA) Server,

a.) Pasta ISALogs.

KB887311 - Event ID 5, event ID 14079, and event ID 14176 are logged in the Application log on your Internet Security and Acceleration Server 2000 computer
<https://support.microsoft.com/kb/887311>
11.) Windows Software Update Services (WSUS).
a.) Drive:\MSSQL$WSUS
b.) Drive:\WSUS
Also refer to the following knowledge base articles for reference:
KB900638 - Multiple symptoms occur if an antivirus scan occurs while the Wsusscan.cab file is copied
<https://support.microsoft.com/kb/900638>

11.) HYPER-V

Run AV software on Parent and exclude *.vhd and any snapshot file extensions (no need to scan the vhd if there is av software running inside the vm and not sure if the av software could even READ the vhd anyway)

Run AV software on child partitions with exceptions as needed by role (exchange, sharepoint, sql ,etc)

More generally:

Exclude scanning the directory with VM Disks and directory with VM Configurations.

Exclude scanning the following processes:

                Vmms.exe

                Vmswp.exe

                Vmwp.exe*

Error code when you create or start a virtual machine on a Windows Server

2008-based computer that has Hyper-V or on a Microsoft Hyper-V Server 2008-based

computer: "0x800704C8", "0x80070037" or "0x800703E3"

https://support.microsoft.com/kb/961804

Planning for Hyper-V Security

https://technet.microsoft.com/en-us/library/cc974516.aspx