SYSTEM CENTER 2012 R2 Operations Manager - Anti-Virus Exclusions

 

The Anti-Virus exclusions should be part of common day to day administrative tasks of Anti-Virus solutions to avoid scanning procedures targeted to not harmful or critical and overloaded processes.

Excluding monitoring components from scanning ensures Anti-Virus tools do not block, interfere or skew monitoring data generated on Operations Manager Agents.

 

IT Administrators should implement specific exclusions.

 

The following table highlights the recommendations with regards to System Center 2012 R2 - Operations Manager:

 

Context

Exclusions

Management Servers

Folders (including subfolders):

Operations Manager installation folder.

Default: "C:\Program Files\Microsoft System Center 2012 R2\Operations Manager\Server\"

File Types:

EDB, CHK, LOG

Processes (See Note 1) :

CShost.exe, Microsoft.Mom.Sdk.ServiceHost.exe, HealthService.exe, MonitoringHost.exe

Gateway Servers

Folders (including subfolders):

Operations Manager installation folder.

Default: "C:\Program Files\System Center Operations Manager\Gateway\"

File Types:

EDB, CHK, LOG

Processes (See Note 1) :

HealthService.exe, MonitoringHost.exe

Windows Agents

Folders (including subfolders):

Operations Manager installation folder.

Default: "C:\Program Files\Microsoft Monitoring Agent"

File Types:

EDB, CHK, LOG

Processes (See Note 1) :

HealthService.exe, MonitoringHost.exe

Operations Manager Database Servers

(Windows Agent exclusions)

+

File Types:

MDF, LDF

 

Important Note 1:

Process name exclusions could potentially prevent some dangerous programs from being detected. Therefore exclusions based on processes might expose to security issues and should be avoided.

More information could be found here: https://support.microsoft.com/kb/975931 (*)

 

(*) Please note that by the time of release of this blog post the referenced article (975931) just included SCOM 2012 information. - The article has been updated yesterday 03/Dec/2013