Windows Antivirus Exclusion Recommendations (Servers, Clients, and Role-Specific)

Some useful information to take into consideration, all the info here in this doc:

Windows Antivirus Exclusion Recommendations (Servers, Clients, and Role-Specific)

https://support.microsoft.com/kb/822158

 

for our sweet products, we have these detailed info to exclude files and processes.

 

SharePoint

Certain folders may have to be excluded from antivirus scanning when you use file-level antivirus software in SharePoint

https://support.microsoft.com/kb/952167/en-us

 

IIS

IIS Server

Exclude the IIS compression directory from the antivirus software's scan list.

The default compression directory in IIS 6.0 is %systemroot%\IIS Temporary Compressed Files. This directory may have been changed to another location. In IIS 7.0, the default location of the compressed file cache is %SystemDrive%\inetpub\temp\IIS Temporary Compressed Files.

To verify the compression directory:

  1. Click Start, point to Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

  2. In IIS Manager, right-click the Web Sites folder, and then click Properties.

  3. Click the Service tab.

Under HTTP Compression, make sure that Compress static files is selected, and then locate the path to the temporary directory.

Process Exclusions

  • %systemroot%\system32\inetsrv\w3wp.exe

  • %systemroot%\SysWOW64\inetsrv\w3wp.exe

 

SQL

SQFiles and Directory Exclusions

  • SQL Server data files

      • *.mdf

      • *.ldf

      • *.ndf

  • SQL Server backup files

      • *.bak

      • *.trn

  • Full-Text catalog files

      • Default instance: Program Files\Microsoft SQL Server\MSSQL\FTDATA

      • Named instance: Program Files\Microsoft SQL Server\MSSQL$instancename\FTDATA

  • Trace files

      • *.trc - these files can be generated either when you configure profiler tracing manually or when you enable C2 auditing for the server.
  • SQL audit files (for SQL Server 2008 or later versions)

      • *.sqlaudit
  • SQL query files

      • *.sql
  • The directory that holds Analysis Services data – default is C:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Data.  You can view and change the data directory by using Analysis Manager. To do this, follow these steps:

  1. In Analysis Manager, right-click the server, and then click Properties.

  2. In the Properties dialog box, click the General tab. The directory appears under Data folder.

  • The directory that holds Analysis Services temporary files that are used during Analysis Services processing – default is C:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Data. You can view and change the directory that holds temporary files in Analysis Manager. To do this, follow these steps:
  1. In Analysis Manager, right-click the server, and then click Properties.

  2. In the Properties dialog box, click the General tab.

  3. On the General tab, notice the directory under Temporary file folder.

Note : Optionally, you can add a second temporary directory for Analysis Services 2000 by using the TempDirectory2 registry entry. If you use this registry entry, consider excluding from virus scanning the directory to which this registry entry points

  • Analysis Services backup files – default is C:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Backup

  • The directory that holds Analysis Services log files – default is C:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Log

  • Directories for any Analysis Services 2005 and later-version partitions that are not stored in the default data directory

  • Note When you create the partitions, these locations are defined in the Storage location section of the Processing and Storage Locations page of the Partition Wizard.

  • Filestream data files (SQL 2008 and later versions)

  • Remote Blob Storage files (SQL 2008 and later versions)

  • The directory that holds Reporting Services temporary files and Logs (RSTempFiles and LogFiles)

 

Process Exclusions

SQL Server 2012

  • %ProgramFiles%\Microsoft SQL Server\MSSQL11.<Instance Name>\MSSQL\Binn\SQLServr.exe

  • %ProgramFiles%\Microsoft SQL Server\MSRS11.<Instance Name>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe

  • %ProgramFiles%\Microsoft SQL Server\MSAS11.<Instance Name>\OLAP\Bin\MSMDSrv.exe

Comments

  • Anonymous
    January 01, 2003
    thanks
  • Anonymous
    September 29, 2015
    How do you protect SQL Process files if they have multiple instances on a single server? As an example, if I have %ProgramFiles%Microsoft SQL ServerMSSQL11.INSTANCE1MSSQLBinnSQLServr.exe and
    %ProgramFiles%Microsoft SQL ServerMSSQL11.INSTANCE2MSSQLBinnSQLServr.exe does this mean I have to add each location individually?
  • Anonymous
    February 04, 2016
    Same question as the last person I wonder this too?
  • Anonymous
    February 04, 2016
    Same question as the last person I wonder this too?
  • Anonymous
    February 29, 2016
    The comment has been removed