Anti virus scanning exclusion lists

2015/12/19 10:53
General Exclusions for All Windows Platforms
  • Pagefile.sys
  • *.pst
  • %systemroot%\System32\Spool (replace %systemroot% with actual directory)
  • %systemroot%\SoftwareDistribution\Datastore (replace %systemroot% with actual directory)
  • %allusersprofile%\NTUser.pol
  • %systemroot%\system32\GroupPolicy\registry.pol
Microsoft Active Directory Domain Controller
  • : \ WINNT \ SYSVOL
  • : \ WINNT \ NTDS
  • : \ WINNT \ ntfrs
  • : \ WINNT \ system32 \ dhcp
  • : \ WINNT \ system32 \ dns
Microsoft IIS Server
Web Server log files should be excluded from scanning. By default, IIS logs are saved in
  • : \ WINNT \ system32 \ LogFiles
  • : \ WINNT \ system32 \ IIS Temporary Compressed Files
Microsoft SQL Server
Because scanning may hinder performance, large databases should not be scanned. Since Microsoft SQL Server databases are dynamic, exclude the directory and backup folders from the scan list. If it is necessary to scan database files, a scheduled task can be created to scan them during off-peak hours.
  • SQL Server data files. These files usually have one of the following file name extensions: .mdf, .ldf, .ndf (: \ Program Files \ Microsoft SQL Server \ MSSQL \ Data)
  • SQL Server backup files. These files frequently have one of the following file name extensions:  .bak, .trn
  • Full-Text catalog files
  • The directory that holds Analysis Services data
  • The directory that holds Analysis Services temporary files that are used during Analysis Services processing
  • Analysis Services backup files
  • The directory that holds Analysis Services log files
  • Q:\ (if using SQL Clustering)
Cluster Servers
  • Q:\ (Quorum drive)
  • C:\Windows\Cluster
Microsoft Sharepoint Portal Server
  • : \ Program Files \ SharePoint Portal Server
  • : \ Program Files \ Common Files \ Microsoft Shared \ Web Storage System
  • : \ Windows \ Temp \ Frontpagetempdir
  • M:\
Microsoft Systems Management Server (SMS)
  • SMS \ Inboxes \ SMS_Executive Thread Name
  • SMS_CCM \ ServiceData
Microsoft Operations Manager Server (MOM)
  • : \ Documents and Settings \ All Users \ Application Data \ Microsoft \ Microsoft
Operations Manager
  • : \ Program Files \ Microsoft Operations Manager 2005
Microsoft Internet Security and Acceleration Server (ISA)
  • : \ Program Files \ Microsoft ISA Server \ ISALogs
  • : \ Program Files \ Microsoft SQL Server \ MSSQL$MSFW \ Data
Microsoft Windows System Update Server (WSUS)
  • \ WSUS
  • \ WsusDatabase
Hyper-V host server
  • Default virtual machine configuration directory (C:\ProgramData\Microsoft\Windows\Hyper-V)
  • Custom virtual machine configuration directories
  • Default virtual hard disk drive directory (C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks)
  • Custom virtual hard disk drive directories
  • Snapshot directories
  • Vmms.exe (Note: May need to be configured as process exclusions within the antivirus software)
  • Vmwp.exe (Note: May need to be configured as process exclusions within the antivirus software)
Additionally, when use Live Migration together with Cluster Shared Volumes on Windows Server 2008 R2, exclude the CSV path "C:\Clusterstorage" and all its subdirectories.