Monday 29 July 2013

Virus Scan Policy Best Practices

Oh I just found this as well,

General exclusions Windows Server 2003, Windows 2000, Windows XP, or Windows Vista:

%windir%\ntfrs
%windir%\SoftwareDistribution\Datastore\Datastore.edb
%windir%\SoftwareDistribution\Datastore\Logs\Edb*.log
%windir%\SoftwareDistribution\Datastore\Logs\Res1.log
%windir%\SoftwareDistribution\Datastore\Logs\Res2.log
%windir%\SoftwareDistribution\Datastore\Logs\Edb.chk
%windir%\SoftwareDistribution\Datastore\Logs\Tmp.edb
For Windows 2000 & 2003 DC’s
%windir%\ntds\Ntds.dit
%windir%\ntds\Ntds.pat
%windir%\ntds\EDB*.log
%windir%\ntds\Res1.log
%windir%\ntds\Res2.log
%windir%\ntds\Temp.edb
%windir%\ntds\Edb.chk
%systemroot%\sysvol (only this folder, not all subfolders!!!)
%systemroot%\sysvol\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory
%systemroot%\sysvol\staging
%systemroot%\sysvol\staging areas
%systemroot%\sysvol\sysvol

Clusters:
%windir%\Cluster
Q:\ (quorum)
DHCP: %windir%\system32\dhcp
DNS: %windir%\system32\dns
WINS: %windir%\system32\wins

Exchange Server:

Cdb.exe
Cidaemon.exe
Store.exe
Emsmta.exe
Mad.exe
Mssearch.exe
Inetinfo.exe
W3wp.exe
Exchsrvr\Conndata
Exchsrvr\Mailroot
Exchsrvr\Mdbdata
Exchsrvr\Mtadata
Exchsrvr\server_name.log
Exchsrvr\Srsdata
%systemroot%\IIS Temporary Compressed Files
%SystemRoot%\System32\Inetsrv
All .edb; .stm (on Exchange 2000 Server); .log Exchange files
M: drive (on Exchange 2000 Server)
SBS:
C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Failed Mail
C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Incoming Mail

SQL Server: SQL Server data files that have the .mdf extension, the .ldf extension, and the .ndf extension

WSUS: MSSQL$WSUS and WSUS content directory

References:

Virus scanning recommendations for computers that are running Windows Server 2003, Windows 2000, Windows XP, or Windows Vista
http://support.microsoft.com/kb/822158

Overview of Exchange Server 2003 and antivirus software
http://support.microsoft.com/kb/823166

Guidelines for choosing antivirus software to run on the computers that are running SQL Server
http://support.microsoft.com/kb/309422

Recommended Forefront Client Security file and folder exclusions for Microsoft products
http://support.microsoft.com/kb/943556

Multiple symptoms occur if an antivirus scan occurs while the Wsusscan.cab file or the Wsusscn2.cab file is copied
http://support.microsoft.com/kb/900638

Not sure who to credit for this list though sorry. I saved it in a document a while back and don't recall the source but sharing is good. :D

Gazz.


View the original article here

Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)