Go Back   Technibble Forums > Service Solutions > Servers

  Technibble Sponsor

Reply
 
Thread Tools Display Modes
  #1  
Old 04-19-2012, 05:51 PM
YeOldeStonecat's Avatar
YeOldeStonecat YeOldeStonecat is offline
 
Join Date: Nov 2011
Location: Southeast Connecticut
Posts: 7,982
YeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to behold
Default Antivirus Exclusions on Servers

Due to a few posts around the boards here regarding servers and accounting software on them, server performance, issues with servers....I've frequently mentioned having proper antivirus exclusion settings.

So I thought I'd make a post about them. A lot of people just install antivirus on a server...perhaps adjust some scheduled scan settings, update settings..and walk away.

I'll make a list of specific antivirus exclusions I do. Probably won't be cut 'n paste usable...as one cannot assume drive letters will be the same across the board.

This list is not a "one size fits all" either...there are certainly more directories and file types than I can cover here..but I'm just posting some basics to get started.

ALSO...don't forget, most antivirus clients assume to "Scan all file types"...which puts a heavier load on the system. I change the file extension types to scan from the default "All"....so "Only the file extensions below"..which usually has a list of *.fileextensiontype which may contain viruses. This setting itself greatly reduces much of the load. In addition to excluding certain file types. Don't forget...servers aren't used like a workstation (well...they shouldn't be), no surfing the web, no opening e-mail, etc. So you can afford to lower settings, without increasing risk.

On domain controllers, there are certain directories related to active directory, which should be excluded.

When Exchange is involved...there are directories to be excluded, because hopefully you're using a proper Exchange antivirus engine which hugs the infostore directly.

When SQL is involved, certain directories

Web Servers/IIS

Windows Update directory (WSUS)

And of course, line of business software..and their database engines. Following the guides of the software vendors support for that product. But even something as simple as Quickbooks on the server....I'll exclude the directory that is shared that houses all the company data files. Or at accounting offices, if you have a WinCSA folder shared for CSA Accounting...I'll exclude that share.

From the workstations...accordingly I disable scanning of network drives that contain those shared apps. These are often the cause of "client lock" files being hung...after someone logs out.

"But...what if a virus gets in those folders?" you ask? The answer is "scheduled scans". After hours, at night. Do a once a week scan or something like that. Servers are quite static..no need for real time protection to constantly be burdening all their folders...they're not being used as a desktop.

I"ll follow with some examples of directories/files to exclude on servers.
__________________
Resident "Geek on a Harley" doing IT in Southeast Connecticut
http://www.dynamic-alliance.com/
https://www.facebook.com/YeOldeStonecat
Reply With Quote
  #2  
Old 04-19-2012, 05:53 PM
YeOldeStonecat's Avatar
YeOldeStonecat YeOldeStonecat is offline
 
Join Date: Nov 2011
Location: Southeast Connecticut
Posts: 7,982
YeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to behold
Default

Microsofts own guide
http://support.microsoft.com/kb/822158

Exchange Server
http://support.microsoft.com/kb/823166

And here is a link from Eset (makers of NOD32 antivirus) discussing settings on a server as far as "file extension types"
http://kb.eset.com/esetkb/index?page...nt&id=SOLN2144

Here is an example of exclusions for Small Business Server 2003. Much the same holds true for 08 and 11.


C:\Program Files\Exchsrvr\Mtadata\*.*
C:\Program Files\Exchsrvr\<servername>.log\*.*
C:\Program Files\Exchsrvr\Mailroot\*.*
C:\Program Files\Exchsrvr\Mdbdata\*.*
C:\Program Files\Exchsrvr\Conndata\*.*
C:\Program Files\Exchsrvr\srsdata\*.*
C:\WINDOWS\system32\inetsrv\*.*
C:\WINDOWS\IIS Temporary Compressed Files\*.*
C:\WINDOWS\NTDS\*.*
C:\WINDOWS\sysvol\*.*
C:\WINDOWS\ntfrs\*.*
C:\WINDOWS\security\edb*.log
C:\WINDOWS\security\tmp.edb
C:\WINDOWS\Security\Database\secedit.sdb
C:\WINDOWS\system32\CertLog\*.*
C:\WINDOWS\system32\dhcp\*.*
C:\WINDOWS\system32\wins\*.*
C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Data\*.*
C:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Data\*.*
C:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Data\*.*
F:\MSSQL2000\MSSQL\Data\*.*
C:\WINDOWS\System32\ntmsdata\*.*
C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Failed Mail\*.*
C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Incoming Mail\*.*
C:\WINDOWS\SoftwareDistribution\DataStore\*.*
C:\pagefile.sys
C:\WINDOWS\system32\licstr.cpa
C:\WINDOWS\system32\lls\*.*
__________________
Resident "Geek on a Harley" doing IT in Southeast Connecticut
http://www.dynamic-alliance.com/
https://www.facebook.com/YeOldeStonecat

Last edited by YeOldeStonecat; 04-19-2012 at 05:55 PM.
Reply With Quote
  #3  
Old 04-19-2012, 05:57 PM
FoolishTech's Avatar
FoolishTech FoolishTech is offline
 
Join Date: Aug 2010
Location: Manteo, NC (USA)
Posts: 2,757
FoolishTech is a jewel in the roughFoolishTech is a jewel in the roughFoolishTech is a jewel in the rough
Default

Great info. I knew about excluding the Exchange store folders, didn't realize a few of the others mentioned.
__________________


Author of d7 & d7II, and TONS of other FREE PC technician's tools. www.FoolishIT.com

Author of CryptoPrevent - Crypto/Malware prevention for any OS.

Latest free tool: dBug - Neutralize malware preventing you from running removal tools.

NEW d7II single technician pricing!
Reply With Quote
  #4  
Old 04-19-2012, 06:31 PM
trendless trendless is offline
 
Join Date: Mar 2011
Location: Northeast BC, Canada
Posts: 116
trendless is an unknown quantity at this point
Default

Awesome, thanks! Covered another question I had regarding whether to exclude from realtime or scheduled or both.
Reply With Quote
  #5  
Old 04-19-2012, 07:54 PM
cyabro's Avatar
cyabro cyabro is offline
 
Join Date: Oct 2010
Location: Whangarei, New Zealand
Posts: 645
cyabro will become famous soon enough
Default

The latest version of nod32 is great as it automatically detects what server version it is running on and fills in all the required exclusions for you.
Reply With Quote
  #6  
Old 04-19-2012, 10:09 PM
YeOldeStonecat's Avatar
YeOldeStonecat YeOldeStonecat is offline
 
Join Date: Nov 2011
Location: Southeast Connecticut
Posts: 7,982
YeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to behold
Default

Quote:
Originally Posted by cyabro View Post
The latest version of nod32 is great as it automatically detects what server version it is running on and fills in all the required exclusions for you.
It tries. Been an Eset partner for a long time (since v 2.5). It's getting there...but I still like manually adding more.
__________________
Resident "Geek on a Harley" doing IT in Southeast Connecticut
http://www.dynamic-alliance.com/
https://www.facebook.com/YeOldeStonecat
Reply With Quote
  #7  
Old 06-30-2012, 03:33 PM
FoolishTech's Avatar
FoolishTech FoolishTech is offline
 
Join Date: Aug 2010
Location: Manteo, NC (USA)
Posts: 2,757
FoolishTech is a jewel in the roughFoolishTech is a jewel in the roughFoolishTech is a jewel in the rough
Default

Just thought I'd update this thread after running across this MS page this morning.......

Windows Anti-Virus Exclusion List (en-US)
__________________


Author of d7 & d7II, and TONS of other FREE PC technician's tools. www.FoolishIT.com

Author of CryptoPrevent - Crypto/Malware prevention for any OS.

Latest free tool: dBug - Neutralize malware preventing you from running removal tools.

NEW d7II single technician pricing!
Reply With Quote
  #8  
Old 07-02-2012, 01:55 PM
YeOldeStonecat's Avatar
YeOldeStonecat YeOldeStonecat is offline
 
Join Date: Nov 2011
Location: Southeast Connecticut
Posts: 7,982
YeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to beholdYeOldeStonecat is a splendid one to behold
Default

Quote:
Originally Posted by FoolishTech View Post
Just thought I'd update this thread after running across this MS page this morning.......

Windows Anti-Virus Exclusion List (en-US)
Cool centralized link....Thanks FT.
__________________
Resident "Geek on a Harley" doing IT in Southeast Connecticut
http://www.dynamic-alliance.com/
https://www.facebook.com/YeOldeStonecat
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT. The time now is 06:12 AM.


Powered by vBulletin®
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Technibble.com is based out of MELBOURNE, AUSTRALIA.