Anti virus scanning exclusion lists

2008/05/10 18:14
General Exclusions for All Windows Platforms
  • Pagefile.sys
  • *.pst
  • %systemroot%\System32\Spool (replace %systemroot% with actual directory)
  • %systemroot%\SoftwareDistribution\Datastore (replace %systemroot% with actual directory)
  • %allusersprofile%\NTUser.pol
  • %systemroot%\system32\GroupPolicy\registry.pol

Microsoft Active Directory Domain Controller

  • : \ WINNT \ SYSVOL
  • : \ WINNT \ NTDS
  • : \ WINNT \ ntfrs
  • : \ WINNT \ system32 \ dhcp
  • : \ WINNT \ system32 \ dns

Microsoft IIS Server

  • Web Server log files should be excluded from scanning. By default, IIS logs are saved in
  • : \ WINNT \ system32 \ LogFiles
  • : \ WINNT \ system32 \ IIS Temporary Compressed Files

Microsoft SQL Server

Because scanning may hinder performance, large databases should not be scanned. Since Microsoft SQL Server databases are dynamic, exclude the directory and backup folders from the scan list. If it is necessary to scan database files, a scheduled task can be created to scan them during off-peak hours.

  • SQL Server data files. These files usually have one of the following file name extensions: .mdf, .ldf, .ndf (: \ Program Files \ Microsoft SQL Server \ MSSQL \ Data)
  • SQL Server backup files. These files frequently have one of the following file name extensions:  .bak, .trn
  • Full-Text catalog files
  • The directory that holds Analysis Services data
  • The directory that holds Analysis Services temporary files that are used during Analysis Services processing
  • Analysis Services backup files
  • The directory that holds Analysis Services log files
  • Q:\ (if using SQL Clustering)

Cluster Servers

  • Q:\ (Quorum drive)
  • C:\Windows\Cluster

Microsoft Sharepoint Portal Server

  • : \ Program Files \ SharePoint Portal Server
  • : \ Program Files \ Common Files \ Microsoft Shared \ Web Storage System
  • : \ Windows \ Temp \ Frontpagetempdir
  • M:\

Microsoft Systems Management Server (SMS)

  • SMS \ Inboxes \ SMS_Executive Thread Name
  • SMS_CCM \ ServiceData
  • Microsoft Operations Manager Server (MOM)
  • : \ Documents and Settings \ All Users \ Application Data \ Microsoft \ Microsoft
  • Operations Manager
  • : \ Program Files \ Microsoft Operations Manager 2005

Microsoft Internet Security and Acceleration Server (ISA)

  • : \ Program Files \ Microsoft ISA Server \ ISALogs
  • : \ Program Files \ Microsoft SQL Server \ MSSQL$MSFW \ Data

Microsoft Windows System Update Server (WSUS)

  • \ WSUS
  • \ WsusDatabase

 Hyper-V host server

  • Default virtual machine configuration directory (C:\ProgramData\Microsoft\Windows\Hyper-V)
  • Custom virtual machine configuration directories
  • Default virtual hard disk drive directory (C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks)
  • Custom virtual hard disk drive directories
  • Snapshot directories
  • Vmms.exe (Note: May need to be configured as process exclusions within the antivirus software)
  • Vmwp.exe (Note: May need to be configured as process exclusions within the antivirus software)

Additionally, when use Live Migration together with Cluster Shared Volumes on Windows Server 2008 R2, exclude the CSV path "C:\Clusterstorage" and all its subdirectories.