SCCM 2012 Antivirus Exclusions for Servers and Workstations
Hii,
Just sharing the antivirus exclusions for Configuration Manager 2012 Servers and workstations as well.
Please share if anything is missing.
McAfee Exclusion's for Configuration Manager 2012:
1. C:\Windows\TEMP\BootImages
and subfolders.
2. Directories:
%allusersprofile%\NTUser.pol
%systemroot%\system32\GroupPolicy\registry.pol
%windir%\Security\database\*.chk
%windir%\Security\database\*.edb
%windir%\Security\database\*.jrs
%windir%\Security\database\*.log
%windir%\Security\database\*.sdb
%windir%\SoftwareDistribution\Datastore\Datastore.edb
%windir%\SoftwareDistribution\Datastore\Logs\edb.chk
%windir%\SoftwareDistribution\Datastore\Logs\edb*.log
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00001.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00002.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Res1.log
%windir%\SoftwareDistribution\Datastore\Logs\Res2.log
%windir%\SoftwareDistribution\Datastore\Logs\tmp.edb
%programfiles%\Microsoft Configuration Manager\Inboxes\*.*
%programfiles(x86)%\Microsoft Configuration Manager\Inboxes\*.*
%systemroot%\system32\GroupPolicy\Machine\registry.pol"
%systemroot%\system32\GroupPolicy\User\registry.pol"
\SCCMContentLib
\SMSPKG
\SMSPKGC$
\SMSPKGSIG
\SMSSIG$
\Program Files\SMS_CCM\ServiceData
\Program Files\SMS_CCM\Logs
\Program Files\Microsoft Configuration Manager\Logs
\Program Files\Microsoft Configuration Manager\Install.map
\ConfigurationManager DB
\SMSPKGSIG
\SCCMContentLib
\Sources
\SCCMImages
\DatabaseBackup
\SMSPKGE$
\SMSPKGSIG
\SMSSIG$
3. Processes that will be excluded:
Configuration Manager 2012 processes that will be excluded are:
Smsexec.exe
Ccmexec.exe
CmRcService.exe
Sitecomp.exe
Smswriter.exe
Smssqlbbkup.exe
4. SQL Server Exclusion's:
SQL Server 2012 Processes exclude from virus scanning
%ProgramFiles%\Microsoft SQL Server\MSSQL11. <InstanceName>\MSSQL\Binn\SQLServr.exe
%ProgramFiles%\Microsoft SQL Server\MSRS11. <InstanceName>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
%ProgramFiles%\Microsoft SQL Server\MSAS11. <InstanceName>\OLAP\Bin\MSMDSrv.exe
SQL Server data files
*.mdf
*.ldf
*.ndf
SQL Server backup files
These files frequently have one of the following file-name extensions:
*.bak
*.trn
Full-Text catalog files
%Program Files%\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\FTData
Analysis Services backup files
C:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Backup
C:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Log
5. IIS Exclusions:
* .ida
%systemroot%\IIS Temporary Compressed Files
%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files
6. WSUS Exclusions:
*.cab
\WSUS\WSUSContent
\WSUS\UpdateServicesDBFiles
\SoftwareDistribution\Datastore
\SoftwareDistribution\Download
Reference Links:
https://community.mcafee.com/thread/59504
http://www.systemcenterblog.nl/2012/05/09/anti-virus-scan-exclusions-for-configuration-manager-2012/
http://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx
http://support.microsoft.com/kb/309422
http://support.microsoft.com/kb/821749
http://support.microsoft.com/kb/817442
http://support.microsoft.com/kb/900638/en-us
http://technet.microsoft.com/en-us/library/dd939908(WS.10).aspx#av
McAfee Exclusions for workstations:
Turn off scanning of Windows Update or Automatic Update related files
Turn off scanning of the Windows Update or Automatic Update database file (Datastore.edb). This file is located in the following folder:
%windir%\SoftwareDistribution\Datastore
Turn off scanning of the log files that are located in the following folder:
%windir%\SoftwareDistribution\Datastore\Logs
Specifically, exclude the following files:
Res*.log
Edb*.jrs
Edb.chk
Tmp.edb
Turn off scanning of Windows Security files
Add the following files in the %windir%\Security\Database path of the exclusions list:
*.edb
*.sdb
*.log
*.chk
*.jrs
Turn off scanning of Group Policy related files
Group Policy user registry information. These files are located in the following folder:
%allusersprofile%\
Specifically, exclude the following file:
NTUser.pol
Group Policy client settings file. This file is located in the following folder:
%Systemroot%\System32\GroupPolicy\
Specifically, exclude the following file: Registry.pol
For the configuration manager clients the following exclusion will be added:
%windir%ccmcache
\SoftwareDistribution\Datastore
\SoftwareDistribution\Download
Reference Links:
http://support.microsoft.com/kb/822158/en-us
Regards, Syed Fahad Ali
Thanks for sharing this.. Many people will find this useful.
http://www.enhansoft.com/
Similar Messages
-
Does sccm 2012 supports ibcm for linux and unix operating systems
folks,
does SCCM 2012 supports linux and unix operating system for IBCM ..........as per my knowledge it dont what i have learn t through bing........I thought it's not supported for Linux and Unix, see also:
http://blogs.msdn.com/b/teju_shyamsundar/archive/2014/05/23/installing-the-system-center-2012-r2-configuration-manager-client-on-linux-part-2.aspx
My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude -
Antivirus exclusions for RDS 2012 R2
Hi all,
I have a RDS 2012 R2 envirionment. 8 SH servers, 2 WA servers, 2 CB servers (in HA), 1 GW server, 1 x two node Fail over cluster containing the UPD disk files (among other things).
I've been surfing the net to find antivirus exclusions specific to RDS 2012 R2 but didn't find much. Aside from the regualr OS exclusions, are there any specific exclusions for RDS, specifically Session Host Servers? Any special considurations for UPD?
Thanks!
Jesmat.Hi Jesmat,
Thank you for posting in Windows Server Forum.
There is previous version for “Terminal Service Antivirus Exclusions” is available but sorry to inform that “Antivirus
Exclusions for RDS server 2012 R2” is still
not published as Microsoft team is in the process of publishing. Please check
this article for information.
Hope it helps!
Thanks,
Dharmesh -
Antivirus software exclusions for DFS and Hyper-V
I am rolling out an updated antivirus solution to our DFS server and Hyper-V (Windows 2008 and 2012) and I am curious of the following:
1. What are the exclusion suggestions for Hyper-V servers? I found a URL that showed the exceptions to add but I thought there would be more for Hyper-V to exclude.
2. What are the specific exclusions to include for a DFS server? I read somewhere that there were some DFSR hidden folders that need to be included but I would like to know if there is an official suggestion from Microsoft of what files/folders need
to be excluded.Hi,
Anti-virus software should exclude Hyper-V specific files which listed in the article below:
Hyper-V: Anti-Virus Exclusions for Hyper-V Hosts
http://social.technet.microsoft.com/wiki/contents/articles/2179.hyper-v-anti-virus-exclusions-for-hyper-v-hosts.aspx
For the DFS antivirus exclusion, you could refer to the article below:
Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows
http://support.microsoft.com/kb/822158/en-us
Regards,
Mandy
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Hello All
With the given need from the market to manage license compliance proactively - the givven toolsets from MS SCCM 2012 should be capable of handling the given complexity. (reference 27 processes out of SAM ISO 19.770-1:2012
Where can I find the solution accelerator, which guides us to help clients on two tipical use-cases
a.) Client has SCCM 2012 - however not yet established the SAM componentes to it (Contracts, Use-rights and License-Comparizons)
b.) Client has no SCCM yet and wants to start his journey with the Commercial scope right away.
Any guidance highly appreciatedSCCM alone isn't going to fit this need.
You need a License Compliance Solution / Software Asset Management (SAM) solution which SCCM is not.
The issue with those system, they fail of providing clean /usefull data.
Usually the best approach is to collect the data with SCCM, normalize the data for that I used BDNA Normalize, then pull in the SAM.
Like this:
SCCM 2012 - Normalize - SAM
John Marcum | http://myitforum.com/myitforumwp/author/johnmarcum/ -
Hi All,<o:p></o:p>
My team and I are developing a software using java that works closely with IT management software such as SCCM. Our software will be highly dependent on data stored in SCCM. Basically
our software will talk to SCCM to get information about a system managed by SCCM. To be able to do that, our software needs to use a java API that talks to SCCM. Is there a java API for SCCM 2012 that we can use? If there is not, what is the work around to
this issue (integrate a java project with SCCM SDKs)? Any help is appreciated! Thanks!<o:p></o:p>Hi,
As you mentioned, it seems that there is no available Java API for SCCM .
Just curious, what's information you want to get from SCCM.
Based on my experience, you could query the SCCM site database to get almost all the information.
Otherwise, your question seems to be related to SCCM 2012. You may also choose to post there to get more effictive help.
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
Hi
We have one central site server and three primary site servers in SCCM 2007 and completed the SCCM 2012 migration as single hierarchy.
During the migration, We have configured SCCM 2007 Central site server as source hierarchy for data gathering process and configured the "Enable distribution-point sharing for this source site" to make SCCM 2007 distribution points
as SCCM 2012 content shares to serve SCCM 2012 migrated clients. Now we are facing a problem that one of the primary site server's data gathering process did not gather SCCM 2007 DPs even though we configured "Enable distribution-point sharing for this
source site" but data gathering process is completing successfully.
Is anyone have idea, why these SCCM 2007 DPs did not appearing as SCCM 2012 content shares under "Shared Distribution Points"
Thanks in Advance
srkrNow we are facing a problem that one of the primary site server's data gathering process did not gather SCCM 2007 DPs even though we configured "Enable distribution-point sharing for this source
site" but data gathering process is completing successfully.
Earlier all the shared DPs are showing under Shared Distribution Points ? Or since starting itself these DPs are not showing down? Have you checked migmctrl.log for some clue?
Anoop C Nair (My Blog www.AnoopCNair.com)
- Twitter @anoopmannur -
FaceBook Forum For SCCM -
Non Domain Servers and Workstations
Hi,
we are trying to deploy SCCM 2012 clients to non domain servers, and we are also in the process of trying to find out what the best way we can clean up machines from sccm that have not logged in 90days or more.
From my understanding if I turn on only discover machines that have logged on to the domain in a given period of time than that means if a server has not logged in will not be discovered which can be an issue when patching, and also what do I need to do
with the non domain servers with sccm client installed on the servers.
can you please help me with this that would be greatly appreciated
Thanks TomHi,
This blog post does a good job explaining the steps to manage non-domain machines with ConfigMgr 2012:
http://blogs.technet.com/b/anilm/archive/2012/05/06/managing-workgroup-clients-in-configuration-manager-2012.aspx
This technet article also has more detailed information about client communication for workgroup computers:
http://technet.microsoft.com/en-us/library/gg712701.aspx#Plan_Com_X_Forest
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
SCCM 2012 R2 client version 1101 and 1104 queries
There are several samples of collection query code for SCCM 2012 R2 client version 5.00.7958.1000, which is the base R2 client version. Patches can change this to 5.00.7958.1101 and 5.00.7958.1104. But there is a problem. These two patches
display as 1101 and 1104 when you go to Control Panel\Configuration Manager\General tab but when you go to Programs and Features and look in there the DisplayVersion is 5.00.7958.1000--so all query code samples are unable to different between the base versions
and version 1101 and 1004. I have been unable to find out how to write a query that finds version s 1101 and 1104. Does anyone know how to do this? Thanks.Use ClientVersion from SMS_R_System within a console query or ClientVersion0 from V_R_system in a SQL query.
Even this can be deceptive though because the agent only reflects the highest version number of one of its subcomponets. This post, specific to 2007, describes the complexity: http://blog.configmgrftw.com/configmgr-client-hotfix-versioning/.
Specific to your question though, why do you care if either of these hotfixes are distributed to your clients? 2905002 is only necessary during WinPE (and if you are actually not using download on demand content during OSD) and 2910552 is only applicable
if you are rolling out Win 8.1 using a single TS to your XP systems using a refresh methodology.
Jason | http://blog.configmgrftw.com -
SCCM 2012 SP1 - How many servers do I need?
I'm planning a SCCM test environment using SCCM 2012 SP1 with the goal of using DCIP 3.1. DCIP 3.1 only supports up to SCCM 2012 SP1. I'm new to SCCM and I'm planning to follow Kevin Holman's ConfigMgr 2012 SP1 -QuickStart deployment Guide (Sorry, I can't
post links on the forum yet.)
I'm using a virtual environment to build this out so I can create more machines as needed.
In the guide two systems are used, DB3 and CM1 each with designated services. Could those services be safely installed on one machine instead of two? Why choose to split the SQL and Database Services, from the Primary Site Server, Management Server, and Web
Console Server?
Thank you!For a lab and most small(ish) production sites you can get away with 1 server.
John Marcum | http://myitforum.com/myitforumwp/author/johnmarcum/ -
SCCM 2012 - Network requirements for Client communication to primary in a Cross Forest Environment
Hello, I have been trying to get some definitive answers on what network traffic is required between a client and a primary site versus a secondary in a cross forest scenario.
Here is the scenario:
Company A has an existing SCCM 2012 primary Site. Company B (Separate Forest) has now been brought in. One subnet on each side can route to each other and using that one subnet a two way forest
trust has been setup. But the remote offices have IP address overlaps between companies. At some point in the future all assets on company B will be re-IP and brought over to Company A domain. But in the interim it would be nice to get SCCM cross forest clients
working. Upgrading to a CAS model with two Primaries would not be preferred here as this is a temporary solution.
My questions are as follows.
If a secondary site is deployed into Company B Forest/Network. I have seen people online elude to that clients will still need to communicate to the Primary located at Company A, even though they
are assigned to a secondary on Company B’s network. Is this true? Is there any workarounds for this? Is a NAT back to the primary acceptable, or is reverse lookup required?
Will the Primary need to communicate directly to the clients in Company B? If this is in fact a requirement, then this would be a show stopper. But if its only needed for things like client pushes,
then we could work around it.
Thanks"But the remote offices have IP address overlaps between companies"
Technically, this is unsupported because clients, depending upon your boundaries, will not be able to find a local DP since they use IP addresses for this. The only way to work around this is to use AD Site boundaries.
"though they are assigned to a secondary"
Clients are *never* assigned to a secondary site -- that's not what secondary sites are for. Yes, clients require communication with an MP in the primary site where they are assigned. There is no way to change this or work-around this except to put
an MP from the primary site closer to those clients and use the new MP affinity option in R2 CU3.
Reverse lookups are only used to verify names by applications that wish to have this type of functionality (which are very few in number) and have nothing to do with true network traffic. NATing is an issue for the reason I gave above -- DP location.
Remote control, client push, and WoL won't work either because there is no way for the traffic to reach the destination behind the NAT.
All client *agent* communication in ConfigMgr is client initiated in ConfigMgr (remote control, client push, and WoL -- as just mentioned -- are sort of exceptions to this but they don't really involve the client *agent*.)
Jason | http://blog.configmgrftw.com | @jasonsandys -
SCCM 2012 R2 IP for Orchestrator 2012
Hi,
We have Orchestrator 2012 (7.0.1154.0) installed, and I would like to connect it to our SCCM 2012 R2 (5.0.7958.1303) installation with an integration pack.
Does anyone know if I can connect a non-R2 Orchestrator to an R2 SCCM and if so, which IP I should use.
I wish I could upgrade my SC'Orch to R2 but sadly we have some old SharePoint 2007 third-party IP's which do not work with R2, so I don't think that is an option.
Your advice will be greatly appreciated.
TomHi,
you can register and deploy the System Center2012 R2 Integration Pack for SCCM, available here: http://www.microsoft.com/en-us/download/details.aspx?id=39622&WT.mc
System Center 2012 Service Pack 1 - Orchestrator Component Add-ons and Extensions are available here:
http://www.microsoft.com/en-us/download/details.aspx?id=34611
Regards,
Stefan
www.sc-orchestrator.eu ,
Blog sc-orchestrator.eu -
Upgrade to SCCM 2012 R2: WinPE 5.0 and Legacy system.
Hi,
When upgrade to SCCM 2012 SP1 we get WinPE 4.0 boot images, and the PXE-boot did not working with CPU's that do not support NX/PAE/SSE2.
SCCM 2012 R2 need "ADK for Windows 8.1" with WinPE 5.0. I think it is same with WinPE 5.0 that it dont working with CPU's that do not support NX/PAE/SSE2.
Is there something else to considerations with WinPE 5.0 boot with Legacy systems?
ref:
http://blogs.technet.com/b/configmgr_geek_speak/archive/2013/03/03/winpe-4-0-boot-images-not-working-with-cpu-s-that-do-not-support-n
/SaiTechI think the link you posted is broken, but this one works:
http://blogs.technet.com/b/configmgr_geek_speak/archive/2013/03/03/winpe-4-0-boot-images-not-working-with-cpu-s-that-do-not-support-nx-pae-sse2.aspx
You can still use WinPE3.1, for those legacy computers:
http://blogs.technet.com/b/brandonlinton/archive/2013/06/21/how-to-create-and-import-a-winpe-3-1-boot-image-for-use-in-configmgr-2012-sp1-cu2.aspx
http://technet.microsoft.com/en-us/library/dn387582.aspx
http://technet.microsoft.com/en-us/library/hh397288.aspx
Don
(Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!) -
SCCM 2012 NAP Agent goes in and out of compliance approx every 2 min.
I have deployed the SCCM 2012 NAP Agent on a few clients and it goes in and out of compliance approx every 2 min.
So its compliant for 2 min then uncompliant for about 30 sec then compliant again. If I uninstall the single software update I have enforced with NAP on SCCM the update is remediated properly by NAP/SCCM but the cycling in and out of compliance continues.
I did have the agent in sccm set to 2 min evaluation cycle for testing purposes but have now reverted it back to one day. The Health Validation Point is set to 26hrs.
tconnersI reset the sccm NAP evaluation cycle again to 1 day and it took this time.
I cant explain why it was still stuck on 2 min.
tconners -
Sccm 2012 collections of specific servers (terminal servers etc)
Hi,
Please advise what criteria I should use in SCCM 2012 to make collections of specific servers: f.e. terminal servers.
J.
Jan HoedtAdd Win32_Serverfeature to hardware inventory (http://msdn.microsoft.com/en-us/library/cc280268(v=vs.85).aspx) and create collections based on that data.
Torsten Meringer | http://www.mssccmfaq.de
Maybe you are looking for
-
Every time I open an app it asks for my iTunes password
Every time I open any kind of app my phone asks me to sign in to my Itunes. How do I make this stop? This isnt just when I open or download apps within the app store, its every single app i open within my phone.
-
OK. Equipment: Syncmaster 305t delivered up to 2560 resolution with the same cable when connected to Windows machine (will be relevant). New Mac Mini with HDMI out and HDMI to DVI converter (the one apple bundles). It LOOKS like a DVI-dual (I think
-
Yesterday, my Flash CS3 AS2 remote debugging stopped working after I installed a number of Adobe updates and on Mac OS X (Intel) update. Before I installed the updates, I was able to debug any SWF loaded in my browser window with the CS3 debug interf
-
Hi , We have sql Query which never comes out even after 2 hours. DB =10.2.0.4 OS=Solaris 10 billing_trd@MIFEX3> select * from tibex_qscacheloadordering where qsid='QS1'; Execution Plan Plan hash value: 1371436155 | Id | Operation
-
LSMW - 1 to many mapping ?
I want to create an LSMW mapping where my data file will contain a legacy equipment # that could create 1-many equipments in SAP. how can I do a 1 - many mapping? Whre do I handle that in LSMW workbench?