Comprehensive and Complete, Antivirus Exclusions Guide for All Microsoft Server Products

Comprehensive and Complete, Antivirus Exclusions Guide for All Microsoft Server Products

For years communities have had to create their own best practice documents for proper antivirus software exclusions. Over the years, I've seen many different documents pop up, and they have all been tied a specific area of admin focus.

You might be surprised at how many server and server product problems can actually be tied back to antivirus software. With the many antivirus vendors offering their products for so long, you'd think they would have made adjustments by now to work better with the products they are intended to protect. But, the truth is that antivirus applications are designed to protect the operating system from known vulnerabilities and outbreaks, not the applications that are installed to run on top. So, unless properly configured, antivirus software can lock files and entire directories, causing server issues that are hard to pinpoint.

Imagine antivirus software locking an entire directory full of files that need to be processed by a Windows service designed open the files and then merge the content into a SQL database. If the antivirus software is utilizing real-time protection, or if the scan of that directory happens at just the exact wrong time, corruption can occur. There are many examples like this where antivirus software, though required for modern security protection, can inject curious problems and bring woe to the daily life of the IT Pro. I've personally seen this constantly with System Center Configuration Manager where inventory data never shows up in the SQL database and the number of unprocessed files in a directory keeps growing and growing.

Microsoft has now taken upon themselves to produce a fully official document that outlines all of the servers and services that require antivirus exclusions to work properly.

The download is available here: Windows Antivirus Exclusion Recommendations (Servers, Clients, and Role-Specific)

UPDATE, January 16, 2014: The download has been removed by Microsoft. We are investigating the reasons and will update this article shortly.

This is definitely worth downloading and reviewing. Making the adjustments suggested in the document could save you a lot of time troubleshooting later on, and could also fix some ongoing, annoying problems you have now. Taking careful time to apply the exlusions could make your constant unresolved issues go away immediately.

Here's what the doc covers:

  • General Exclusions
  • Domain Controllers
  • Exchange Server
  • Lync
  • Cluster Servers
  • Hyper-V and System Center Virtual Machine Manager (SCVMM)
  • SQL Server
  • Configuration Manager
  • System Center Operations Manager (SCOM)
  • SharePoint
  • Internet Information Services (IIS) Server
  • Windows server Update Services (WSUS)
  • Microsoft Application Virtualization (App-V) Clients
  • Microsoft Enterprise Desktop Virtualization (Med-V)
  • System Center Data Protection Manager (DPM) Server
  • Internet Security And Acceleration (ISA) Server
  • Forefront Threat Management Gateway (TMG)
  • Forefront Unified Access Gateway (UAG)
  • Internet Information Services (IIS) Server
  • Windows server Update Services (WSUS)
  • Microsoft Application Virtualization (App-V) Clients
  • Microsoft Enterprise Desktop Virtualization (Med-V)
  • System Center Data Protection Manager (DPM) Server
  • Internet Security And Acceleration (ISA) Server
  • Forefront Threat Management Gateway (TMG)
  • Forefront Unified Access Gateway (UAG)
TAGS: Windows 8
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish