Re: Trend OfficeScan - Recommended Exemptions?

Hi Mark,

Thank you for the detailed post - I'm almost sorry I asked! I'll get to work
on this list tomorrow before running OfficeScan.

Regards,
Roman

"FHFD Admin" wrote:

Hello Roman! Here is the guidline I just used, graciously provided by on
the posters over on the Microsoft SBS forum:

Mark Storm


Trend Micro CSM Suite File/Folder Exclusions:

Hi Mark:

Listed below are the items and their default locations - your
installation may be different.


Exchange
Exchange Server Database = C:\Program Files\Exchsrvr\Mdbdata (check
location see note above)
Exchange MTA files = C:\Program Files\Exchsrvr\Mtadata
Exchange Message tracking log files = C:\Program
Files\Exchsrvr\server_name.log
Exchange SMTP Mailroot = C:\Program Files\Exchsrvr\Mailroot
Exchange working files = C:\Program Files\Exchsrvr\Mdbdata
C:\Program Files\Exchsrvr\Conndata
Site Replication Service (not normally used in SBS but should be
excluded anyway) =
C:\Program Files\Exchsrvr\srsdata


IIS related Exclusions
IIS System Files = C:\WINDOWS\system32\inetsrv
IIS Compression Folder = C:\WINDOWS\IIS Temporary Compressed Files


Domain Controller related exclusions
Active Directory database files = C:\WINDOWS\NTDS
SYSVOL C:\WINDOWS\SYSVOL
NTFRS Database Files = C:\WINDOWS\ntfrs


Windows SharePoint Services
Temporary SharePoint space = C:\windows\temp\Frontpagetempdir

Service Related Data Bases
DHCP Database Store = C:\WINDOWS\system32\dhcp
WINS Database Store = C:\WINDOWS\system32\wins
X:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Data
X:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Data
X:\Program Files\Microsoft SQL Server\MSSQL\Data


Additional Exclusions
Removable Storage Database (used by SBS Backup) =
C:\Windows\System32\ntmsdata
SBS POP3 connector Failed Mail = C:\Program Files\Microsoft Windows
Small Business Server\Networking\POP3\Failed Mail
SBS POP3 connector Incoming Mail = C:\Program Files\Microsoft Windows
Small Business Server\Networking\POP3\Incoming Mail
Windows Update Store = C:\WINDOWS\SoftwareDistribution\DataStore
X:\urlcache
X:\pagefile.sys

AV Progam Exclusions
x:\Folder where AV puts quarrentined files
X:\<AV application folder>

Desktop Folder Exclusions
These folders need to be excluded in the desktops and notebooks
clients.
Windows Update Store = C:\WINDOWS\SoftwareDistribution\DataStore

SBS Licensing Exclusions
File - %windir%\system32\licstr.cpa
Folder - %windir%\windows\system32\lls
NOTE: Run the License Wiz and backup the licenses to a secure folder.

Terminal Services Licensing Exclusions
C:\WINDOWS\System32\LServer
Should contain the following TS related stuff:

edb.log
edb.chk
res1.log
res2.log
TLSLic.edb
temp.edb

Also, Refer to the MS KB Articles
815623
822158
245822
284947

Per 822158
The Windows Update or Automatic Update database file
%windir%\SoftwareDistribution\Datastore\datastore.edb

The transaction log files. These files are located in the following
folder
%windir%\SoftwareDistribution\Datastore\Logs\edb*.log
Note The wildcard character indicates that there may be several files.
. Res1.log
. Res2.log
. Edb.chk
. Tmp.edb

Per 815623
In summary, the targeted and excluded list of folders for a SYSVOL
tree that is placed in its default location would look similar to the
following:
1. %systemroot%\sysvol Exclude
2. %systemroot%\sysvol\domain Scan
3. %systemroot%\sysvol\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory
Exclude
4. %systemroot%\sysvol\domain\Policies Scan
5. %systemroot%\sysvol\domain\Scripts Scan
6. %systemroot%\sysvol\staging Exclude
7. %systemroot%\sysvol\staging areas Exclude
8. %systemroot%\sysvol\sysvol Exclude

If any one of these folder or files have been moved or placed in a
different location, scan or exclude the equivalent element.

. DFS
The same resources that are excluded for a SYSVOL replica set must
also be excluded when FRS is used to replicate shares that are mapped
to the DFS root and link targets on Windows 2000 or Windows Server
2003-based member computers or domain controllers.

Aren't you sorry you asked?

--
Larry
"Roman" <roman(at)romanportal(dot)com> wrote in message
news:684B7171-CA1F-4E16-8AF7-7FF6F400E1D8@xxxxxxxxxxxxxxxx
I'm deploying Trend OfficeScan across a small 5 client single server
network.
Are there any recommended antivirus scan Exemption Rules for Server 2003
R2
x64 that should be in place?

The server is running Terminal Services with the Office suite so e-mail
etc
is stored on the server.



.

Relevant Pages

  • Re: Antivirus exclude folders?
    ... Active Directory database files = C:\WINDOWS\NTDS ... Entire SYSVOL folder may be overkill. ... Windows SharePoint Services ... scan or exclude the equivalent element. ...
    (microsoft.public.windows.server.sbs)
  • Re: Trend OfficeScan - Recommended Exemptions?
    ... Site Replication Service (not normally used in SBS but should be ... Windows SharePoint Services ... X:\<AV application folder> ... %systemroot%\sysvol Exclude ...
    (microsoft.public.windows.server.general)
  • Re: How to avoid data corruption in the SoftwareDistribution folder
    ... Security Center and I could not find anyway to not scan the folder and/or files in question. ... The only option was to not scan the drive Windows itself is on and that seems a little much to me. ... Do not exclude any one of these based on the file name extension. ... The Windows Update or Automatic Update database file. ...
    (microsoft.public.windowsupdate)
  • Re: Trend Micro Folder/File Exclusions (SBS2003 R2)
    ... Active Directory database files = C:\WINDOWS\NTDS ... Windows SharePoint Services ... X:\<AV application folder> ... %systemroot%\sysvol Exclude ...
    (microsoft.public.windows.server.sbs)
  • Re: Trend Micro Folder/File Exclusions (SBS2003 R2)
    ... Exchange MTA files = C:\Program Files\Exchsrvr\Mtadata ... Active Directory database files = C:\WINDOWS\NTDS ... Windows SharePoint Services ... X:\<AV application folder> ...
    (microsoft.public.windows.server.sbs)