Recommendations for antivirus exclusions for SCOM 2007 R2

clip_image002 clip_image004 clip_image006 clip_image008 clip_image010 clip_image012 clip_image014

Microsoft System Center Operations Manager 2007R2 recommendations for antivirus (AV) exclusions:

1.       Exclusions by process executable:

To make exclusions that are based on the process executables, you should use the following processes:

·         monitoringhost.exe

2.       Directory Exclusions:

The following directory-specific exclusions for Operations Manager include real-time scans, scheduled scans, and local scans. These directories that are listed are default application directories. Therefore, you may have to modify these paths based on your specific environment. Only the following Operation Manager-related directories should be excluded.

Important:

When a directory that is to be excluded has a directory name greater than 8 characters long, add both the short and long directory names of the directory to the exclusion list. These names are required by some AV programs to traverse the subdirectories.

 

? is a wildcard set to replace 1 Drive letter:

 

Server and SQL

 

o   ?:\Program Files\System Center Operations Manager 2007\Health Service State\Health Service Store ———– > SCOM 2007 Queue and Logs

o   ?:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data    ————- > SQL Data

o   ?:\Data ———- > SCOM Database + Data warehouse + Logs

o   ?:\MSSQL\DATA ———– > Master database and for the Tempdb database

o   ?:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Log ————- > SQL Logs

o   ?:\Windows\Temp ——— > Windows Temp

 

Agents

 

o   ?:\Program Files\System Center Operations Manager 2007\Health Service State\Health Service Store ———— >Agents Queue and Logs

o   ?:\Windows\Temp —————- > Windows Temp

 

3.       File Name Extension Exclusion:

The following file name extension-specific exclusions for Operations Manager includes real-time scans, scheduled scans, and local scans.

 

SQL-related extensions

o   .MDF

o   .LDF

 

SCOM 2007 R2

o   .EDB

o   .CHK

o   .LOG

 

4.       Others Functions File-Level Scanner

Virus Scan Enterprise has several functionality which can put in danger SCOM 2007 R2 servers and the agents.

For all SCOM 2007 R2 servers and agents do not configure the following functionality:

o   Page files should also be excluded from any real time scanning

o   Do not configure Port Blocking.

o   Do not configure Script Scan.

o   Do not configure Buffer Overflow Protection.

Advertisements

Leave a Reply Please

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s