Microsoft System Center Operations Manager 2007R2 recommendations for antivirus (AV) exclusions:
1. Exclusions by process executable:
To make exclusions that are based on the process executables, you should use the following processes:
2. Directory Exclusions:
The following directory-specific exclusions for Operations Manager include real-time scans, scheduled scans, and local scans. These directories that are listed are default application directories. Therefore, you may have to modify these paths based on your specific environment. Only the following Operation Manager-related directories should be excluded.
When a directory that is to be excluded has a directory name greater than 8 characters long, add both the short and long directory names of the directory to the exclusion list. These names are required by some AV programs to traverse the subdirectories.
? is a wildcard set to replace 1 Drive letter:
Server and SQL
o ?:\Program Files\System Center Operations Manager 2007\Health Service State\Health Service Store ———– > SCOM 2007 Queue and Logs
o ?:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data ————- > SQL Data
o ?:\Data ———- > SCOM Database + Data warehouse + Logs
o ?:\MSSQL\DATA ———– > Master database and for the Tempdb database
o ?:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Log ————- > SQL Logs
o ?:\Windows\Temp ——— > Windows Temp
o ?:\Program Files\System Center Operations Manager 2007\Health Service State\Health Service Store ———— >Agents Queue and Logs
o ?:\Windows\Temp —————- > Windows Temp
3. File Name Extension Exclusion:
The following file name extension-specific exclusions for Operations Manager includes real-time scans, scheduled scans, and local scans.
SCOM 2007 R2
4. Others Functions File-Level Scanner
Virus Scan Enterprise has several functionality which can put in danger SCOM 2007 R2 servers and the agents.
For all SCOM 2007 R2 servers and agents do not configure the following functionality:
o Page files should also be excluded from any real time scanning
o Do not configure Port Blocking.
o Do not configure Script Scan.
o Do not configure Buffer Overflow Protection.