Recommendations for antivirus exclusions for SCOM 2016


clip_image002[4] clip_image004[4] clip_image006[4] clip_image008[4] clip_image010[4] clip_image012[4] clip_image014[4]

Microsoft System Center Operations Manager 2016 recommendations for antivirus (AV) exclusions:

1.       Exclusions by process executable

To make exclusions that are based on the process executables, you should use the following processes:

·         monitoringhost.exe


2.       Directory Exclusions:

The following directory-specific exclusions for Operations Manager include real-time scans, scheduled scans, and local scans. These directories that are listed are default application directories. Therefore, you may have to modify these paths based on your specific environment. Only the following Operation Manager-related directories should be excluded.


When a directory that is to be excluded has a directory name greater than 8 characters long, add both the short and long directory names of the directory to the exclusion list. These names are required by some AV programs to traverse the subdirectories.


A? is a wildcard set to replace 1 character or number

Server and SQL

o   ?:\Program Files\Microsoft System Center 2016\Operations Manager\Server\Health Service State ——- > Server Queue and Logs

o   ?:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data    ————- > SQL Data

o   ?:\Data ———- > SCOM Database + Data warehouse + Logs

o   ?:\MSSQL\DATA ———– > Master database and for the Tempdb database

o   ?:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Log ————- > SQL Logs

o   ?:\Windows\Temp ——— > Windows Temp


o   C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State\Health Service Store ——- > Agents Queue and Logs

o   ?:\Windows\Temp ——— > Windows Temp


3.       File Name Extension Exclusion

The following file name extension-specific exclusions for Operations Manager includes real-time scans, scheduled scans, and local scans.

o   .EDB

o   .CHK

o   .LOG

o   .Jrs


4.       Others Functions File-Level Scanner

Virus Scan Enterprise has several functionality which can put in danger SCOM 2016 agents.

For all SCOM 2016 servers and agents do not configure the following functionality:

o   Page files should also be excluded from any real time scanning

o   Do not configure Port Blocking.

o   Do not configure Script Scan.

o   Do not configure Buffer Overflow Protection.


Leave a Reply Please

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s