Антивирус для Windows Server - настраиваем список исключений. Обновлено 11.08.2016

В ходе настройки политик управления клиентами любого антивирусного ПО необходимо определять список каталогов, имён процессов или даже расширений фалов, которые должны исключаться из Real-Time сканирования. Постараюсь собрать в одном месте информацию о рекомендуемых параметрах исключений и по мере необходимости буду его корректировать. Стоит отметить, что список составлен исходя из приложений, которые эксплуатируются в моём рабочем окружении. Список разделен по основным категориям сервисов и там где возможно есть ссылки на официальные рекомендации производителей ПО. Во всех случаях подразумевается что программное обеспечение установлено в каталоги «по умолчанию».

Общие рекомендации

Windows Update files	%windir%\SoftwareDistribution\Datastore\DataStore.edb %windir%\SoftwareDistribution\Datastore\Logs\edb.jrs %windir%\SoftwareDistribution\Datastore\Logs\edb.chk %windir%\SoftwareDistribution\Datastore\Logs\tmp.edb %windir%\SoftwareDistribution\Datastore\Logs\.log
Windows Security files	%windir%\Security\database\.chk %windir%\Security\database\.edb %windir%\Security\database\.jrs %windir%\Security\database\.log %windir%\Security\database\*.sdb
Group Policy related files	%AllUsersProfile%\ntuser.pol %SystemRoot%\System32\GroupPolicy\Machine\Registry.pol
Paging files	pagefile.sys %SystemDrive%\pagefile.sys

Источники информации:

KB822158 - Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows

Контроллеры домена Active Directory

NTDS database files	%windir%\NTDS\ntds.dit %windir%\NTDS\ntds.pat
NTDS transaction log files	%windir%\NTDS\edb.log %windir%\NTDS\res.log %windir%\NTDS\edb*.jrs
NTDS working files	%windir%\NTDS\temp.edb %windir%\NTDS\edb.chk
FRS working files	%windir%\ntfrs\jet\sys\edb.chk %windir%\ntfrs\jet\ntfrs.jdb %windir%\ntfrs\jet\log\.log %windir%\ntfrs\jet\log\.jrs
DFS Replica files	%windir%\SYSVOL_DFSR\domain %windir%\SYSVOL_DFSR
DFS DB and working files	%SystemDrive%\System Volume Information\DFSR %SystemDrive%\System Volume Information\DFSR\$db_normal$ %SystemDrive%\System Volume Information\DFSR\FileIDTable_* %SystemDrive%\System Volume Information\DFSR\SimilarityTable_* %SystemDrive%\System Volume Information\DFSR\Config\.XML %SystemDrive%\System Volume Information\DFSR\database_ %SystemDrive%\System Volume Information\DFSR\database_\$db_dirty$ %SystemDrive%\System Volume Information\DFSR\database_\$db_clean$ %SystemDrive%\System Volume Information\DFSR\database_\$db_lost$ %SystemDrive%\System Volume Information\DFSR\database_\dfsr.db %SystemDrive%\System Volume Information\DFSR\database_\fsr.chk %SystemDrive%\System Volume Information\DFSR\database_\.frx %SystemDrive%\System Volume Information\DFSR\database_\.log %SystemDrive%\System Volume Information\DFSR\database_\fsr*.jrs %SystemDrive%\System Volume Information\DFSR\Private
FRS Replica files	%windir%\SYSVOL\domain %windir%\SYSVOL
FRS Staging directory	%windir%\SYSVOL\staging\domain %windir%\SYSVOL\staging areas
FRS Preinstall directory	%windir%\SYSVOL\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory
Processes	%SystemRoot%\System32\ntfrs.exe %SystemRoot%\System32\dfsr.exe %SystemRoot%\System32\dfsrs.exe

Источники информации:

Серверы с ОС Windows Server 2000 – 2016 с распространенными серверными ролями

Cluster Service files	%QuorumDrive%\MSCS (Например Q:\MSCS) %QuorumDrive%\Cluster (Например Q:\Cluster) %SystemRoot%\Cluster
DHCP Server files	%SystemRoot%\System32\dhcp\.chk %SystemRoot%\System32\dhcp\.edb %SystemRoot%\System32\dhcp\.jrs %SystemRoot%\System32\dhcp\.log %SystemRoot%\System32\dhcp\dhcp.mdb %SystemRoot%\System32\dhcp\dhcp.pat %SystemRoot%\System32\dhcp\backup\.mdb %SystemRoot%\System32\dhcp\backup\.log %SystemRoot%\System32\dhcp\backup\*.chk
DNS Server files	%SystemRoot%\System32\dns\.dns %SystemRoot%\System32\dns\.log %SystemRoot%\System32\dns\BOOT %SystemRoot%\System32\dns.exe
WINS Server files	%SystemRoot%\System32\wins\.chk %SystemRoot%\System32\wins\.log %SystemRoot%\System32\wins\*.mdb
Certificate Services files	%SystemRoot%\System32\catroot2\.edb %SystemRoot%\System32\catroot2\.chk %SystemRoot%\System32\catroot2\.log %SystemRoot%\System32\catroot2\.jrs
TS/RDS Licensing files	%SystemRoot%\System32\lserver\.chk %SystemRoot%\System32\lserver\.edb %SystemRoot%\System32\lserver\.log %SystemRoot%\System32\lserver\.tmp %SystemRoot%\System32\lserver\*.jrs
Print Server files	%SystemRoot%\System32\spool\PRINTERS\.SHD %SystemRoot%\System32\spool\PRINTERS\.SPL
IIS Web Server	%SystemRoot%\IIS Temporary Compressed Files %SystemDrive%\inetpub\temp\IIS Temporary Compressed Files %SystemDrive%\inetpub\logs %SystemRoot%\System32\LogFiles %SystemRoot%\SysWow64\LogFiles %SystemRoot%\system32\inetsrv\w3wp.exe %SystemRoot%\SysWOW64\inetsrv\w3wp.exe

Источники информации:

Серверы с Microsoft Exchange Server 2000 - 2016

Exchange Server Common Folders	%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files %SystemRoot%\IIS Temporary Compressed Files %SystemRoot%\System32\Inetsrv %SystemDrive%\inetpub\logs %Winnt%\Cluster %SystemRoot%\Cluster %SystemDrive%\DAGFileShareWitnesses %windir%\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files %windir%\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files
Exchange Server Common File Name Extensions	.config .dia .wsb .chk .log .edb .stm .jrs .jsl .que .lzx .ci .wid .dir .000 .001 .002 .cfg .grxml .dsc .txt .bin .xml
Exchange Server Common Processes	Cdb.exe Cidaemon.exe Cluster.exe Clussvc.exe ComplianceAuditService.exe %ExchangeInstallPath%Bin\ComplianceAuditService.exe Dsamain.exe %SystemRoot%\System32\Dsamain.exe EdgeCredentialSvc.exe Microsoft.Exchange.EdgeCredentialSvc.exe %ExchangeInstallPath%Bin\Microsoft.Exchange.EdgeCredentialSvc.exe EdgeTransport.exe %ExchangeInstallPath%Bin\EdgeTransport.exe ExFBA.exe GalGrammarGenerator.exe Inetinfo.exe %SystemRoot%\System32\inetsrv\inetinfo.exe W3wp.exe %SystemRoot%\System32\inetsrv\W3wp.exe Emsmta.exe Mssearch.exe Mad.exe Microsoft.Exchange.AddressBook.Service.exe Microsoft.Exchange.AntispamUpdateSvc.exe %ExchangeInstallPath%Bin\Microsoft.Exchange.AntispamUpdateSvc.exe Microsoft.Exchange.ContentFilter.Wrapper.exe %ExchangeInstallPath%TransportRoles\agents\Hygiene\Microsoft.Exchange.ContentFilter.Wrapper.exe %ExchangeInstallPath%Bin\Microsoft.Exchange.Diagnostics.Service.exe Microsoft.Exchange.Cluster.Replayservice.exe Microsoft.Exchange.EdgeSyncSvc.exe %ExchangeInstallPath%Bin\Microsoft.Exchange.EdgeSyncSvc.exe Microsoft.Exchange.Imap4.exe %ExchangeInstallPath%FrontEnd\PopImap\Microsoft.Exchange.Imap4.exe Microsoft.Exchange.Imap4service.exe %ExchangeInstallPath%ClientAccess\PopImap\Microsoft.Exchange.Imap4service.exe Microsoft.Exchange.Infoworker.Assistants.exe Microsoft.Exchange.Monitoring.exe Microsoft.Exchange.Notifications.Broker.exe %ExchangeInstallPath%Bin\Microsoft.Exchange.Notifications.Broker.exe Microsoft.Exchange.Pop3.exe %ExchangeInstallPath%FrontEnd\PopImap\Microsoft.Exchange.Pop3.exe Microsoft.Exchange.Pop3service.exe %ExchangeInstallPath%ClientAccess\PopImap\Microsoft.Exchange.Pop3service.exe Microsoft.Exchange.ProtectedServiceHost.exe %ExchangeInstallPath%Bin\Microsoft.Exchange.ProtectedServiceHost.exe Microsoft.Exchange.RPCClientAccess.Service.exe %ExchangeInstallPath%Bin\Microsoft.Exchange.RPCClientAccess.Service.exe Microsoft.Exchange.Search.Exsearch.exe Microsoft.Exchange.Search.Service.exe %ExchangeInstallPath%Bin\Microsoft.Exchange.Search.Service.exe Microsoft.Exchange.Servicehost.exe %ExchangeInstallPath%Bin\Microsoft.Exchange.Servicehost.exe MSExchangeADTopologyService.exe %ExchangeInstallPath%Bin\Microsoft.Exchange.Directory.TopologyService.exe MSExchangeFDS.exe MSExchangeMailboxAssistants.exe %ExchangeInstallPath%Bin\MSExchangeMailboxAssistants.exe MSExchangeMailboxReplication.exe %ExchangeInstallPath%Bin\MSExchangeMailboxReplication.exe MSExchangeMigrationWorkflow.exe %ExchangeInstallPath%Bin\MSExchangeMigrationWorkflow.exe MSExchangeMailSubmission.exe %ExchangeInstallPath%Bin\MSExchangeSubmission.exe MSExchangeRepl.exe %ExchangeInstallPath%Bin\MSExchangeRepl.exe MSExchangeTransport.exe %ExchangeInstallPath%Bin\MSExchangeTransport.exe MSExchangeTransportLogSearch.exe %ExchangeInstallPath%Bin\MSExchangeTransportLogSearch.exe MSExchangeThrottling.exe %ExchangeInstallPath%Bin\MSExchangeThrottling.exe Msftefd.exe Msftesql.exe Noderunner.exe %ExchangeInstallPath%Bin\Search\Ceres\Runtime\1.0\Noderunner.exe OleConverter.exe %ExchangeInstallPath%Bin\OleConverter.exe ParserServer.exe %ExchangeInstallPath%Bin\Search\Ceres\ParserServer\ParserServer.exe Powershell.exe %SystemRoot%\System32\WindowsPowerShell\v1.0\Powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe SESWorker.exe SpeechService.exe Store.exe Microsoft.Exchange.Store.Service.exe %ExchangeInstallPath%Bin\Microsoft.Exchange.Store.Service.exe Microsoft.Exchange.Store.Worker.exe %ExchangeInstallPath%Bin\Microsoft.Exchange.Store.Worker.exe TranscodingService.exe %ExchangeInstallPath%ClientAccess\Owa\Bin\DocumentViewing\TranscodingService.exe UmService.exe %ExchangeInstallPath%Bin\UmService.exe UmWorkerProcess.exe %ExchangeInstallPath%Bin\UmWorkerProcess.exe Microsoft.Exchange.UM.CallRouter.exe %ExchangeInstallPath%FrontEnd\CallRouter\Microsoft.Exchange.UM.CallRouter.exe %ExchangeInstallPath%FIP-FS\Bin\fms.exe %ExchangeInstallPath%Bin\Search\Ceres\HostController\hostcontrollerservice.exe MSExchangeDagMgmt.exe %ExchangeInstallPath%Bin\MSExchangeDagMgmt.exe MSExchangeDelivery.exe %ExchangeInstallPath%Bin\MSExchangeDelivery.exe MSExchangeFrontendTransport.exe %ExchangeInstallPath%Bin\MSExchangeFrontendTransport.exe MSExchangeHMHost.exe %ExchangeInstallPath%Bin\MSExchangeHMHost.exe MSExchangeHMWorker.exe %ExchangeInstallPath%Bin\MSExchangeHMWorker.exe ScanEngineTest.exe %ExchangeInstallPath%FIP-FS\Bin\ScanEngineTest.exe ScanningProcess.exe %ExchangeInstallPath%FIP-FS\Bin\ScanningProcess.exe UpdateService.exe %ExchangeInstallPath%FIP-FS\Bin\UpdateService.exe MSExchangeCompliance.exe %ExchangeInstallPath%Bin\MSExchangeCompliance.exe wsbexchange.exe %ExchangeInstallPath%Bin\wsbexchange.exe
Exchange Server 2000 & 2003 Folders	C:\Program Files\Exchsrvr\Mtadata C:\Program Files\Exchsrvr\Mtadata\.mta C:\Program Files\Exchsrvr\.log C:\Program Files\Exchsrvr\Mailroot C:\Program Files\Exchsrvr\Srsdata C:\Program Files\Exchsrvr\IMCData C:\Program Files\Exchsrvr\MDBData C:\Program Files\Exchsrvr\Address C:\Program Files\Exchsrvr\Bin C:\Program Files\Exchsrvr\Exchweb C:\Program Files\Exchsrvr\Res C:\Program Files\Exchsrvr\Schema C:\Program Files\Exchsrvr\Conndata
Exchange Server 2007 Folders	%ProgramFiles%\Microsoft\Exchange Server\Mailbox %ProgramFiles%\Microsoft\Exchange Server\Mailbox\MDBTEMP %ProgramFiles%\Microsoft\Exchange Server\TransportRoles %ProgramFiles%\Microsoft\Exchange Server\TransportRoles\Logs %ProgramFiles%\Microsoft\Exchange Server\TransportRoles\Pickup %ProgramFiles%\Microsoft\Exchange Server\TransportRoles\Replay %ProgramFiles%\Microsoft\Exchange Server\TransportRoles\Data\Queue %ProgramFiles%\Microsoft\Exchange Server\TransportRoles\SenderReputation %ProgramFiles%\Microsoft\Exchange Server\TransportRoles\IpFilter %ProgramFiles%\Microsoft\Exchange Server\Logging %ProgramFiles%\Microsoft\Exchange Server\ExchangeOAB %ProgramFiles%\Microsoft\Exchange Server\Working\OleConverter %ProgramFiles%\Microsoft\Exchange Server\TransportRoles\Data\Adam %ProgramFiles%\Microsoft\Exchange Server\ClientAccess %ProgramFiles%\Microsoft\Exchange Server\UnifiedMessaging\grammars %ProgramFiles%\Microsoft\Exchange Server\UnifiedMessaging\Prompts %ProgramFiles%\Microsoft\Exchange Server\UnifiedMessaging\voicemail %ProgramFiles%\Microsoft\Exchange Server\UnifiedMessaging\badvoicemail
Exchange Server 2010-2016 Folders	%ExchangeInstallPath%Mailbox %ExchangeInstallPath%Mailbox\MDBTEMP %ExchangeInstallPath%GroupMetrics %ExchangeInstallPath%TransportRoles\Logs %ExchangeInstallPath%TransportRoles\Logs\Mailbox %ExchangeInstallPath%TransportRoles\Logs\FrontEnd %ExchangeInstallPath%TransportRoles\Pickup %ExchangeInstallPath%TransportRoles\Replay %ExchangeInstallPath%TransportRoles\Data\Queue %ExchangeInstallPath%TransportRoles\Data\SenderReputation %ExchangeInstallPath%TransportRoles\Data\IpFilter %ExchangeInstallPath%TransportRoles\Data\Temp %ExchangeInstallPath%TransportRoles\Data\Adam %ExchangeInstallPath%ClientAccess %ExchangeInstallPath%ClientAccess\OAB %ExchangeInstallPath%ExchangeOAB %ExchangeInstallPath%Working\OleConvertor %ExchangeInstallPath%Logging %ExchangeInstallPath%Logging\POP3 %ExchangeInstallPath%Logging\IMAP4 %ExchangeInstallPath%UnifiedMessaging\grammars %ExchangeInstallPath%UnifiedMessaging\Prompts %ExchangeInstallPath%UnifiedMessaging\voicemail %ExchangeInstallPath%UnifiedMessaging\temp %ExchangeInstallPath%FIP-FS %SystemRoot%\Temp\ExchangeSetup %SystemRoot%\Temp\OICE_*

Forefront Protection for Exchange Server

Forefront Protection for Exchange Server Folders

%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server

%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data\Archive

%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data\Quarantine
%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data\Engines\x86

%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data\Engines\amd64

%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data

Forefront Protection for Exchange Server Processes

Adonavsvc.exe
FscController.exe
FscDiag.exe
FscExec.exe
FscImc.exe
FscManualScanner.exe
FscMonitor.exe
FscRealtimeScanner.exe
FscStarter.exe
FscStatsServ.exe
FscTransportScanner.exe
FscUtility.exe
FsEmailPickup.exe
FssaClient.exe
GetEngineFiles.exe
PerfmonitorSetup.exe
ScanEngineTest.exe
SemSetup.exe

FSCConfigurationServer.exe
FSCEventing.exe
FSCScheduledScanner.exe
MultiEngineScanner.exe
Kavehost.exe
FSCVSSWriter.exe

Forefront Protection for Exchange Server File Name Extensions

.avc
.cab
.cfg
.config
.da1
.dat
.def
.dt
.fdb
.fdm
.ide
.key
.klb
.kli
.lst
.mdb
.ppl
.set
.v3d
.vdb
.vdm

Источники информации:

Серверы с Skype for Business Server 2015

Skype for Business Server Processes

ABServer.exe
AcpMcuSvc.exe
ASMCUSvc.exe
AVMCUSvc.exe
ChannelService.exe
ClsAgent.exe
ComplianceService.exe
DataMCUSvc.exe
DataProxy.exe
FileTransferAgent.exe
HealthAgent.exe
IMMCUSvc.exe
LysSvc.exe
MasterReplicatorAgent.exe
MediaRelaySvc.exe
MediationServerSvc.exe
MRASSvc.exe
OcsAppServerHost.exe
ReplicaReplicatorAgent.exe
ReplicationApp.exe
RtcHost.exe
RTCSrv.exe
XmppProxy.exe
XmppTGW.exe
Fabric.exe
FabricDCA.exe
FabricHost.exe

Skype for Business Server Folders

%SystemRoot%\System32\LogFiles
%SystemRoot%\SysWow64\LogFiles
%SystemRoot%\Microsoft.NET\assembly\GAC_MSIL
%ProgramFiles%\Skype for Business Server 2015
%ProgramFiles%\Common Files\Skype for Business Server 2015\Watcher Node
%ProgramFiles%\Common Files\Skype for Business Server 2015
%ProgramFiles%\Common Files\Skype for Business Online
%SystemDrive%\RtcReplicaRoot

Источники информации:

TechNet Library - Antivirus scanning exclusions for Skype for Business Server 2015

Серверы с SharePoint Server 2003 - 2013

SharePoint Server Common Folders	%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions %SystemDrive%\inetpub\wwwroot\wss\VirtualDirectories %SystemDrive%\inetpub\temp\IIS Temporary Compressed Files %ProgramData%\Microsoft\SharePoint %ProgramData%\Microsoft\SharePoint\Config %SystemDrive%\Documents and Settings\All Users\Application Data\Microsoft\SharePoint\Config %SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files %SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\Config %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\Config %SystemRoot%\System32\LogFiles %SystemRoot%\Syswow64\LogFiles %SystemRoot%\Temp\WebTempDir %SystemRoot%\Temp\FrontPageTempDir %SystemDrive%\Users\Default\AppData\Local\Temp %SystemDrive%\Documents and Settings\Default User\Local Settings\Temp %SystemDrive%\Users\<ServiceAccount>\Local %SystemDrive%\Users\<ServiceAccount>\Local\Temp %SystemDrive%\Documents and Settings\<ServiceAccount>\Local Settings\Application Data %SystemDrive%\Users\<ServiceAccount>\AppData\Local\Temp %SystemDrive%\Users\<ServiceAccount>\AppData\Local\Temp\WebTempDir %SystemDrive%\Users\<account that the search service is running as>\AppData\Local\Temp %SystemDrive%\Documents and Settings\<account that the search service is running as>\Local Settings\Temp
SharePoint Server 2001 - 2003 Folders	%ProgramFiles%\SharePoint Portal Server %ProgramFiles%\Common Files\Microsoft Shared\Web Storage System
Windows SharePoint Services 3.0 & SharePoint Server 2007 Folders	%ProgramFiles%\Microsoft Office Servers\12.0\Data %ProgramFiles%\Microsoft Office Servers\12.0\Logs %ProgramFiles%\Microsoft Office Servers\12.0\Bin %ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\Logs %ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\Data\Applications
SharePoint Server 2010 & SharePoint Foundation 2010 Folders	%ProgramFiles%\Microsoft Office Servers\14.0\Data %ProgramFiles%\Microsoft Office Servers\14.0\Logs %ProgramFiles%\Microsoft Office Servers\14.0\Bin %ProgramFiles%\Microsoft Office Servers\14.0\Synchronization Service %ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\14\Logs %ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\14\Data\Applications
SharePoint Foundation 2013 & SharePoint Server 2013 Folders	%ProgramFiles%\Microsoft Office Servers\15.0\Data %ProgramFiles%\Microsoft Office Servers\15.0\Logs %ProgramFiles%\Microsoft Office Servers\15.0\Bin %ProgramFiles%\Microsoft Office Servers\15.0\Synchronization Service %ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\15\Logs %ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\15\Data\Applications

Источники информации:

Серверы с Microsoft ISA Server / Forefront TMG Medium Business Edition

ISA Server 2000/2004/ 2006, Forefront TMG MBE Folders

%ProgramFiles%\Microsoft ISA Server
%ProgramFiles%\Microsoft ISA Server\ISALogs
%ProgramFiles%\Microsoft SQL Server
%ProgramFiles(x86)%\Microsoft ISA Server
%ProgramFiles(x86)%\Microsoft SQL Server
%SystemRoot%\Temp\ScanStorage
%ProgramFiles(x86)%\Microsoft ISA Server\Logs
D:\urlcache
%SystemDrive%\InetPub

ISA Server 2000/2004/ 2006, Forefront TMG MBE Processes

dsamain.exe
%WinDir%\System32\dsamain.exe

dailysum.exe

%ProgramFiles%\Microsoft ISA Server\dailysum.exe
%ProgramFiles(x86)%\Microsoft ISA Server\dailysum.exe
repgen.exe
%ProgramFiles%\Microsoft ISA Server\repgen.exe
isarepgen.exe
%ProgramFiles%\Microsoft ISA Server\isarepgen.exe
%ProgramFiles(x86)%\Microsoft ISA Server\isarepgen.exe

isadlviewer.exe
%ProgramFiles%\Microsoft ISA Server\isadlviewer.exe
%ProgramFiles(x86)%\Microsoft ISA Server\isadlviewer.exe
wspsrv.exe
%ProgramFiles%\Microsoft ISA Server\wspsrv.exe
%ProgramFiles(x86)%\Microsoft ISA Server\wspsrv.exe
mspadmin.exe
%ProgramFiles%\Microsoft ISA Server\mspadmin.exe
%ProgramFiles(x86)%\Microsoft ISA Server\mspadmin.exe
isastg.exe
%ProgramFiles%\Microsoft ISA Server\isastg.exe
%ProgramFiles(x86)%\Microsoft ISA Server\isastg.exe
w3prefch.exe
%ProgramFiles%\Microsoft ISA Server\w3prefch.exe
%ProgramFiles(x86)%\Microsoft ISA Server\w3prefch.exe
sqlsvr.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL$MSFW\sqlservr.exe
%ProgramFiles(x86)%\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
%ProgramFiles(x86)%\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe

sqlmangr.exe

%ProgramFiles%\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
sqlwriter.exe
%ProgramFiles(x86)%\Microsoft SQL Server\90\Shared\sqlwriter.exe
%WinDir%\System32\inetsrv\inetinfo.exe
%WinDir%\System32\inetsrv\w3wp.exe

Источники информации:

Considerations when using antivirus software on FF Edge Products

Серверы с Microsoft Forefront TMG 2010 / UAG 2010

Forefront TMG/UAG Folders	%ProgramFiles%\Microsoft Forefront Threat Management Gateway %ProgramFiles%\Microsoft Forefront Threat Management Gateway\Logs %ProgramFiles%\Microsoft Forefront Unified Access Gateway %ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS %ProgramFiles%\Microsoft SQL Server\MSSQL10.MSFW %SystemRoot%\Temp\ScanStorage D:\urlcache (каталог файлов веб-кеша TMG может располагаться в другом месте)
Forefront TMG/UAG Processes	dailysum.exe %ProgramFiles%\Microsoft Forefront Threat Management Gateway\dailysum.exe isarepgen.exe %ProgramFiles%\Microsoft Forefront Threat Management Gateway\isarepgen.exe isadlviewer.exe %ProgramFiles%\Microsoft Forefront Threat Management Gateway\isadlviewer.exe IsaManagedCtrl.exe %ProgramFiles%\Microsoft Forefront Threat Management Gateway\IsaManagedCtrl.exe isastg.exe %ProgramFiles%\Microsoft Forefront Threat Management Gateway\isastg.exe mspadmin.exe %ProgramFiles%\Microsoft Forefront Threat Management Gateway\mspadmin.exe wspsrv.exe %ProgramFiles%\Microsoft Forefront Threat Management Gateway\wspsrv.exe w3prefch.exe %ProgramFiles%\Microsoft Forefront Threat Management Gateway\w3prefch.exe DnsAlgSrv.exe %ProgramFiles%\Microsoft Forefront Unified Access Gateway\DnsAlgSrv.exe MonitorMgrCom.exe %ProgramFiles%\Microsoft Forefront Unified Access Gateway\MonitorMgrCom.exe SessionMgrCom.exe %ProgramFiles%\Microsoft Forefront Unified Access Gateway\SessionMgrCom.exe ShareAccess.exe %ProgramFiles%\Microsoft Forefront Unified Access Gateway\ShareAccess.exe uagqessvc.exe %ProgramFiles%\Microsoft Forefront Unified Access Gateway\uagqessvc.exe uagrdpsvc.exe %ProgramFiles%\Microsoft Forefront Unified Access Gateway\uagrdpsvc.exe UserMgrCom.exe %ProgramFiles%\Microsoft Forefront Unified Access Gateway\UserMgrCom.exe WatchDogSrv.exe %ProgramFiles%\Microsoft Forefront Unified Access Gateway\WatchDogSrv.exe whlerrsrv.exe %ProgramFiles%\Microsoft Forefront Unified Access Gateway\whlerrsrv.exe whlios.exe %ProgramFiles%\Microsoft Forefront Unified Access Gateway\whlios.exe sqlservr.exe %ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS\MSSQL\Binn\sqlservr.exe %ProgramFiles%\Microsoft SQL Server\MSSQL10.MSFW\MSSQL\Binn\sqlservr.exe ReportingServicesService.exe %ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS\MSSQL\Binn\ReportingServicesService.exe dsamain.exe %WinDir%\System32\dsamain.exe
Other executable processes (from default FEP Rule Template from SCCM 2012)	IsaApplianceInit.exe IsaMgmt.exe MsFpcSqmAgent.exe NicsRestorer.exe NLBClear.exe UpdateAgent.exe VpnHelpr.exe tmgpolicysuite.exe tmgbpacmd.exe tmgbpa.exe bpa2visio.exe tmgbpapack.exe tmgdatapackager.exe
TMG cache files	.cdat

Источники информации:

Considerations when using antivirus software on FF Edge Products

Серверы баз данных Microsoft SQL Server 2005 – 2016

SQL Server Common Processes	SQLServr.exe ReportingServicesService.exe MSMDSrv.exe
SQL Server Common File Name Extensions	.mdf .ldf .ndf .bak .trn .trc .sqlaudit .sql
SQL Server 2005 Processes	%ProgramFiles%\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLServr.exe %ProgramFiles%\Microsoft SQL Server\MSSQL.2\OLAP\Bin\MSMDSrv.exe %ProgramFiles%\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
SQL Server 2005 Folders	%ProgramFiles%\Microsoft SQL Server\MSSQL.1\MSSQL\Data %ProgramFiles%\Microsoft SQL Server\MSSQL.1\MSSQL\FTData %ProgramFiles%\Microsoft SQL Server\MSSQL.2\OLAP\Log %ProgramFiles%\Microsoft SQL Server\MSSQL.2\OLAP\Backup %ProgramFiles%\Microsoft SQL Server\MSSQL.2\OLAP\Data
SQL Server 2008 Processes	%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLServr.exe %ProgramFiles%\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\Bin\MSMDSrv.exe %ProgramFiles%\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
SQL Server 2008 Folders	%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Data %ProgramFiles%\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\FTData %ProgramFiles%\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\Log %ProgramFiles%\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\Backup %ProgramFiles%\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\Data
SQL Server 2008 R2 Processes	%ProgramFiles%\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLServr.exe %ProgramFiles%\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Bin\MSMDSrv.exe %ProgramFiles%\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
SQL Server 2008 R2 Folders	%ProgramFiles%\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Data %ProgramFiles%\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\FTData %ProgramFiles%\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Log %ProgramFiles%\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Backup %ProgramFiles%\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Data
SQL Server 2012 Processes	%ProgramFiles%\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLServr.exe %ProgramFiles%\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\Bin\MSMDSrv.exe %ProgramFiles%\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
SQL Server 2012 Folders	%ProgramFiles%\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Data %ProgramFiles%\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\FTData %ProgramFiles%\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\Log %ProgramFiles%\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\Backup %ProgramFiles%\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\Data
SQL Server 2014 Processes	%ProgramFiles%\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\SQLServr.exe %ProgramFiles%\Microsoft SQL Server\MSAS12.MSSQLSERVER\OLAP\Bin\MSMDSrv.exe %ProgramFiles%\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
SQL Server 2014 Folders	%ProgramFiles%\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Data %ProgramFiles%\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\FTData %ProgramFiles%\Microsoft SQL Server\MSAS12.MSSQLSERVER\OLAP\Log %ProgramFiles%\Microsoft SQL Server\MSAS12.MSSQLSERVER\OLAP\Backup %ProgramFiles%\Microsoft SQL Server\MSAS12.MSSQLSERVER\OLAP\Data
SQL Server 2016 Processes	%ProgramFiles%\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Binn\SQLServr.exe %ProgramFiles%\Microsoft SQL Server\MSAS13.MSSQLSERVER\OLAP\Bin\MSMDSrv.exe %ProgramFiles%\Microsoft SQL Server\MSRS13.MSSQLSERVER\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
SQL Server 2016 Folders	%ProgramFiles%\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Data %ProgramFiles%\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\FTData %ProgramFiles%\Microsoft SQL Server\MSAS13.MSSQLSERVER\OLAP\Log %ProgramFiles%\Microsoft SQL Server\MSAS13.MSSQLSERVER\OLAP\Backup %ProgramFiles%\Microsoft SQL Server\MSAS13.MSSQLSERVER\OLAP\Data

Примечание: если используются именованные экземпляры SQL Server, то выделенное красным цветом имя экземпляра по-умолчанию MSSQLSERVER нужно заменять на своё имя экземпляра.

Источники информации:

Сторонние серверы баз данных под Windows

Oracle databases files

*.ora

*.ctl

Firebird, dBase, etc files

*.dbf
*.cdx
*.fdb
*.edb
*.ib
*.gdi
*.gdb

Компоненты Microsoft System Center

Microsoft System Center Virtual Machine Manager

SCVMM Common Processes	vmmAgent.exe vmmservice.exe
SCVMM Agent 2008 R2	%ProgramFiles%\Microsoft System Center Virtual Machine Manager 2008 R2\bin\vmmAgent.exe
SCVMM Agent 2012	%ProgramFiles%\Microsoft System Center 2012\Virtual Machine Manager\bin\vmmAgent.exe
SCVMM Server 2012	%ProgramFiles%\Microsoft System Center 2012\Virtual Machine Manager\bin\vmmservice.exe
SCVMM Agent 2012 R2	%ProgramFiles%\Microsoft System Center 2012 R2\Virtual Machine Manager\bin\vmmAgent.exe
SCVMM Server 2012 R2	%ProgramFiles%\Microsoft System Center 2012 R2\Virtual Machine Manager\bin\vmmservice.exe

Microsoft System Center Data Protection Manager

System Center DPM Common Processes	%WinDir%\Microsoft.net\Framework\v2.0.50727\csc.exe %WinDir%\Microsoft.net\Framework\v4.0.30319\csc.exe dpmra.exe %ProgramFiles%\Microsoft Data Protection Manager\DPM\bin\dpmra.exe
System Center 2007-2010 DPM Server Files	%ProgramFiles%\Microsoft DPM\DPM\XSD %ProgramFiles%\Microsoft DPM\DPM\Temp\MTA %ProgramFiles%\Microsoft DPM\DPM\Volumes %ProgramFiles%\Microsoft DPM\DPM\bin\dpmra.exe
System Center 2012 DPM Server Files	%ProgramFiles%\Microsoft System Center 2012\DPM\DPM\XSD %ProgramFiles%\Microsoft System Center 2012\DPM\DPM\Temp\MTA %ProgramFiles%\Microsoft System Center 2012\DPM\DPM\Volumes %ProgramFiles%\Microsoft System Center 2012\DPM\DPM\bin\dpmra.exe
System Center 2012 R2 DPM Server Files	%ProgramFiles%\Microsoft System Center 2012 R2\DPM\DPM\XSD %ProgramFiles%\Microsoft System Center 2012 R2\DPM\DPM\Temp\MTA %ProgramFiles%\Microsoft System Center 2012 R2\DPM\DPM\Volumes %ProgramFiles%\Microsoft System Center 2012 R2\DPM\DPM\bin\dpmra.exe
System Center 2016 DPM Server Files	%ProgramFiles%\Microsoft System Center 2016\DPM\DPM\XSD %ProgramFiles%\Microsoft System Center 2016\DPM\DPM\Temp %ProgramFiles%\Microsoft System Center 2016\DPM\DPM\Volumes %ProgramFiles%\Microsoft System Center 2016\DPM\DPM\bin\dpmra.exe Drive letter of Modern Backup Storage volume %ProgramFiles%\Microsoft Azure Recovery Services Agent\ %ProgramFiles%\Microsoft Azure Recovery Services Agent\bin\cbengine.exe

Источники информации:

Microsoft System Center Operations Manager

SCOM 2005 – 2012 R2 Common File Name Extensions	.chk .log .edb .WKF .PQF .PQF0 .PQF1
SCOM Common Processes	MomHost.exe MonitoringHost.exe HealthService.exe CShost.exe Microsoft.Mom.Sdk.ServiceHost.exe
SCOM 2007 Processes	%ProgramFiles%\System Center Operations Manager 2007\HealthService.exe %ProgramFiles%\System Center Operations Manager 2007\Microsoft.Mom.ConfigServiceHost.exe %ProgramFiles%\System Center Operations Manager 2007\MonitoringHost.exe
SCOM 2007 Folders	%ProgramFiles%\System Center Operations Manager 2007\Health Service State
SCOM 2012 Processes (Server)	%ProgramFiles%\System Center 2012\Operations Manager\Server\monitoringhost.exe %ProgramFiles%\System Center Operations Manager 2012\Server\monitoringhost.exe
SCOM 2012 Processes (Agent)	%ProgramFiles%\System Center Operations Manager\Agent\monitoringhost.exe
SCOM 2012 Folders (Server)	%ProgramFiles%\System Center 2012\Operations Manager\Server\Health Service State %ProgramFiles%\System Center Operations Manager 2012\Server\Health Service State
SCOM 2012 Folders (Agent)	%ProgramFiles%\System Center Operations Manager\Agent\Health Service State
SCOM 2012 R2 Processes (Server)	%ProgramFiles%\System Center 2012\Operations Manager\Server\monitoringhost.exe
SCOM 2012 R2 Processes (Agent)	%ProgramFiles%\System Center Operations Manager\Agent\monitoringhost.exe
SCOM 2012 R2 Folders (Server)	%ProgramFiles%\Microsoft System Center 2012 R2\Operations Manager\Server\Health Service State %ProgramFiles%\System Center Operations Manager\Gateway\ \Health Service State
SCOM 2012 R2 Folders (Agent)	%ProgramFiles%\Microsoft Monitoring Agent\Agent\Health Service State

Источники информации:

Microsoft System Center Configuration Manager

SCCM Server Common Files	%ProgramFiles%\Microsoft Configuration Manager\Install.map %ProgramFiles%\Microsoft Configuration Manager\inboxes %ProgramFiles%\Microsoft Configuration Manager\Logs %ProgramFiles%\SMS_CCM\ServiceData %ProgramFiles(x86)%\Microsoft Configuration Manager\inboxes %ProgramFiles(x86)%\Microsoft Configuration Manager\Logs %ProgramFiles(x86)%\SMS_CCM\ServiceData %SystemDrive%\SMSPKG <DriveLetter>:\SMS_CCM\ServiceData <DriveLetter>:\SMSSIG$ <DriveLetter>:\SMSPKGSIG <DriveLetter>:\SMSPKG <DriveLetter>:\SMSPKG<DriveLetter>$ <DriveLetter>:\SCCMContentLib %SMS_LOG_PATH% %SMS_ADMIN_UI_PATH%
SCCM Agent Common Folders	%SystemRoot%\System32\CCM\Cache %SystemRoot%\ccmcache %SystemRoot%\CCM\Logs
SCCM Server Common Processes	Smsexec.exe Ccmexec.exe CmRcService.exe Sitecomp.exe Smswriter.exe Smssqlbkup.exe

Примечание: значение <DriveLetter> должно быть заменено на конкретные буквы дисков используемых установленным экземпляром SCCM, поэтому желательно, чтобы в организации существовала какая-то стандартизация в этом плане.

Источники информации:

Серверы виртуализации Microsoft Hyper-V

Hyper-V Default Folders

%PUBLIC%\Documents\Hyper-V\Virtual Hard Disks
%ProgramData%\Microsoft\Windows\Hyper-V
%ProgramData%\Microsoft\Windows\Hyper-V\Snapshots
%SystemDrive%\ClusterStorage

Hyper-V Processes

%SystemRoot%\system32\vmwp.exe
%SystemRoot%\system32\vmms.exe
%SystemRoot%\system32\vmicsvc.exe

Hyper-V File

File Name Extensions

.xml
.vhdx
.vhd
.vfd
.avhd
.avhdx

.iso
.vsv
.bin

Источники информации:

Серверы с виртуализацией приложений Microsoft App-V

Clients Windows XP or Windows Server 2003	%USERPROFILE%\Application Data\SoftGrid Client %ALLUSERSPROFILE%\Application Data\Microsoft\Application Virtualization Client %ALLUSERSPROFILE%\Documents\SoftGrid Client
Clients Windows Vista, Windows Server 2008 or later	%USERPROFILE%\AppData\Local\SoftGrid Client %USERPROFILE%\AppData\Roaming\SoftGrid Client %ProgramData%\Microsoft\Application Virtualization Client\SoftGrid Client %ProgramData%\Microsoft\AppV\Client\ %USERPROFILE%\AppData\Local\Microsoft\AppV\Client\

Источники информации:

KB2576031 - Recommended antivirus or antimalware exclusions when troubleshooting Application Virtualization (App-V) client issues

Дополнительные источники информации:

Похожее

Всего комментариев: 5 Комментировать

Обратная ссылка: Antivirus Exclusions « Share IT / 26.05.2011 16:32
itpadla / 09.08.2012 12:05

Reblogged this on Заметки IT Менеджера and commented:
Списки исключений для антивирусов, работающих на Windows Server

Ответить
Обратная ссылка: Развертывание и конфигурирование клиентских компонент Forefront Client Security с помощью GPO | Блог IT-KB / 07.09.2013 19:16
Обратная ссылка: Hyper-V Best Practies | Блог IT-KB / 07.09.2013 19:18
Обратная ссылка: ИТ Вестник №08.2016 | Блог IT-KB / 31.08.2016 15:46

Всего комментариев: 5 Комментировать

Добавить комментарий Отменить ответ

Онлайн-курсы Евгения Лейтана

E-mail подписка на блог

RSS подписка

Архив записей

Мета

Социальные ссылки

Защита SSL

Статистика

Антивирус для Windows Server - настраиваем список исключений. Обновлено 11.08.2016

Общие рекомендации

Контроллеры домена Active Directory

Серверы с ОС Windows Server 2000 – 2016 с распространенными серверными ролями

Серверы с Microsoft Exchange Server 2000 - 2016

Forefront Protection for Exchange Server

Серверы с Skype for Business Server 2015

Серверы с SharePoint Server 2003 - 2013

Серверы с Microsoft ISA Server / Forefront TMG Medium Business Edition

Серверы с Microsoft Forefront TMG 2010 / UAG 2010

Серверы баз данных Microsoft SQL Server 2005 – 2016

Сторонние серверы баз данных под Windows

Компоненты Microsoft System Center

Microsoft System Center Virtual Machine Manager

Microsoft System Center Data Protection Manager

Microsoft System Center Operations Manager

Microsoft System Center Configuration Manager

Серверы виртуализации Microsoft Hyper-V

Серверы с виртуализацией приложений Microsoft App-V

Поделиться ссылкой на эту запись:

Похожее

Всего комментариев: 5 Комментировать

Добавить комментарий Отменить ответ

Онлайн-курсы Евгения Лейтана

E-mail подписка на блог

RSS подписка

Облако меток

Архив записей

Мета

Социальные ссылки

Защита SSL

Статистика