Антивирус для Windows Server - настраиваем список исключений. Обновлено 11.08.2016

08.08.2012 Автор:Алексей Максимов
7 432 Просмотров 5 комментариев

imageВ ходе настройки политик управления клиентами любого антивирусного ПО необходимо определять список каталогов, имён процессов или даже расширений фалов, которые должны исключаться из Real-Time сканирования. Постараюсь собрать в одном месте информацию о рекомендуемых параметрах исключений и по мере необходимости буду его корректировать.  Стоит отметить, что список составлен исходя из приложений, которые эксплуатируются в моём рабочем окружении. Список разделен по основным категориям сервисов и там где возможно есть ссылки на официальные рекомендации производителей ПО. Во всех случаях подразумевается что программное обеспечение установлено в каталоги «по умолчанию».

Общие рекомендации

Windows Update files

%windir%\SoftwareDistribution\Datastore\DataStore.edb
%windir%\SoftwareDistribution\Datastore\Logs\edb*.jrs
%windir%\SoftwareDistribution\Datastore\Logs\edb.chk
%windir%\SoftwareDistribution\Datastore\Logs\tmp.edb
%windir%\SoftwareDistribution\Datastore\Logs\*.log

Windows Security files

%windir%\Security\database\*.chk

%windir%\Security\database\*.edb
%windir%\Security\database\*.jrs
%windir%\Security\database\*.log
%windir%\Security\database\*.sdb

Group Policy related files

%AllUsersProfile%\ntuser.pol
%SystemRoot%\System32\GroupPolicy\Machine\Registry.pol

Paging files

pagefile.sys
%SystemDrive%\pagefile.sys

Источники информации:

 

Контроллеры домена AD
NTDS database files

%windir%\NTDS\ntds.dit
%windir%\NTDS\ntds.pat
NTDS transaction log files

%windir%\NTDS\edb*.log
%windir%\NTDS\res*.log
%windir%\NTDS\edb*.jrs
NTDS working files

%windir%\NTDS\temp.edb
%windir%\NTDS\edb.chk
FRS working files

%windir%\ntfrs\jet\sys\edb.chk
%windir%\ntfrs\jet\ntfrs.jdb
%windir%\ntfrs\jet\log\*.log
%windir%\ntfrs\jet\log\*.jrs
DFS Replica files

%windir%\SYSVOL_DFSR\domain
%windir%\SYSVOL_DFSR
DFS DB and working files

%SystemDrive%\System Volume Information\DFSR
%SystemDrive%\System Volume Information\DFSR\$db_normal$
%SystemDrive%\System Volume Information\DFSR\FileIDTable_*
%SystemDrive%\System Volume Information\DFSR\SimilarityTable_*
%SystemDrive%\System Volume Information\DFSR\Config\*.XML
%SystemDrive%\System Volume Information\DFSR\database_*

%SystemDrive%\System Volume Information\DFSR\database_*\$db_dirty$

%SystemDrive%\System Volume Information\DFSR\database_*\$db_clean$
%SystemDrive%\System Volume Information\DFSR\database_*\$db_lost$
%SystemDrive%\System Volume Information\DFSR\database_*\dfsr.db

%SystemDrive%\System Volume Information\DFSR\database_*\fsr.chk

%SystemDrive%\System Volume Information\DFSR\database_*\*.frx
%SystemDrive%\System Volume Information\DFSR\database_*\*.log
%SystemDrive%\System Volume Information\DFSR\database_*\fsr*.jrs
%SystemDrive%\System Volume Information\DFSR\Private
FRS Replica files

%windir%\SYSVOL\domain
%windir%\SYSVOL
FRS Staging directory

%windir%\SYSVOL\staging\domain
%windir%\SYSVOL\staging areas
FRS Preinstall directory

%windir%\SYSVOL\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory
Processes

%SystemRoot%\System32\ntfrs.exe
%SystemRoot%\System32\dfsr.exe
%SystemRoot%\System32\dfsrs.exe

Источники информации:

 

Серверы с ОС Windows Server 2000 – 2012 R2 с распространенными серверными ролями

 

Cluster Service files

%QuorumDrive%\MSCS (Например Q:\MSCS)
%QuorumDrive%\Cluster (Например Q:\Cluster)
%SystemRoot%\Cluster

DHCP Server files

%SystemRoot%\System32\dhcp\*.chk

%SystemRoot%\System32\dhcp\*.edb

%SystemRoot%\System32\dhcp\*.jrs

%SystemRoot%\System32\dhcp\*.log

%SystemRoot%\System32\dhcp\dhcp.mdb

%SystemRoot%\System32\dhcp\dhcp.pat
%SystemRoot%\System32\dhcp\backup\*.mdb
%SystemRoot%\System32\dhcp\backup\*.log
%SystemRoot%\System32\dhcp\backup\*.chk

DNS Server files

%SystemRoot%\System32\dns\*.dns
%SystemRoot%\System32\dns\*.log
%SystemRoot%\System32\dns\BOOT
%SystemRoot%\System32\dns.exe

WINS Server files

%SystemRoot%\System32\wins\*.chk
%SystemRoot%\System32\wins\*.log
%SystemRoot%\System32\wins\*.mdb

Certificate Services files

%SystemRoot%\System32\catroot2\*.edb

%SystemRoot%\System32\catroot2\*.chk

%SystemRoot%\System32\catroot2\*.log

%SystemRoot%\System32\catroot2\*.jrs

TS/RDS Licensing files

%SystemRoot%\System32\lserver\*.chk

%SystemRoot%\System32\lserver\*.edb

%SystemRoot%\System32\lserver\*.log

%SystemRoot%\System32\lserver\*.tmp

%SystemRoot%\System32\lserver\*.jrs

Print Server files

%SystemRoot%\System32\spool\PRINTERS\*.SHD

%SystemRoot%\System32\spool\PRINTERS\*.SPL
IIS Web Server

%SystemRoot%\IIS Temporary Compressed Files
%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files
%SystemDrive%\inetpub\logs
%SystemRoot%\System32\LogFiles
%SystemRoot%\SysWow64\LogFiles
%SystemRoot%\system32\inetsrv\w3wp.exe
%SystemRoot%\SysWOW64\inetsrv\w3wp.exe

Источники информации:

 

 

Серверы с Microsoft Exchange Server 2000 - 2016

 

Exchange Server Common Folders

%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files
%SystemRoot%\IIS Temporary Compressed Files
%SystemRoot%\System32\Inetsrv
%SystemDrive%\inetpub\logs
%Winnt%\Cluster
%SystemRoot%\Cluster
%SystemDrive%\DAGFileShareWitnesses
%windir%\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files
%windir%\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files
Exchange Server Common File Name Extensions

.config
.dia
.wsb
.chk
.log
.edb

.stm
.jrs

.jsl
.que
.lzx
.ci
.wid
.dir
.000
.001
.002
.cfg
.grxml

.dsc
.txt
.bin
.xml
Exchange Server Common Processes

Cdb.exe
Cidaemon.exe
Cluster.exe
Clussvc.exe

ComplianceAuditService.exe
%ExchangeInstallPath%Bin\ComplianceAuditService.exe
Dsamain.exe
%SystemRoot%\System32\Dsamain.exe
EdgeCredentialSvc.exe
Microsoft.Exchange.EdgeCredentialSvc.exe
%ExchangeInstallPath%Bin\Microsoft.Exchange.EdgeCredentialSvc.exe
EdgeTransport.exe
%ExchangeInstallPath%Bin\EdgeTransport.exe
ExFBA.exe
GalGrammarGenerator.exe
Inetinfo.exe
%SystemRoot%\System32\inetsrv\inetinfo.exe
W3wp.exe
%SystemRoot%\System32\inetsrv\W3wp.exe
Emsmta.exe
Mssearch.exe
Mad.exe
Microsoft.Exchange.AddressBook.Service.exe
Microsoft.Exchange.AntispamUpdateSvc.exe
%ExchangeInstallPath%Bin\Microsoft.Exchange.AntispamUpdateSvc.exe
Microsoft.Exchange.ContentFilter.Wrapper.exe
%ExchangeInstallPath%TransportRoles\agents\Hygiene\Microsoft.Exchange.ContentFilter.Wrapper.exe
%ExchangeInstallPath%Bin\Microsoft.Exchange.Diagnostics.Service.exe
Microsoft.Exchange.Cluster.Replayservice.exe
Microsoft.Exchange.EdgeSyncSvc.exe
%ExchangeInstallPath%Bin\Microsoft.Exchange.EdgeSyncSvc.exe
Microsoft.Exchange.Imap4.exe
%ExchangeInstallPath%FrontEnd\PopImap\Microsoft.Exchange.Imap4.exe
Microsoft.Exchange.Imap4service.exe
%ExchangeInstallPath%ClientAccess\PopImap\Microsoft.Exchange.Imap4service.exe
Microsoft.Exchange.Infoworker.Assistants.exe
Microsoft.Exchange.Monitoring.exe
Microsoft.Exchange.Notifications.Broker.exe
%ExchangeInstallPath%Bin\Microsoft.Exchange.Notifications.Broker.exe
Microsoft.Exchange.Pop3.exe
%ExchangeInstallPath%FrontEnd\PopImap\Microsoft.Exchange.Pop3.exe
Microsoft.Exchange.Pop3service.exe
%ExchangeInstallPath%ClientAccess\PopImap\Microsoft.Exchange.Pop3service.exe
Microsoft.Exchange.ProtectedServiceHost.exe
%ExchangeInstallPath%Bin\Microsoft.Exchange.ProtectedServiceHost.exe
Microsoft.Exchange.RPCClientAccess.Service.exe
%ExchangeInstallPath%Bin\Microsoft.Exchange.RPCClientAccess.Service.exe
Microsoft.Exchange.Search.Exsearch.exe
Microsoft.Exchange.Search.Service.exe
%ExchangeInstallPath%Bin\Microsoft.Exchange.Search.Service.exe
Microsoft.Exchange.Servicehost.exe
%ExchangeInstallPath%Bin\Microsoft.Exchange.Servicehost.exe
MSExchangeADTopologyService.exe
%ExchangeInstallPath%Bin\Microsoft.Exchange.Directory.TopologyService.exe
MSExchangeFDS.exe
MSExchangeMailboxAssistants.exe
%ExchangeInstallPath%Bin\MSExchangeMailboxAssistants.exe
MSExchangeMailboxReplication.exe
%ExchangeInstallPath%Bin\MSExchangeMailboxReplication.exe
MSExchangeMigrationWorkflow.exe
%ExchangeInstallPath%Bin\MSExchangeMigrationWorkflow.exe
MSExchangeMailSubmission.exe
%ExchangeInstallPath%Bin\MSExchangeSubmission.exe
MSExchangeRepl.exe
%ExchangeInstallPath%Bin\MSExchangeRepl.exe
MSExchangeTransport.exe
%ExchangeInstallPath%Bin\MSExchangeTransport.exe
MSExchangeTransportLogSearch.exe
%ExchangeInstallPath%Bin\MSExchangeTransportLogSearch.exe
MSExchangeThrottling.exe
%ExchangeInstallPath%Bin\MSExchangeThrottling.exe
Msftefd.exe
Msftesql.exe
Noderunner.exe
%ExchangeInstallPath%Bin\Search\Ceres\Runtime\1.0\Noderunner.exe
OleConverter.exe
%ExchangeInstallPath%Bin\OleConverter.exe
ParserServer.exe
%ExchangeInstallPath%Bin\Search\Ceres\ParserServer\ParserServer.exe
Powershell.exe
%SystemRoot%\System32\WindowsPowerShell\v1.0\Powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe
SESWorker.exe
SpeechService.exe
Store.exe
Microsoft.Exchange.Store.Service.exe
%ExchangeInstallPath%Bin\Microsoft.Exchange.Store.Service.exe
Microsoft.Exchange.Store.Worker.exe
%ExchangeInstallPath%Bin\Microsoft.Exchange.Store.Worker.exe
TranscodingService.exe
%ExchangeInstallPath%ClientAccess\Owa\Bin\DocumentViewing\TranscodingService.exe
UmService.exe
%ExchangeInstallPath%Bin\UmService.exe
UmWorkerProcess.exe
%ExchangeInstallPath%Bin\UmWorkerProcess.exe
Microsoft.Exchange.UM.CallRouter.exe
%ExchangeInstallPath%FrontEnd\CallRouter\Microsoft.Exchange.UM.CallRouter.exe
%ExchangeInstallPath%FIP-FS\Bin\fms.exe
%ExchangeInstallPath%Bin\Search\Ceres\HostController\hostcontrollerservice.exe
MSExchangeDagMgmt.exe
%ExchangeInstallPath%Bin\MSExchangeDagMgmt.exe
MSExchangeDelivery.exe
%ExchangeInstallPath%Bin\MSExchangeDelivery.exe
MSExchangeFrontendTransport.exe
%ExchangeInstallPath%Bin\MSExchangeFrontendTransport.exe
MSExchangeHMHost.exe
%ExchangeInstallPath%Bin\MSExchangeHMHost.exe
MSExchangeHMWorker.exe
%ExchangeInstallPath%Bin\MSExchangeHMWorker.exe
ScanEngineTest.exe
%ExchangeInstallPath%FIP-FS\Bin\ScanEngineTest.exe
ScanningProcess.exe
%ExchangeInstallPath%FIP-FS\Bin\ScanningProcess.exe
UpdateService.exe
%ExchangeInstallPath%FIP-FS\Bin\UpdateService.exe
MSExchangeCompliance.exe
%ExchangeInstallPath%Bin\MSExchangeCompliance.exe
wsbexchange.exe
%ExchangeInstallPath%Bin\wsbexchange.exe
Exchange Server 2000 & 2003 Folders

C:\Program Files\Exchsrvr\Mtadata
C:\Program Files\Exchsrvr\Mtadata\*.mta
C:\Program Files\Exchsrvr\*.log
C:\Program Files\Exchsrvr\Mailroot
C:\Program Files\Exchsrvr\Srsdata
C:\Program Files\Exchsrvr\IMCData
C:\Program Files\Exchsrvr\MDBData
C:\Program Files\Exchsrvr\Address
C:\Program Files\Exchsrvr\Bin
C:\Program Files\Exchsrvr\Exchweb
C:\Program Files\Exchsrvr\Res
C:\Program Files\Exchsrvr\Schema
C:\Program Files\Exchsrvr\Conndata
Exchange Server 2007 Folders

%ProgramFiles%\Microsoft\Exchange Server\Mailbox
%ProgramFiles%\Microsoft\Exchange Server\Mailbox\MDBTEMP
%ProgramFiles%\Microsoft\Exchange Server\TransportRoles

%ProgramFiles%\Microsoft\Exchange Server\TransportRoles\Logs

%ProgramFiles%\Microsoft\Exchange Server\TransportRoles\Pickup
%ProgramFiles%\Microsoft\Exchange Server\TransportRoles\Replay
%ProgramFiles%\Microsoft\Exchange Server\TransportRoles\Data\Queue
%ProgramFiles%\Microsoft\Exchange Server\TransportRoles\SenderReputation
%ProgramFiles%\Microsoft\Exchange Server\TransportRoles\IpFilter

%ProgramFiles%\Microsoft\Exchange Server\Logging
%ProgramFiles%\Microsoft\Exchange Server\ExchangeOAB
%ProgramFiles%\Microsoft\Exchange Server\Working\OleConverter

%ProgramFiles%\Microsoft\Exchange Server\TransportRoles\Data\Adam

%ProgramFiles%\Microsoft\Exchange Server\ClientAccess

%ProgramFiles%\Microsoft\Exchange Server\UnifiedMessaging\grammars
%ProgramFiles%\Microsoft\Exchange Server\UnifiedMessaging\Prompts
%ProgramFiles%\Microsoft\Exchange Server\UnifiedMessaging\voicemail
%ProgramFiles%\Microsoft\Exchange Server\UnifiedMessaging\badvoicemail
Exchange Server 2010-2016 Folders

%ExchangeInstallPath%Mailbox
%ExchangeInstallPath%Mailbox\MDBTEMP

%ExchangeInstallPath%GroupMetrics
%ExchangeInstallPath%TransportRoles\Logs
%ExchangeInstallPath%TransportRoles\Logs\Mailbox
%ExchangeInstallPath%TransportRoles\Logs\FrontEnd

%ExchangeInstallPath%TransportRoles\Pickup
%ExchangeInstallPath%TransportRoles\Replay
%ExchangeInstallPath%TransportRoles\Data\Queue
%ExchangeInstallPath%TransportRoles\Data\SenderReputation
%ExchangeInstallPath%TransportRoles\Data\IpFilter
%ExchangeInstallPath%TransportRoles\Data\Temp
%ExchangeInstallPath%TransportRoles\Data\Adam
%ExchangeInstallPath%ClientAccess
%ExchangeInstallPath%ClientAccess\OAB
%ExchangeInstallPath%ExchangeOAB
%ExchangeInstallPath%Working\OleConvertor
%ExchangeInstallPath%Logging
%ExchangeInstallPath%Logging\POP3
%ExchangeInstallPath%Logging\IMAP4
%ExchangeInstallPath%UnifiedMessaging\grammars
%ExchangeInstallPath%UnifiedMessaging\Prompts
%ExchangeInstallPath%UnifiedMessaging\voicemail
%ExchangeInstallPath%UnifiedMessaging\temp
%ExchangeInstallPath%FIP-FS
%SystemRoot%\Temp\ExchangeSetup
%SystemRoot%\Temp\OICE_*
Forefront Protection for Exchange Server

 

Forefront Protection for Exchange Server Folders

%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server

%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data\Archive

%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data\Quarantine
%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data\Engines\x86

%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data\Engines\amd64

%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data
Forefront Protection for Exchange Server Processes

Adonavsvc.exe
FscController.exe
FscDiag.exe
FscExec.exe
FscImc.exe
FscManualScanner.exe
FscMonitor.exe
FscRealtimeScanner.exe
FscStarter.exe
FscStatsServ.exe
FscTransportScanner.exe
FscUtility.exe
FsEmailPickup.exe
FssaClient.exe
GetEngineFiles.exe
PerfmonitorSetup.exe
ScanEngineTest.exe
SemSetup.exe

FSCConfigurationServer.exe
FSCEventing.exe
FSCScheduledScanner.exe
MultiEngineScanner.exe
Kavehost.exe
FSCVSSWriter.exe
Forefront Protection for Exchange Server File Name Extensions

.avc
.cab
.cfg
.config
.da1
.dat
.def
.dt
.fdb
.fdm
.ide
.key
.klb
.kli
.lst
.mdb
.ppl
.set
.v3d
.vdb
.vdm

Источники информации:

 

Серверы с Skype for Business Server 2015

 

Skype for Business Server Processes

ABServer.exe
AcpMcuSvc.exe
ASMCUSvc.exe
AVMCUSvc.exe
ChannelService.exe
ClsAgent.exe
ComplianceService.exe
DataMCUSvc.exe
DataProxy.exe
FileTransferAgent.exe
HealthAgent.exe
IMMCUSvc.exe
LysSvc.exe
MasterReplicatorAgent.exe
MediaRelaySvc.exe
MediationServerSvc.exe
MRASSvc.exe
OcsAppServerHost.exe
ReplicaReplicatorAgent.exe
ReplicationApp.exe
RtcHost.exe
RTCSrv.exe
XmppProxy.exe
XmppTGW.exe
Fabric.exe
FabricDCA.exe
FabricHost.exe
Skype for Business Server Folders

%SystemRoot%\System32\LogFiles
%SystemRoot%\SysWow64\LogFiles
%SystemRoot%\Microsoft.NET\assembly\GAC_MSIL
%ProgramFiles%\Skype for Business Server 2015
%ProgramFiles%\Common Files\Skype for Business Server 2015\Watcher Node
%ProgramFiles%\Common Files\Skype for Business Server 2015
%ProgramFiles%\Common Files\Skype for Business Online
%SystemDrive%\RtcReplicaRoot

Источники информации:

 

 

Серверы с SharePoint Server 2003 - 2013

 

SharePoint Server Common Folders

%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions
%SystemDrive%\inetpub\wwwroot\wss\VirtualDirectories
%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files
%ProgramData%\Microsoft\SharePoint
%ProgramData%\Microsoft\SharePoint\Config
%SystemDrive%\Documents and Settings\All Users\Application Data\Microsoft\SharePoint\Config
%SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files
%SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\Config
%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files
%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\Config
%SystemRoot%\System32\LogFiles
%SystemRoot%\Syswow64\LogFiles
%SystemRoot%\Temp\WebTempDir
%SystemRoot%\Temp\FrontPageTempDir
%SystemDrive%\Users\Default\AppData\Local\Temp
%SystemDrive%\Documents and Settings\Default User\Local Settings\Temp
%SystemDrive%\Users\<ServiceAccount>\Local
%SystemDrive%\Users\<ServiceAccount>\Local\Temp
%SystemDrive%\Documents and Settings\<ServiceAccount>\Local Settings\Application Data
%SystemDrive%\Users\<ServiceAccount>\AppData\Local\Temp
%SystemDrive%\Users\<ServiceAccount>\AppData\Local\Temp\WebTempDir
%SystemDrive%\Users\<account that the search service is running as>\AppData\Local\Temp
%SystemDrive%\Documents and Settings\<account that the search service is running as>\Local Settings\Temp
SharePoint Server 2001 - 2003 Folders

%ProgramFiles%\SharePoint Portal Server
%ProgramFiles%\Common Files\Microsoft Shared\Web Storage System
Windows SharePoint Services 3.0 & SharePoint Server 2007 Folders

%ProgramFiles%\Microsoft Office Servers\12.0\Data
%ProgramFiles%\Microsoft Office Servers\12.0\Logs
%ProgramFiles%\Microsoft Office Servers\12.0\Bin
%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\Logs
%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\Data\Applications
SharePoint Server 2010 & SharePoint Foundation 2010 Folders

%ProgramFiles%\Microsoft Office Servers\14.0\Data
%ProgramFiles%\Microsoft Office Servers\14.0\Logs
%ProgramFiles%\Microsoft Office Servers\14.0\Bin
%ProgramFiles%\Microsoft Office Servers\14.0\Synchronization Service
%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\14\Logs
%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\14\Data\Applications
SharePoint Foundation 2013 & SharePoint Server 2013 Folders

%ProgramFiles%\Microsoft Office Servers\15.0\Data
%ProgramFiles%\Microsoft Office Servers\15.0\Logs
%ProgramFiles%\Microsoft Office Servers\15.0\Bin
%ProgramFiles%\Microsoft Office Servers\15.0\Synchronization Service
%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\15\Logs
%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\15\Data\Applications

Источники информации:

 

Серверы с Microsoft ISA Server / Forefront TMG Medium Business Edition

 

ISA Server 2000/2004/ 2006, Forefront TMG MBE Folders

%ProgramFiles%\Microsoft ISA Server
%ProgramFiles%\Microsoft ISA Server\ISALogs
%ProgramFiles%\Microsoft SQL Server
%ProgramFiles(x86)%\Microsoft ISA Server
%ProgramFiles(x86)%\Microsoft SQL Server
%SystemRoot%\Temp\ScanStorage
%ProgramFiles(x86)%\Microsoft ISA Server\Logs
D:\urlcache
%SystemDrive%\InetPub

ISA Server 2000/2004/ 2006, Forefront TMG MBE Processes

dsamain.exe
%WinDir%\System32\dsamain.exe

dailysum.exe

%ProgramFiles%\Microsoft ISA Server\dailysum.exe
%ProgramFiles(x86)%\Microsoft ISA Server\dailysum.exe
repgen.exe
%ProgramFiles%\Microsoft ISA Server\repgen.exe
isarepgen.exe
%ProgramFiles%\Microsoft ISA Server\isarepgen.exe
%ProgramFiles(x86)%\Microsoft ISA Server\isarepgen.exe

isadlviewer.exe
%ProgramFiles%\Microsoft ISA Server\isadlviewer.exe
%ProgramFiles(x86)%\Microsoft ISA Server\isadlviewer.exe
wspsrv.exe
%ProgramFiles%\Microsoft ISA Server\wspsrv.exe
%ProgramFiles(x86)%\Microsoft ISA Server\wspsrv.exe
mspadmin.exe
%ProgramFiles%\Microsoft ISA Server\mspadmin.exe
%ProgramFiles(x86)%\Microsoft ISA Server\mspadmin.exe 
isastg.exe
%ProgramFiles%\Microsoft ISA Server\isastg.exe
%ProgramFiles(x86)%\Microsoft ISA Server\isastg.exe
w3prefch.exe
%ProgramFiles%\Microsoft ISA Server\w3prefch.exe
%ProgramFiles(x86)%\Microsoft ISA Server\w3prefch.exe
sqlsvr.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL$MSFW\sqlservr.exe
%ProgramFiles(x86)%\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
%ProgramFiles(x86)%\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe

sqlmangr.exe

%ProgramFiles%\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
sqlwriter.exe
%ProgramFiles(x86)%\Microsoft SQL Server\90\Shared\sqlwriter.exe
%WinDir%\System32\inetsrv\inetinfo.exe
%WinDir%\System32\inetsrv\w3wp.exe

Источники информации:

 

Серверы с Microsoft Forefront TMG 2010 / UAG 2010

 

Forefront TMG/UAG Folders

%ProgramFiles%\Microsoft Forefront Threat Management Gateway
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\Logs
%ProgramFiles%\Microsoft Forefront Unified Access Gateway
%ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS
%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSFW
%SystemRoot%\Temp\ScanStorage
D:\urlcache (каталог файлов веб-кеша TMG может располагаться в другом месте)

Forefront TMG/UAG Processes

dailysum.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\dailysum.exe
isarepgen.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\isarepgen.exe
isadlviewer.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\isadlviewer.exe
IsaManagedCtrl.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\IsaManagedCtrl.exe
isastg.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\isastg.exe
mspadmin.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\mspadmin.exe
wspsrv.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\wspsrv.exe
w3prefch.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\w3prefch.exe
DnsAlgSrv.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\DnsAlgSrv.exe
MonitorMgrCom.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\MonitorMgrCom.exe
SessionMgrCom.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\SessionMgrCom.exe
ShareAccess.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\ShareAccess.exe
uagqessvc.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\uagqessvc.exe
uagrdpsvc.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\uagrdpsvc.exe
UserMgrCom.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\UserMgrCom.exe
WatchDogSrv.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\WatchDogSrv.exe
whlerrsrv.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\whlerrsrv.exe
whlios.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\whlios.exe
sqlservr.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS\MSSQL\Binn\sqlservr.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSFW\MSSQL\Binn\sqlservr.exe
ReportingServicesService.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS\MSSQL\Binn\ReportingServicesService.exe
dsamain.exe
%WinDir%\System32\dsamain.exe
Other executable processes (from default FEP Rule Template from SCCM 2012)

IsaApplianceInit.exe
IsaMgmt.exe
MsFpcSqmAgent.exe
NicsRestorer.exe
NLBClear.exe
UpdateAgent.exe
VpnHelpr.exe
tmgpolicysuite.exe
tmgbpacmd.exe
tmgbpa.exe
bpa2visio.exe
tmgbpapack.exe
tmgdatapackager.exe

TMG cache files

.cdat

Источники информации:

 

Серверы баз данных Microsoft SQL Server 2005 – 2016

 

SQL Server Common Processes

SQLServr.exe
ReportingServicesService.exe
MSMDSrv.exe

SQL Server Common File Name Extensions

.mdf
.ldf
.ndf
.bak
.trn
.trc
.sqlaudit
.sql
SQL Server 2005 Processes

%ProgramFiles%\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLServr.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL.2\OLAP\Bin\MSMDSrv.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
SQL Server 2005 Folders

%ProgramFiles%\Microsoft SQL Server\MSSQL.1\MSSQL\Data
%ProgramFiles%\Microsoft SQL Server\MSSQL.1\MSSQL\FTData
%ProgramFiles%\Microsoft SQL Server\MSSQL.2\OLAP\Log
%ProgramFiles%\Microsoft SQL Server\MSSQL.2\OLAP\Backup
%ProgramFiles%\Microsoft SQL Server\MSSQL.2\OLAP\Data
SQL Server 2008 Processes

%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLServr.exe
%ProgramFiles%\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\Bin\MSMDSrv.exe
%ProgramFiles%\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
SQL Server 2008 Folders

%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Data
%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\FTData
%ProgramFiles%\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\Log
%ProgramFiles%\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\Backup
%ProgramFiles%\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\Data
SQL Server 2008 R2 Processes

%ProgramFiles%\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLServr.exe
%ProgramFiles%\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Bin\MSMDSrv.exe
%ProgramFiles%\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
SQL Server 2008 R2 Folders

%ProgramFiles%\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Data
%ProgramFiles%\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\FTData
%ProgramFiles%\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Log
%ProgramFiles%\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Backup
%ProgramFiles%\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Data
SQL Server 2012 Processes

%ProgramFiles%\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLServr.exe
%ProgramFiles%\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\Bin\MSMDSrv.exe
%ProgramFiles%\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
SQL Server 2012 Folders

%ProgramFiles%\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Data
%ProgramFiles%\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\FTData
%ProgramFiles%\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\Log
%ProgramFiles%\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\Backup
%ProgramFiles%\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\Data
SQL Server 2014 Processes

%ProgramFiles%\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\SQLServr.exe
%ProgramFiles%\Microsoft SQL Server\MSAS12.MSSQLSERVER\OLAP\Bin\MSMDSrv.exe
%ProgramFiles%\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
SQL Server 2014 Folders

%ProgramFiles%\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Data
%ProgramFiles%\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\FTData
%ProgramFiles%\Microsoft SQL Server\MSAS12.MSSQLSERVER\OLAP\Log
%ProgramFiles%\Microsoft SQL Server\MSAS12.MSSQLSERVER\OLAP\Backup
%ProgramFiles%\Microsoft SQL Server\MSAS12.MSSQLSERVER\OLAP\Data
SQL Server 2016 Processes

%ProgramFiles%\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Binn\SQLServr.exe
%ProgramFiles%\Microsoft SQL Server\MSAS13.MSSQLSERVER\OLAP\Bin\MSMDSrv.exe
%ProgramFiles%\Microsoft SQL Server\MSRS13.MSSQLSERVER\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
SQL Server 2016 Folders

%ProgramFiles%\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Data
%ProgramFiles%\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\FTData
%ProgramFiles%\Microsoft SQL Server\MSAS13.MSSQLSERVER\OLAP\Log
%ProgramFiles%\Microsoft SQL Server\MSAS13.MSSQLSERVER\OLAP\Backup
%ProgramFiles%\Microsoft SQL Server\MSAS13.MSSQLSERVER\OLAP\Data

Примечание: если используются именованные экземпляры SQL Server, то выделенное красным цветом имя экземпляра по-умолчанию MSSQLSERVER нужно заменять на своё имя экземпляра.

Источники информации:

 

Серверы баз данных (разносол)

Oracle databases files

*.ora

*.ctl

Firebird, dBase, etc files

*.dbf
*.cdx
*.fdb
*.edb
*.ib
*.gdi
*.gdb

 

Компоненты Microsoft System Center
Microsoft System Center Virtual Machine Manager

SCVMM Common

Processes

vmmAgent.exe
vmmservice.exe

SCVMM Agent 2008 R2

%ProgramFiles%\Microsoft System Center Virtual Machine Manager 2008 R2\bin\vmmAgent.exe

SCVMM Agent 2012

 %ProgramFiles%\Microsoft System Center 2012\Virtual Machine Manager\bin\vmmAgent.exe

SCVMM Server 2012

 %ProgramFiles%\Microsoft System Center 2012\Virtual Machine Manager\bin\vmmservice.exe

SCVMM Agent 2012 R2

 %ProgramFiles%\Microsoft System Center 2012 R2\Virtual Machine Manager\bin\vmmAgent.exe

SCVMM Server 2012 R2

 %ProgramFiles%\Microsoft System Center 2012 R2\Virtual Machine Manager\bin\vmmservice.exe
Microsoft System Center Data Protection Manager

 

SCDPM Common

Processes

%WinDir%\Microsoft.net\Framework\v2.0.50727\csc.exe
dpmra.exe

%ProgramFiles%\Microsoft Data Protection Manager\DPM\bin\dpmra.exe

SCDPM 2007-2010 Server Files

%ProgramFiles%\Microsoft DPM\DPM\XSD
%ProgramFiles%\Microsoft DPM\DPM\Temp\MTA
%ProgramFiles%\Microsoft DPM\DPM\Volumes
%ProgramFiles%\Microsoft DPM\DPM\bin\dpmra.exe

SCDPM 2012 Server Files

%ProgramFiles%\Microsoft System Center 2012\DPM\DPM\XSD

%ProgramFiles%\Microsoft System Center 2012\DPM\DPM\Temp\MTA
%ProgramFiles%\Microsoft System Center 2012\DPM\DPM\Volumes
%ProgramFiles%\Microsoft System Center 2012\DPM\DPM\bin\dpmra.exe

SCDPM 2012 R2 Server Files

%ProgramFiles%\Microsoft System Center 2012 R2\DPM\DPM\XSD

%ProgramFiles%\Microsoft System Center 2012 R2\DPM\DPM\Temp\MTA
%ProgramFiles%\Microsoft System Center 2012 R2\DPM\DPM\Volumes
%ProgramFiles%\Microsoft System Center 2012 R2\DPM\DPM\bin\dpmra.exe

Источники информации:

 

Microsoft System Center Operations Manager

SCOM 2005 – 2012 R2 Common File Name Extensions

.chk
.log
.edb
.WKF
.PQF
.PQF0
.PQF1
SCOM Common Processes

MomHost.exe
MonitoringHost.exe
HealthService.exe
CShost.exe
Microsoft.Mom.Sdk.ServiceHost.exe
SCOM 2007 Processes

%ProgramFiles%\System Center Operations Manager 2007\HealthService.exe
%ProgramFiles%\System Center Operations Manager 2007\Microsoft.Mom.ConfigServiceHost.exe
%ProgramFiles%\System Center Operations Manager 2007\MonitoringHost.exe
SCOM 2007 Folders

%ProgramFiles%\System Center Operations Manager 2007\Health Service State
SCOM 2012 Processes (Server)

%ProgramFiles%\System Center 2012\Operations Manager\Server\monitoringhost.exe
%ProgramFiles%\System Center Operations Manager 2012\Server\monitoringhost.exe
SCOM 2012 Processes (Agent)

%ProgramFiles%\System Center Operations Manager\Agent\monitoringhost.exe
SCOM 2012 Folders (Server)

%ProgramFiles%\System Center 2012\Operations Manager\Server\Health Service State
%ProgramFiles%\System Center Operations Manager 2012\Server\Health Service State
SCOM 2012 Folders (Agent)

%ProgramFiles%\System Center Operations Manager\Agent\Health Service State
SCOM 2012 R2 Processes (Server)

%ProgramFiles%\System Center 2012\Operations Manager\Server\monitoringhost.exe
SCOM 2012 R2 Processes (Agent)

%ProgramFiles%\System Center Operations Manager\Agent\monitoringhost.exe
SCOM 2012 R2 Folders (Server)

%ProgramFiles%\Microsoft System Center 2012 R2\Operations Manager\Server\Health Service State
%ProgramFiles%\System Center Operations Manager\Gateway\

\Health Service State
SCOM 2012 R2 Folders (Agent)

%ProgramFiles%\Microsoft Monitoring Agent\Agent\Health Service State

Источники информации:

 

Microsoft System Center Configuration Manager

 

SCCM Server Common Files

%ProgramFiles%\Microsoft Configuration Manager\Install.map
%ProgramFiles%\Microsoft Configuration Manager\inboxes
%ProgramFiles%\Microsoft Configuration Manager\Logs
%ProgramFiles%\SMS_CCM\ServiceData
%ProgramFiles(x86)%\Microsoft Configuration Manager\inboxes
%ProgramFiles(x86)%\Microsoft Configuration Manager\Logs
%ProgramFiles(x86)%\SMS_CCM\ServiceData
%SystemDrive%\SMSPKG
<DriveLetter>:\SMS_CCM\ServiceData
<DriveLetter>:\SMSSIG$
<DriveLetter>:\SMSPKGSIG
<DriveLetter>:\SMSPKG
<DriveLetter>:\SMSPKG<DriveLetter>$
<DriveLetter>:\SCCMContentLib
%SMS_LOG_PATH%
%SMS_ADMIN_UI_PATH%
SCCM Agent Common Folders

%SystemRoot%\System32\CCM\Cache
%SystemRoot%\ccmcache
%SystemRoot%\CCM\Logs
SCCM Server Common Processes

Smsexec.exe
Ccmexec.exe
CmRcService.exe
Sitecomp.exe
Smswriter.exe
Smssqlbkup.exe

Примечание: значение <DriveLetter> должно быть заменено на конкретные буквы дисков используемых установленным экземпляром SCCM, поэтому желательно, чтобы в организации существовала какая-то стандартизация в этом плане.

Источники информации:

 

Серверы виртуализации Microsoft Hyper-V

 

Hyper-V Default Folders

%PUBLIC%\Documents\Hyper-V\Virtual Hard Disks
%ProgramData%\Microsoft\Windows\Hyper-V
%ProgramData%\Microsoft\Windows\Hyper-V\Snapshots
%SystemDrive%\ClusterStorage

Hyper-V Processes

%SystemRoot%\system32\vmwp.exe
%SystemRoot%\system32\vmms.exe
%SystemRoot%\system32\vmicsvc.exe

Hyper-V File

File Name Extensions

.xml
.vhdx
.vhd
.vfd
.avhd
.avhdx

.iso
.vsv
.bin

Источники информации:

 

 

Серверы с виртуализацией приложений Microsoft App-V

 

Clients Windows XP or Windows Server 2003

%USERPROFILE%\Application Data\SoftGrid Client
%ALLUSERSPROFILE%\Application Data\Microsoft\Application Virtualization Client
%ALLUSERSPROFILE%\Documents\SoftGrid Client
Clients Windows Vista, Windows Server 2008 or later

%USERPROFILE%\AppData\Local\SoftGrid Client
%USERPROFILE%\AppData\Roaming\SoftGrid Client
%ProgramData%\Microsoft\Application Virtualization Client\SoftGrid Client
%ProgramData%\Microsoft\AppV\Client\
%USERPROFILE%\AppData\Local\Microsoft\AppV\Client\

Источники информации:

 

Дополнительные источники информации:

Опубликовано в :  Kaspersky , Microsoft Active Directory , Microsoft Forefront , Microsoft Windows , Microsoft Windows Server , Microsoft Windows Update
Метки :  , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

Всего комментариев: 5 Комментировать

  1. Обратная ссылка: Antivirus Exclusions « Share IT /

  2. itpadla /

    Reblogged this on Заметки IT Менеджера and commented:
    Списки исключений для антивирусов, работающих на Windows Server

    Ответить

  3. Обратная ссылка: Развертывание и конфигурирование клиентских компонент Forefront Client Security с помощью GPO | Блог IT-KB /

  4. Обратная ссылка: Hyper-V Best Practies | Блог IT-KB /

  5. Обратная ссылка: ИТ Вестник №08.2016 | Блог IT-KB /

Добавить комментарий