В ходе настройки политик управления клиентами любого антивирусного ПО необходимо определять список каталогов, имён процессов или даже расширений фалов, которые должны исключаться из Real-Time сканирования. Постараюсь собрать в одном месте информацию о рекомендуемых параметрах исключений и по мере необходимости буду его корректировать. Стоит отметить, что список составлен исходя из приложений, которые эксплуатируются в моём рабочем окружении. Список разделен по основным категориям сервисов и там где возможно есть ссылки на официальные рекомендации производителей ПО. Во всех случаях подразумевается что программное обеспечение установлено в каталоги «по умолчанию».
Общие рекомендации
Windows Update files
|
%windir%\SoftwareDistribution\Datastore\DataStore.edb
%windir%\SoftwareDistribution\Datastore\Logs\edb*.jrs
%windir%\SoftwareDistribution\Datastore\Logs\edb.chk
%windir%\SoftwareDistribution\Datastore\Logs\tmp.edb
%windir%\SoftwareDistribution\Datastore\Logs\*.log
|
Windows Security files
|
%windir%\Security\database\*.chk
%windir%\Security\database\*.edb
%windir%\Security\database\*.jrs
%windir%\Security\database\*.log
%windir%\Security\database\*.sdb
|
Group Policy related files
|
%AllUsersProfile%\ntuser.pol
%SystemRoot%\System32\GroupPolicy\Machine\Registry.pol
|
Paging files
|
pagefile.sys
%SystemDrive%\pagefile.sys
|
Источники информации:
Контроллеры домена Active Directory
NTDS database files |
%windir%\NTDS\ntds.dit
%windir%\NTDS\ntds.pat
|
NTDS transaction log files |
%windir%\NTDS\edb*.log
%windir%\NTDS\res*.log
%windir%\NTDS\edb*.jrs
|
NTDS working files |
%windir%\NTDS\temp.edb
%windir%\NTDS\edb.chk
|
FRS working files |
%windir%\ntfrs\jet\sys\edb.chk
%windir%\ntfrs\jet\ntfrs.jdb
%windir%\ntfrs\jet\log\*.log
%windir%\ntfrs\jet\log\*.jrs
|
DFS Replica files |
%windir%\SYSVOL_DFSR\domain
%windir%\SYSVOL_DFSR
|
DFS DB and working files |
%SystemDrive%\System Volume Information\DFSR
%SystemDrive%\System Volume Information\DFSR\$db_normal$
%SystemDrive%\System Volume Information\DFSR\FileIDTable_*
%SystemDrive%\System Volume Information\DFSR\SimilarityTable_*
%SystemDrive%\System Volume Information\DFSR\Config\*.XML
%SystemDrive%\System Volume Information\DFSR\database_*
%SystemDrive%\System Volume Information\DFSR\database_*\$db_dirty$
%SystemDrive%\System Volume Information\DFSR\database_*\$db_clean$
%SystemDrive%\System Volume Information\DFSR\database_*\$db_lost$
%SystemDrive%\System Volume Information\DFSR\database_*\dfsr.db
%SystemDrive%\System Volume Information\DFSR\database_*\fsr.chk
%SystemDrive%\System Volume Information\DFSR\database_*\*.frx
%SystemDrive%\System Volume Information\DFSR\database_*\*.log
%SystemDrive%\System Volume Information\DFSR\database_*\fsr*.jrs
%SystemDrive%\System Volume Information\DFSR\Private
|
FRS Replica files |
%windir%\SYSVOL\domain
%windir%\SYSVOL
|
FRS Staging directory |
%windir%\SYSVOL\staging\domain
%windir%\SYSVOL\staging areas
|
FRS Preinstall directory |
%windir%\SYSVOL\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory
|
Processes |
%SystemRoot%\System32\ntfrs.exe
%SystemRoot%\System32\dfsr.exe
%SystemRoot%\System32\dfsrs.exe
|
Источники информации:
Серверы с ОС Windows Server 2000 – 2016 с распространенными серверными ролями
Cluster Service files
|
%QuorumDrive%\MSCS (Например Q:\MSCS)
%QuorumDrive%\Cluster (Например Q:\Cluster)
%SystemRoot%\Cluster
|
DHCP Server files
|
%SystemRoot%\System32\dhcp\*.chk
%SystemRoot%\System32\dhcp\*.edb
%SystemRoot%\System32\dhcp\*.jrs
%SystemRoot%\System32\dhcp\*.log
%SystemRoot%\System32\dhcp\dhcp.mdb
%SystemRoot%\System32\dhcp\dhcp.pat
%SystemRoot%\System32\dhcp\backup\*.mdb
%SystemRoot%\System32\dhcp\backup\*.log
%SystemRoot%\System32\dhcp\backup\*.chk
|
DNS Server files
|
%SystemRoot%\System32\dns\*.dns
%SystemRoot%\System32\dns\*.log
%SystemRoot%\System32\dns\BOOT
%SystemRoot%\System32\dns.exe
|
WINS Server files
|
%SystemRoot%\System32\wins\*.chk
%SystemRoot%\System32\wins\*.log
%SystemRoot%\System32\wins\*.mdb
|
Certificate Services files
|
%SystemRoot%\System32\catroot2\*.edb
%SystemRoot%\System32\catroot2\*.chk
%SystemRoot%\System32\catroot2\*.log
%SystemRoot%\System32\catroot2\*.jrs
|
TS/RDS Licensing files
|
%SystemRoot%\System32\lserver\*.chk
%SystemRoot%\System32\lserver\*.edb
%SystemRoot%\System32\lserver\*.log
%SystemRoot%\System32\lserver\*.tmp
%SystemRoot%\System32\lserver\*.jrs
|
Print Server files
|
%SystemRoot%\System32\spool\PRINTERS\*.SHD
%SystemRoot%\System32\spool\PRINTERS\*.SPL
|
IIS Web Server |
%SystemRoot%\IIS Temporary Compressed Files
%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files
%SystemDrive%\inetpub\logs
%SystemRoot%\System32\LogFiles
%SystemRoot%\SysWow64\LogFiles
%SystemRoot%\system32\inetsrv\w3wp.exe
%SystemRoot%\SysWOW64\inetsrv\w3wp.exe
|
Источники информации:
Серверы с Microsoft Exchange Server 2000 - 2016
Exchange Server Common Folders |
%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files
%SystemRoot%\IIS Temporary Compressed Files
%SystemRoot%\System32\Inetsrv
%SystemDrive%\inetpub\logs
%Winnt%\Cluster
%SystemRoot%\Cluster
%SystemDrive%\DAGFileShareWitnesses
%windir%\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files
%windir%\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files
|
Exchange Server Common File Name Extensions |
.config
.dia
.wsb
.chk
.log
.edb
.stm
.jrs
.jsl
.que
.lzx
.ci
.wid
.dir
.000
.001
.002
.cfg
.grxml
.dsc
.txt
.bin
.xml
|
Exchange Server Common Processes |
Cdb.exe
Cidaemon.exe
Cluster.exe
Clussvc.exe
ComplianceAuditService.exe
%ExchangeInstallPath%Bin\ComplianceAuditService.exe
Dsamain.exe
%SystemRoot%\System32\Dsamain.exe
EdgeCredentialSvc.exe
Microsoft.Exchange.EdgeCredentialSvc.exe
%ExchangeInstallPath%Bin\Microsoft.Exchange.EdgeCredentialSvc.exe
EdgeTransport.exe
%ExchangeInstallPath%Bin\EdgeTransport.exe
ExFBA.exe
GalGrammarGenerator.exe
Inetinfo.exe
%SystemRoot%\System32\inetsrv\inetinfo.exe
W3wp.exe
%SystemRoot%\System32\inetsrv\W3wp.exe
Emsmta.exe
Mssearch.exe
Mad.exe
Microsoft.Exchange.AddressBook.Service.exe
Microsoft.Exchange.AntispamUpdateSvc.exe
%ExchangeInstallPath%Bin\Microsoft.Exchange.AntispamUpdateSvc.exe
Microsoft.Exchange.ContentFilter.Wrapper.exe
%ExchangeInstallPath%TransportRoles\agents\Hygiene\Microsoft.Exchange.ContentFilter.Wrapper.exe
%ExchangeInstallPath%Bin\Microsoft.Exchange.Diagnostics.Service.exe
Microsoft.Exchange.Cluster.Replayservice.exe
Microsoft.Exchange.EdgeSyncSvc.exe
%ExchangeInstallPath%Bin\Microsoft.Exchange.EdgeSyncSvc.exe
Microsoft.Exchange.Imap4.exe
%ExchangeInstallPath%FrontEnd\PopImap\Microsoft.Exchange.Imap4.exe
Microsoft.Exchange.Imap4service.exe
%ExchangeInstallPath%ClientAccess\PopImap\Microsoft.Exchange.Imap4service.exe
Microsoft.Exchange.Infoworker.Assistants.exe
Microsoft.Exchange.Monitoring.exe
Microsoft.Exchange.Notifications.Broker.exe
%ExchangeInstallPath%Bin\Microsoft.Exchange.Notifications.Broker.exe
Microsoft.Exchange.Pop3.exe
%ExchangeInstallPath%FrontEnd\PopImap\Microsoft.Exchange.Pop3.exe
Microsoft.Exchange.Pop3service.exe
%ExchangeInstallPath%ClientAccess\PopImap\Microsoft.Exchange.Pop3service.exe
Microsoft.Exchange.ProtectedServiceHost.exe
%ExchangeInstallPath%Bin\Microsoft.Exchange.ProtectedServiceHost.exe
Microsoft.Exchange.RPCClientAccess.Service.exe
%ExchangeInstallPath%Bin\Microsoft.Exchange.RPCClientAccess.Service.exe
Microsoft.Exchange.Search.Exsearch.exe
Microsoft.Exchange.Search.Service.exe
%ExchangeInstallPath%Bin\Microsoft.Exchange.Search.Service.exe
Microsoft.Exchange.Servicehost.exe
%ExchangeInstallPath%Bin\Microsoft.Exchange.Servicehost.exe
MSExchangeADTopologyService.exe
%ExchangeInstallPath%Bin\Microsoft.Exchange.Directory.TopologyService.exe
MSExchangeFDS.exe
MSExchangeMailboxAssistants.exe
%ExchangeInstallPath%Bin\MSExchangeMailboxAssistants.exe
MSExchangeMailboxReplication.exe
%ExchangeInstallPath%Bin\MSExchangeMailboxReplication.exe
MSExchangeMigrationWorkflow.exe
%ExchangeInstallPath%Bin\MSExchangeMigrationWorkflow.exe
MSExchangeMailSubmission.exe
%ExchangeInstallPath%Bin\MSExchangeSubmission.exe
MSExchangeRepl.exe
%ExchangeInstallPath%Bin\MSExchangeRepl.exe
MSExchangeTransport.exe
%ExchangeInstallPath%Bin\MSExchangeTransport.exe
MSExchangeTransportLogSearch.exe
%ExchangeInstallPath%Bin\MSExchangeTransportLogSearch.exe
MSExchangeThrottling.exe
%ExchangeInstallPath%Bin\MSExchangeThrottling.exe
Msftefd.exe
Msftesql.exe
Noderunner.exe
%ExchangeInstallPath%Bin\Search\Ceres\Runtime\1.0\Noderunner.exe
OleConverter.exe
%ExchangeInstallPath%Bin\OleConverter.exe
ParserServer.exe
%ExchangeInstallPath%Bin\Search\Ceres\ParserServer\ParserServer.exe
Powershell.exe
%SystemRoot%\System32\WindowsPowerShell\v1.0\Powershell.exe
C:\Windows\System32\WindowsPowerShell\v1.0\Powershell.exe
SESWorker.exe
SpeechService.exe
Store.exe
Microsoft.Exchange.Store.Service.exe
%ExchangeInstallPath%Bin\Microsoft.Exchange.Store.Service.exe
Microsoft.Exchange.Store.Worker.exe
%ExchangeInstallPath%Bin\Microsoft.Exchange.Store.Worker.exe
TranscodingService.exe
%ExchangeInstallPath%ClientAccess\Owa\Bin\DocumentViewing\TranscodingService.exe
UmService.exe
%ExchangeInstallPath%Bin\UmService.exe
UmWorkerProcess.exe
%ExchangeInstallPath%Bin\UmWorkerProcess.exe
Microsoft.Exchange.UM.CallRouter.exe
%ExchangeInstallPath%FrontEnd\CallRouter\Microsoft.Exchange.UM.CallRouter.exe
%ExchangeInstallPath%FIP-FS\Bin\fms.exe
%ExchangeInstallPath%Bin\Search\Ceres\HostController\hostcontrollerservice.exe
MSExchangeDagMgmt.exe
%ExchangeInstallPath%Bin\MSExchangeDagMgmt.exe
MSExchangeDelivery.exe
%ExchangeInstallPath%Bin\MSExchangeDelivery.exe
MSExchangeFrontendTransport.exe
%ExchangeInstallPath%Bin\MSExchangeFrontendTransport.exe
MSExchangeHMHost.exe
%ExchangeInstallPath%Bin\MSExchangeHMHost.exe
MSExchangeHMWorker.exe
%ExchangeInstallPath%Bin\MSExchangeHMWorker.exe
ScanEngineTest.exe
%ExchangeInstallPath%FIP-FS\Bin\ScanEngineTest.exe
ScanningProcess.exe
%ExchangeInstallPath%FIP-FS\Bin\ScanningProcess.exe
UpdateService.exe
%ExchangeInstallPath%FIP-FS\Bin\UpdateService.exe
MSExchangeCompliance.exe
%ExchangeInstallPath%Bin\MSExchangeCompliance.exe
wsbexchange.exe
%ExchangeInstallPath%Bin\wsbexchange.exe
|
Exchange Server 2000 & 2003 Folders |
C:\Program Files\Exchsrvr\Mtadata
C:\Program Files\Exchsrvr\Mtadata\*.mta
C:\Program Files\Exchsrvr\*.log
C:\Program Files\Exchsrvr\Mailroot
C:\Program Files\Exchsrvr\Srsdata
C:\Program Files\Exchsrvr\IMCData
C:\Program Files\Exchsrvr\MDBData
C:\Program Files\Exchsrvr\Address
C:\Program Files\Exchsrvr\Bin
C:\Program Files\Exchsrvr\Exchweb
C:\Program Files\Exchsrvr\Res
C:\Program Files\Exchsrvr\Schema
C:\Program Files\Exchsrvr\Conndata
|
Exchange Server 2007 Folders |
%ProgramFiles%\Microsoft\Exchange Server\Mailbox
%ProgramFiles%\Microsoft\Exchange Server\Mailbox\MDBTEMP
%ProgramFiles%\Microsoft\Exchange Server\TransportRoles
%ProgramFiles%\Microsoft\Exchange Server\TransportRoles\Logs
%ProgramFiles%\Microsoft\Exchange Server\TransportRoles\Pickup
%ProgramFiles%\Microsoft\Exchange Server\TransportRoles\Replay
%ProgramFiles%\Microsoft\Exchange Server\TransportRoles\Data\Queue
%ProgramFiles%\Microsoft\Exchange Server\TransportRoles\SenderReputation
%ProgramFiles%\Microsoft\Exchange Server\TransportRoles\IpFilter
%ProgramFiles%\Microsoft\Exchange Server\Logging
%ProgramFiles%\Microsoft\Exchange Server\ExchangeOAB
%ProgramFiles%\Microsoft\Exchange Server\Working\OleConverter
%ProgramFiles%\Microsoft\Exchange Server\TransportRoles\Data\Adam
%ProgramFiles%\Microsoft\Exchange Server\ClientAccess
%ProgramFiles%\Microsoft\Exchange Server\UnifiedMessaging\grammars
%ProgramFiles%\Microsoft\Exchange Server\UnifiedMessaging\Prompts
%ProgramFiles%\Microsoft\Exchange Server\UnifiedMessaging\voicemail
%ProgramFiles%\Microsoft\Exchange Server\UnifiedMessaging\badvoicemail
|
Exchange Server 2010-2016 Folders |
%ExchangeInstallPath%Mailbox
%ExchangeInstallPath%Mailbox\MDBTEMP
%ExchangeInstallPath%GroupMetrics
%ExchangeInstallPath%TransportRoles\Logs
%ExchangeInstallPath%TransportRoles\Logs\Mailbox
%ExchangeInstallPath%TransportRoles\Logs\FrontEnd
%ExchangeInstallPath%TransportRoles\Pickup
%ExchangeInstallPath%TransportRoles\Replay
%ExchangeInstallPath%TransportRoles\Data\Queue
%ExchangeInstallPath%TransportRoles\Data\SenderReputation
%ExchangeInstallPath%TransportRoles\Data\IpFilter
%ExchangeInstallPath%TransportRoles\Data\Temp
%ExchangeInstallPath%TransportRoles\Data\Adam
%ExchangeInstallPath%ClientAccess
%ExchangeInstallPath%ClientAccess\OAB
%ExchangeInstallPath%ExchangeOAB
%ExchangeInstallPath%Working\OleConvertor
%ExchangeInstallPath%Logging
%ExchangeInstallPath%Logging\POP3
%ExchangeInstallPath%Logging\IMAP4
%ExchangeInstallPath%UnifiedMessaging\grammars
%ExchangeInstallPath%UnifiedMessaging\Prompts
%ExchangeInstallPath%UnifiedMessaging\voicemail
%ExchangeInstallPath%UnifiedMessaging\temp
%ExchangeInstallPath%FIP-FS
%SystemRoot%\Temp\ExchangeSetup
%SystemRoot%\Temp\OICE_*
|
Forefront Protection for Exchange Server
Forefront Protection for Exchange Server Folders |
%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server
%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data\Archive
%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data\Quarantine
%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data\Engines\x86
%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data\Engines\amd64
%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data
|
Forefront Protection for Exchange Server Processes |
Adonavsvc.exe
FscController.exe
FscDiag.exe
FscExec.exe
FscImc.exe
FscManualScanner.exe
FscMonitor.exe
FscRealtimeScanner.exe
FscStarter.exe
FscStatsServ.exe
FscTransportScanner.exe
FscUtility.exe
FsEmailPickup.exe
FssaClient.exe
GetEngineFiles.exe
PerfmonitorSetup.exe
ScanEngineTest.exe
SemSetup.exe
FSCConfigurationServer.exe
FSCEventing.exe
FSCScheduledScanner.exe
MultiEngineScanner.exe
Kavehost.exe
FSCVSSWriter.exe
|
Forefront Protection for Exchange Server File Name Extensions |
.avc
.cab
.cfg
.config
.da1
.dat
.def
.dt
.fdb
.fdm
.ide
.key
.klb
.kli
.lst
.mdb
.ppl
.set
.v3d
.vdb
.vdm
|
Источники информации:
Серверы с Skype for Business Server 2015
Skype for Business Server Processes |
ABServer.exe
AcpMcuSvc.exe
ASMCUSvc.exe
AVMCUSvc.exe
ChannelService.exe
ClsAgent.exe
ComplianceService.exe
DataMCUSvc.exe
DataProxy.exe
FileTransferAgent.exe
HealthAgent.exe
IMMCUSvc.exe
LysSvc.exe
MasterReplicatorAgent.exe
MediaRelaySvc.exe
MediationServerSvc.exe
MRASSvc.exe
OcsAppServerHost.exe
ReplicaReplicatorAgent.exe
ReplicationApp.exe
RtcHost.exe
RTCSrv.exe
XmppProxy.exe
XmppTGW.exe
Fabric.exe
FabricDCA.exe
FabricHost.exe
|
Skype for Business Server Folders |
%SystemRoot%\System32\LogFiles
%SystemRoot%\SysWow64\LogFiles
%SystemRoot%\Microsoft.NET\assembly\GAC_MSIL
%ProgramFiles%\Skype for Business Server 2015
%ProgramFiles%\Common Files\Skype for Business Server 2015\Watcher Node
%ProgramFiles%\Common Files\Skype for Business Server 2015
%ProgramFiles%\Common Files\Skype for Business Online
%SystemDrive%\RtcReplicaRoot
|
Источники информации:
Серверы с SharePoint Server 2003 - 2013
SharePoint Server Common Folders |
%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions
%SystemDrive%\inetpub\wwwroot\wss\VirtualDirectories
%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files
%ProgramData%\Microsoft\SharePoint
%ProgramData%\Microsoft\SharePoint\Config
%SystemDrive%\Documents and Settings\All Users\Application Data\Microsoft\SharePoint\Config
%SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files
%SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\Config
%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files
%SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\Config
%SystemRoot%\System32\LogFiles
%SystemRoot%\Syswow64\LogFiles
%SystemRoot%\Temp\WebTempDir
%SystemRoot%\Temp\FrontPageTempDir
%SystemDrive%\Users\Default\AppData\Local\Temp
%SystemDrive%\Documents and Settings\Default User\Local Settings\Temp
%SystemDrive%\Users\<ServiceAccount>\Local
%SystemDrive%\Users\<ServiceAccount>\Local\Temp
%SystemDrive%\Documents and Settings\<ServiceAccount>\Local Settings\Application Data
%SystemDrive%\Users\<ServiceAccount>\AppData\Local\Temp
%SystemDrive%\Users\<ServiceAccount>\AppData\Local\Temp\WebTempDir
%SystemDrive%\Users\<account that the search service is running as>\AppData\Local\Temp
%SystemDrive%\Documents and Settings\<account that the search service is running as>\Local Settings\Temp
|
SharePoint Server 2001 - 2003 Folders |
%ProgramFiles%\SharePoint Portal Server
%ProgramFiles%\Common Files\Microsoft Shared\Web Storage System
|
Windows SharePoint Services 3.0 & SharePoint Server 2007 Folders |
%ProgramFiles%\Microsoft Office Servers\12.0\Data
%ProgramFiles%\Microsoft Office Servers\12.0\Logs
%ProgramFiles%\Microsoft Office Servers\12.0\Bin
%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\Logs
%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\Data\Applications
|
SharePoint Server 2010 & SharePoint Foundation 2010 Folders |
%ProgramFiles%\Microsoft Office Servers\14.0\Data
%ProgramFiles%\Microsoft Office Servers\14.0\Logs
%ProgramFiles%\Microsoft Office Servers\14.0\Bin
%ProgramFiles%\Microsoft Office Servers\14.0\Synchronization Service
%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\14\Logs
%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\14\Data\Applications
|
SharePoint Foundation 2013 & SharePoint Server 2013 Folders |
%ProgramFiles%\Microsoft Office Servers\15.0\Data
%ProgramFiles%\Microsoft Office Servers\15.0\Logs
%ProgramFiles%\Microsoft Office Servers\15.0\Bin
%ProgramFiles%\Microsoft Office Servers\15.0\Synchronization Service
%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\15\Logs
%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\15\Data\Applications
|
Источники информации:
Серверы с Microsoft ISA Server / Forefront TMG Medium Business Edition
ISA Server 2000/2004/ 2006, Forefront TMG MBE Folders |
%ProgramFiles%\Microsoft ISA Server
%ProgramFiles%\Microsoft ISA Server\ISALogs
%ProgramFiles%\Microsoft SQL Server
%ProgramFiles(x86)%\Microsoft ISA Server
%ProgramFiles(x86)%\Microsoft SQL Server
%SystemRoot%\Temp\ScanStorage
%ProgramFiles(x86)%\Microsoft ISA Server\Logs
D:\urlcache
%SystemDrive%\InetPub
|
ISA Server 2000/2004/ 2006, Forefront TMG MBE Processes |
dsamain.exe
%WinDir%\System32\dsamain.exe
dailysum.exe
%ProgramFiles%\Microsoft ISA Server\dailysum.exe
%ProgramFiles(x86)%\Microsoft ISA Server\dailysum.exe
repgen.exe
%ProgramFiles%\Microsoft ISA Server\repgen.exe
isarepgen.exe
%ProgramFiles%\Microsoft ISA Server\isarepgen.exe
%ProgramFiles(x86)%\Microsoft ISA Server\isarepgen.exe
isadlviewer.exe
%ProgramFiles%\Microsoft ISA Server\isadlviewer.exe
%ProgramFiles(x86)%\Microsoft ISA Server\isadlviewer.exe
wspsrv.exe
%ProgramFiles%\Microsoft ISA Server\wspsrv.exe
%ProgramFiles(x86)%\Microsoft ISA Server\wspsrv.exe
mspadmin.exe
%ProgramFiles%\Microsoft ISA Server\mspadmin.exe
%ProgramFiles(x86)%\Microsoft ISA Server\mspadmin.exe
isastg.exe
%ProgramFiles%\Microsoft ISA Server\isastg.exe
%ProgramFiles(x86)%\Microsoft ISA Server\isastg.exe
w3prefch.exe
%ProgramFiles%\Microsoft ISA Server\w3prefch.exe
%ProgramFiles(x86)%\Microsoft ISA Server\w3prefch.exe
sqlsvr.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL$MSFW\sqlservr.exe
%ProgramFiles(x86)%\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
%ProgramFiles(x86)%\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
sqlmangr.exe
%ProgramFiles%\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
sqlwriter.exe
%ProgramFiles(x86)%\Microsoft SQL Server\90\Shared\sqlwriter.exe
%WinDir%\System32\inetsrv\inetinfo.exe
%WinDir%\System32\inetsrv\w3wp.exe
|
Источники информации:
Серверы с Microsoft Forefront TMG 2010 / UAG 2010
Forefront TMG/UAG Folders |
%ProgramFiles%\Microsoft Forefront Threat Management Gateway
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\Logs
%ProgramFiles%\Microsoft Forefront Unified Access Gateway
%ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS
%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSFW
%SystemRoot%\Temp\ScanStorage
D:\urlcache (каталог файлов веб-кеша TMG может располагаться в другом месте)
|
Forefront TMG/UAG Processes |
dailysum.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\dailysum.exe
isarepgen.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\isarepgen.exe
isadlviewer.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\isadlviewer.exe
IsaManagedCtrl.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\IsaManagedCtrl.exe
isastg.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\isastg.exe
mspadmin.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\mspadmin.exe
wspsrv.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\wspsrv.exe
w3prefch.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\w3prefch.exe
DnsAlgSrv.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\DnsAlgSrv.exe
MonitorMgrCom.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\MonitorMgrCom.exe
SessionMgrCom.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\SessionMgrCom.exe
ShareAccess.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\ShareAccess.exe
uagqessvc.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\uagqessvc.exe
uagrdpsvc.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\uagrdpsvc.exe
UserMgrCom.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\UserMgrCom.exe
WatchDogSrv.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\WatchDogSrv.exe
whlerrsrv.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\whlerrsrv.exe
whlios.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\whlios.exe
sqlservr.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS\MSSQL\Binn\sqlservr.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSFW\MSSQL\Binn\sqlservr.exe
ReportingServicesService.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS\MSSQL\Binn\ReportingServicesService.exe
dsamain.exe
%WinDir%\System32\dsamain.exe
|
Other executable processes (from default FEP Rule Template from SCCM 2012) |
IsaApplianceInit.exe
IsaMgmt.exe
MsFpcSqmAgent.exe
NicsRestorer.exe
NLBClear.exe
UpdateAgent.exe
VpnHelpr.exe
tmgpolicysuite.exe
tmgbpacmd.exe
tmgbpa.exe
bpa2visio.exe
tmgbpapack.exe
tmgdatapackager.exe
|
TMG cache files
|
.cdat
|
Источники информации:
Серверы баз данных Microsoft SQL Server 2005 – 2016
SQL Server Common Processes |
SQLServr.exe
ReportingServicesService.exe
MSMDSrv.exe
|
SQL Server Common File Name Extensions |
.mdf
.ldf
.ndf
.bak
.trn
.trc
.sqlaudit
.sql
|
SQL Server 2005 Processes |
%ProgramFiles%\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLServr.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL.2\OLAP\Bin\MSMDSrv.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
|
SQL Server 2005 Folders |
%ProgramFiles%\Microsoft SQL Server\MSSQL.1\MSSQL\Data
%ProgramFiles%\Microsoft SQL Server\MSSQL.1\MSSQL\FTData
%ProgramFiles%\Microsoft SQL Server\MSSQL.2\OLAP\Log
%ProgramFiles%\Microsoft SQL Server\MSSQL.2\OLAP\Backup
%ProgramFiles%\Microsoft SQL Server\MSSQL.2\OLAP\Data
|
SQL Server 2008 Processes |
%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLServr.exe
%ProgramFiles%\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\Bin\MSMDSrv.exe
%ProgramFiles%\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
|
SQL Server 2008 Folders |
%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Data
%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\FTData
%ProgramFiles%\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\Log
%ProgramFiles%\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\Backup
%ProgramFiles%\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\Data
|
SQL Server 2008 R2 Processes |
%ProgramFiles%\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLServr.exe
%ProgramFiles%\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Bin\MSMDSrv.exe
%ProgramFiles%\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
|
SQL Server 2008 R2 Folders |
%ProgramFiles%\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Data
%ProgramFiles%\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\FTData
%ProgramFiles%\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Log
%ProgramFiles%\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Backup
%ProgramFiles%\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Data
|
SQL Server 2012 Processes |
%ProgramFiles%\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLServr.exe
%ProgramFiles%\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\Bin\MSMDSrv.exe
%ProgramFiles%\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
|
SQL Server 2012 Folders |
%ProgramFiles%\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Data
%ProgramFiles%\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\FTData
%ProgramFiles%\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\Log
%ProgramFiles%\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\Backup
%ProgramFiles%\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\Data
|
SQL Server 2014 Processes |
%ProgramFiles%\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\SQLServr.exe
%ProgramFiles%\Microsoft SQL Server\MSAS12.MSSQLSERVER\OLAP\Bin\MSMDSrv.exe
%ProgramFiles%\Microsoft SQL Server\MSRS12.MSSQLSERVER\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
|
SQL Server 2014 Folders |
%ProgramFiles%\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Data
%ProgramFiles%\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\FTData
%ProgramFiles%\Microsoft SQL Server\MSAS12.MSSQLSERVER\OLAP\Log
%ProgramFiles%\Microsoft SQL Server\MSAS12.MSSQLSERVER\OLAP\Backup
%ProgramFiles%\Microsoft SQL Server\MSAS12.MSSQLSERVER\OLAP\Data
|
SQL Server 2016 Processes |
%ProgramFiles%\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Binn\SQLServr.exe
%ProgramFiles%\Microsoft SQL Server\MSAS13.MSSQLSERVER\OLAP\Bin\MSMDSrv.exe
%ProgramFiles%\Microsoft SQL Server\MSRS13.MSSQLSERVER\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
|
SQL Server 2016 Folders |
%ProgramFiles%\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\Data
%ProgramFiles%\Microsoft SQL Server\MSSQL13.MSSQLSERVER\MSSQL\FTData
%ProgramFiles%\Microsoft SQL Server\MSAS13.MSSQLSERVER\OLAP\Log
%ProgramFiles%\Microsoft SQL Server\MSAS13.MSSQLSERVER\OLAP\Backup
%ProgramFiles%\Microsoft SQL Server\MSAS13.MSSQLSERVER\OLAP\Data
|
Примечание: если используются именованные экземпляры SQL Server, то выделенное красным цветом имя экземпляра по-умолчанию MSSQLSERVER нужно заменять на своё имя экземпляра.
Источники информации:
Сторонние серверы баз данных под Windows
Oracle databases files
|
*.ora
*.ctl
|
Firebird, dBase, etc files
|
*.dbf
*.cdx
*.fdb
*.edb
*.ib
*.gdi
*.gdb
|
Компоненты Microsoft System Center
Microsoft System Center Virtual Machine Manager
SCVMM Common
Processes
|
vmmAgent.exe
vmmservice.exe
|
SCVMM Agent 2008 R2
|
%ProgramFiles%\Microsoft System Center Virtual Machine Manager 2008 R2\bin\vmmAgent.exe
|
SCVMM Agent 2012
|
%ProgramFiles%\Microsoft System Center 2012\Virtual Machine Manager\bin\vmmAgent.exe |
SCVMM Server 2012
|
%ProgramFiles%\Microsoft System Center 2012\Virtual Machine Manager\bin\vmmservice.exe |
SCVMM Agent 2012 R2
|
%ProgramFiles%\Microsoft System Center 2012 R2\Virtual Machine Manager\bin\vmmAgent.exe |
SCVMM Server 2012 R2
|
%ProgramFiles%\Microsoft System Center 2012 R2\Virtual Machine Manager\bin\vmmservice.exe |
Microsoft System Center Data Protection Manager
System Center DPM
Common Processes |
%WinDir%\Microsoft.net\Framework\v2.0.50727\csc.exe
%WinDir%\Microsoft.net\Framework\v4.0.30319\csc.exe
dpmra.exe
%ProgramFiles%\Microsoft Data Protection Manager\DPM\bin\dpmra.exe
|
System Center 2007-2010
DPM Server Files
|
%ProgramFiles%\Microsoft DPM\DPM\XSD
%ProgramFiles%\Microsoft DPM\DPM\Temp\MTA
%ProgramFiles%\Microsoft DPM\DPM\Volumes
%ProgramFiles%\Microsoft DPM\DPM\bin\dpmra.exe
|
System Center 2012
DPM Server Files
|
%ProgramFiles%\Microsoft System Center 2012\DPM\DPM\XSD
%ProgramFiles%\Microsoft System Center 2012\DPM\DPM\Temp\MTA
%ProgramFiles%\Microsoft System Center 2012\DPM\DPM\Volumes
%ProgramFiles%\Microsoft System Center 2012\DPM\DPM\bin\dpmra.exe
|
System Center 2012 R2
DPM Server Files
|
%ProgramFiles%\Microsoft System Center 2012 R2\DPM\DPM\XSD
%ProgramFiles%\Microsoft System Center 2012 R2\DPM\DPM\Temp\MTA
%ProgramFiles%\Microsoft System Center 2012 R2\DPM\DPM\Volumes
%ProgramFiles%\Microsoft System Center 2012 R2\DPM\DPM\bin\dpmra.exe
|
System Center 2016
DPM Server Files
|
%ProgramFiles%\Microsoft System Center 2016\DPM\DPM\XSD
%ProgramFiles%\Microsoft System Center 2016\DPM\DPM\Temp
%ProgramFiles%\Microsoft System Center 2016\DPM\DPM\Volumes
%ProgramFiles%\Microsoft System Center 2016\DPM\DPM\bin\dpmra.exe
Drive letter of Modern Backup Storage volume
%ProgramFiles%\Microsoft Azure Recovery Services Agent\
%ProgramFiles%\Microsoft Azure Recovery Services Agent\bin\cbengine.exe
|
Источники информации:
Microsoft System Center Operations Manager
SCOM 2005 – 2012 R2 Common File Name Extensions
|
.chk
.log
.edb
.WKF
.PQF
.PQF0
.PQF1
|
SCOM Common Processes |
MomHost.exe
MonitoringHost.exe
HealthService.exe
CShost.exe
Microsoft.Mom.Sdk.ServiceHost.exe
|
SCOM 2007 Processes |
%ProgramFiles%\System Center Operations Manager 2007\HealthService.exe
%ProgramFiles%\System Center Operations Manager 2007\Microsoft.Mom.ConfigServiceHost.exe
%ProgramFiles%\System Center Operations Manager 2007\MonitoringHost.exe
|
SCOM 2007 Folders |
%ProgramFiles%\System Center Operations Manager 2007\Health Service State
|
SCOM 2012 Processes (Server) |
%ProgramFiles%\System Center 2012\Operations Manager\Server\monitoringhost.exe
%ProgramFiles%\System Center Operations Manager 2012\Server\monitoringhost.exe
|
SCOM 2012 Processes (Agent) |
%ProgramFiles%\System Center Operations Manager\Agent\monitoringhost.exe
|
SCOM 2012 Folders (Server) |
%ProgramFiles%\System Center 2012\Operations Manager\Server\Health Service State
%ProgramFiles%\System Center Operations Manager 2012\Server\Health Service State
|
SCOM 2012 Folders (Agent) |
%ProgramFiles%\System Center Operations Manager\Agent\Health Service State
|
SCOM 2012 R2 Processes (Server) |
%ProgramFiles%\System Center 2012\Operations Manager\Server\monitoringhost.exe
|
SCOM 2012 R2 Processes (Agent) |
%ProgramFiles%\System Center Operations Manager\Agent\monitoringhost.exe
|
SCOM 2012 R2 Folders (Server) |
%ProgramFiles%\Microsoft System Center 2012 R2\Operations Manager\Server\Health Service State
%ProgramFiles%\System Center Operations Manager\Gateway\
\Health Service State
|
SCOM 2012 R2 Folders (Agent) |
%ProgramFiles%\Microsoft Monitoring Agent\Agent\Health Service State
|
Источники информации:
Microsoft System Center Configuration Manager
SCCM Server Common Files |
%ProgramFiles%\Microsoft Configuration Manager\Install.map
%ProgramFiles%\Microsoft Configuration Manager\inboxes
%ProgramFiles%\Microsoft Configuration Manager\Logs
%ProgramFiles%\SMS_CCM\ServiceData
%ProgramFiles(x86)%\Microsoft Configuration Manager\inboxes
%ProgramFiles(x86)%\Microsoft Configuration Manager\Logs
%ProgramFiles(x86)%\SMS_CCM\ServiceData
%SystemDrive%\SMSPKG
<DriveLetter>:\SMS_CCM\ServiceData
<DriveLetter>:\SMSSIG$
<DriveLetter>:\SMSPKGSIG
<DriveLetter>:\SMSPKG
<DriveLetter>:\SMSPKG<DriveLetter>$
<DriveLetter>:\SCCMContentLib
%SMS_LOG_PATH%
%SMS_ADMIN_UI_PATH%
|
SCCM Agent Common Folders |
%SystemRoot%\System32\CCM\Cache
%SystemRoot%\ccmcache
%SystemRoot%\CCM\Logs
|
SCCM Server Common Processes |
Smsexec.exe
Ccmexec.exe
CmRcService.exe
Sitecomp.exe
Smswriter.exe
Smssqlbkup.exe
|
Примечание: значение <DriveLetter> должно быть заменено на конкретные буквы дисков используемых установленным экземпляром SCCM, поэтому желательно, чтобы в организации существовала какая-то стандартизация в этом плане.
Источники информации:
Серверы виртуализации Microsoft Hyper-V
Hyper-V Default Folders |
%PUBLIC%\Documents\Hyper-V\Virtual Hard Disks
%ProgramData%\Microsoft\Windows\Hyper-V
%ProgramData%\Microsoft\Windows\Hyper-V\Snapshots
%SystemDrive%\ClusterStorage
|
Hyper-V Processes
|
%SystemRoot%\system32\vmwp.exe
%SystemRoot%\system32\vmms.exe
%SystemRoot%\system32\vmicsvc.exe
|
Hyper-V File
File Name Extensions |
.xml
.vhdx
.vhd
.vfd
.avhd
.avhdx
.iso
.vsv
.bin
|
Источники информации:
Серверы с виртуализацией приложений Microsoft App-V
Clients Windows XP or Windows Server 2003 |
%USERPROFILE%\Application Data\SoftGrid Client
%ALLUSERSPROFILE%\Application Data\Microsoft\Application Virtualization Client
%ALLUSERSPROFILE%\Documents\SoftGrid Client
|
Clients Windows Vista, Windows Server 2008 or later |
%USERPROFILE%\AppData\Local\SoftGrid Client
%USERPROFILE%\AppData\Roaming\SoftGrid Client
%ProgramData%\Microsoft\Application Virtualization Client\SoftGrid Client
%ProgramData%\Microsoft\AppV\Client\
%USERPROFILE%\AppData\Local\Microsoft\AppV\Client\
|
Источники информации:
Дополнительные источники информации:
Поделиться ссылкой на эту запись:
Похожее
Обратная ссылка: Antivirus Exclusions « Share IT /
Reblogged this on Заметки IT Менеджера and commented:
Списки исключений для антивирусов, работающих на Windows Server
Обратная ссылка: Развертывание и конфигурирование клиентских компонент Forefront Client Security с помощью GPO | Блог IT-KB /
Обратная ссылка: Hyper-V Best Practies | Блог IT-KB /
Обратная ссылка: ИТ Вестник №08.2016 | Блог IT-KB /