Petri Newsletter Sign-up
Office 365 Insider

Here at Petri.com, we get IT — and so can you. Subscribe today to stay informed and knowledgeable regarding the latest on IT.

    See All Petri Newsletters

    Anti Virus Exclusion Guidelines for Microsoft Products

    Posted on by Petri IT Knowledgebase Team in Security with 7 Comments

    Running a good, constantly updated Anti-Virus program on your computers – server and workstations – is a must when looking into the potential risks in today’s IT world. However, when installing Anti-Virus software on a computer, you also risk having issues with some of the services and applications that run on these computers, most specially with the server machines. Anti-Virus software scans and sometimes locks files on the computers, and when you scan these files, performance and operating system reliability problems may occur because of file locking.

    This is why it is extremely important to properly configure the Anti-Virus software to exclude specific files, file type and/or folders on the computers (most importantly – server machines) with an anti virus exclusion.

    However, please note: When possible, try not exclude files based on the file name extension. For example, try not exclude all files that have a .dit or .vhd extensions. Of course this may not always be possible, but do try to be as specific as possible with any anti virus exclusion . In addition, try to exclude specific files and not entire folders. Excluding an entire folder maybe simpler but may not provide as much protection as excluding specific files based on file names.

    With that said, enclosed is a comprehensive list of services and or software and links to articles that describe the proper Microsoft recommendations for configuring anti-Virus software that runs on servers hosting them.

    General Enterprise Configuration Recommendations for Windows operating systems:

    http://support.microsoft.com/kb/822158

    Forefront:

    http://support.microsoft.com/kb/943556

    http://support.microsoft.com/kb/943620

    http://technet.microsoft.com/en-us/library/cc707727.aspx

    Windows / Active Directory:

    http://support.microsoft.com/kb/822158

    http://support.microsoft.com/kb/837932

    http://support.microsoft.com/kb/943556

    FRS:

    http://support.microsoft.com/kb/815263

    SQL:

    http://support.microsoft.com/kb/309422

    IIS:

    http://support.microsoft.com/kb/821749

    http://support.microsoft.com/kb/817442

    DHCP:

    http://support.microsoft.com/kb/927059

    SCCM:

    http://blogs.technet.com/b/configurationmgr/archive/2010/11/30/configmgr-2007-antivirus-scan-and-exclusion-recommendations.aspx

    SCOM / MOM:

    http://support.microsoft.com/kb/975931

    http://social.technet.microsoft.com/wiki/contents/articles/recommendations-for-antivirus-exclusions-in-mom-2005-and-operations-manager-2007.aspx

    SMS:

    http://support.microsoft.com/kb/327453

    Hyper-V:

    http://support.microsoft.com/kb/961804

    Med-V:

    http://social.technet.microsoft.com/wiki/contents/articles/recommended-anti-virus-exclusions-for-med-v-client-and-workspace-installations.aspx

    App-V:

    http://support.microsoft.com/kb/2576031

    Exchange Server:

    http://support.microsoft.com/kb/328841

    http://support.microsoft.com/kb/823166

    http://support.microsoft.com/kb/245822

    http://technet.microsoft.com/en-us/library/bb332342(EXCHG.80).aspx

    http://technet.microsoft.com/en-us/library/bb332342.aspx

    Lync:

    http://technet.microsoft.com/en-us/library/gg195736.aspx

    Failover Clustering:

    http://support.microsoft.com/kb/250355

    SharePoint:

    http://support.microsoft.com/kb/952167

    http://support.microsoft.com/kb/320111

    http://support.microsoft.com/kb/322941

    ISA:

    http://support.microsoft.com/kb/887311

    WSUS and Windows Update:

    http://support.microsoft.com/kb/900638

    SBS:

    http://support.microsoft.com/kb/885685

    DPM:

    http://technet.microsoft.com/en-us/library/bb808691.aspx

    http://technet.microsoft.com/en-us/library/ff399439.aspx

    Dynamics CRM:

    http://community.dynamics.com/product/crm/crmtechnical/b/crminthefield/archive/2011/01/24/anti-virus-exclusions-for-microsoft-dynamics-crm.aspx

    Dynamics AX:

    http://blogs.msdn.com/b/czdaxsup/archive/2010/05/13/ax-application-files-locked-by-another-process.aspx

    Some sources for this list include:

    Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows
    http://support.microsoft.com/kb/822158

    Anti-Virus Exclusions and You! – Dude where’s my PFE? – Site Home – TechNet Blogs
    http://blogs.technet.com/b/jeff_stokes/archive/2010/05/19/anti-virus-exclusions-and-you.aspx

    Windows Anti Virus Exclusion List – TechNet Articles – Home – TechNet Wiki
    http://social.technet.microsoft.com/wiki/contents/articles/953.aspx

    Conclusion

    Anti virus software is a good idea to protect your machine but they can cause some conflicts. Setting up simple anti virus exclusions is a good way around this issue. This article serves as a nice list of anti virus exclusion guidelines for Microsoft products specifically.

    BECOME A PETRI MEMBER:

    Don't have a login but want to join the conversation? Sign up for a Petri Account

    Register