Endpoint Insights

ConfigMgr 2012 and Anti-Virus Software Exclusions for Site Servers

Topics: Endpoint Insights

As I explained in my previous blog post, I was doing some work for a client and one of the items we discussed was anti-virus software exclusions. These exclusions are not only important for workstations, but also for site servers. In fact, anti-virus software exclusions are even more important to the overall performance of a Configuration Manager site server. Again, this may seem counter-intuitive, but in order for Configuration Manager to run efficiently, without causing too much overhead to Disk IO and CPU, there are a number of recommended anti-virus software exclusions that should be implemented.

You would think that this information could be easily found within Configuration Manager 2012’s documentation, but it isn’t. To help you out, below is a list of anti-virus software exclusions that I recommend that you implement for site servers. Please make sure to also read my blog post about McAfee and SCCM if you are using McAfee anti-virus software.

Directories:

Note:  Adjust paths to match where Configuration Manager 2012 is installed.

%allusersprofile%NTUser.pol
%systemroot%system32GroupPolicyregistry.pol
%windir%Securitydatabase*.chk
%windir%Securitydatabase*.edb
%windir%Securitydatabase*.jrs
%windir%Securitydatabase*.log
%windir%Securitydatabase*.sdb
%windir%SoftwareDistributionDatastoreDatastore.edb
%windir%SoftwareDistributionDatastoreLogsedb.chk
%windir%SoftwareDistributionDatastoreLogsedb*.log
%windir%SoftwareDistributionDatastoreLogsEdbres00001.jrs
%windir%SoftwareDistributionDatastoreLogsEdbres00002.jrs
%windir%SoftwareDistributionDatastoreLogsRes1.log
%windir%SoftwareDistributionDatastoreLogsRes2.log
%windir%SoftwareDistributionDatastoreLogstmp.edb
%programfiles%Microsoft Configuration ManagerInboxes*.*
%programfiles(x86)%Microsoft Configuration ManagerInboxes*.*
%systemroot%system32GroupPolicyMachineregistry.pol
%systemroot%system32GroupPolicyUserregistry.pol
C:WindowsTEMPBootImages and subfolders.
D:SCCMContentLib
D:SMSPKG
D:SMSPKGD$
D:SMSPKGSIG
D:SMSSIG$
D:Program FilesSMS_CCMServiceData
D:Program FilesSMS_CCMLogs
D:Program FilesMicrosoft Configuration ManagerLogs
D:Program FilesMicrosoft Configuration ManagerInstall.map
D:Sources
D:SCCMImages
D:CMBak

Processes to exclude:

Smsexec.exe
Ccmexec.exe
CmRcService.exe
Sitecomp.exe
Smswriter.exe
Smssqlbbkup.exe

SQL Server Processes to exclude:

 

·         %ProgramFiles%Microsoft SQL ServerMSSQL11. <InstanceName>MSSQLBinnSQLServr.exe

·         %ProgramFiles%Microsoft SQL ServerMSRS11. <InstanceName>Reporting ServicesReportServerBinReportingServicesService.exe

 

SQL Server Files and Folders to exclude:

 

*.mdf
*.ldf
*.ndf
*.bak
*.trn

IIS Exclusions:

* .ida
%systemroot%IIS Temporary Compressed Files
%SystemDrive%inetpubtempIIS Temporary Compressed Files

WSUS Exclusions:

 

*.cab
WSUSWSUSContent
WSUSUpdateServicesDBFiles
SoftwareDistributionDatastore
SoftwareDistributionDownload

If you have any questions or concerns about this list of anti-virus software exclusions, please feel free to contact me @GarthMJ or comment at the end of this blog post.

Configuration Manager 2012 and Anti-Virus Software Exclusions for Site Servers