Endpoint Insights
ConfigMgr 2012 and Anti-Virus Software Exclusions for Site Servers
Topics: Endpoint Insights
As I explained in my previous blog post, I was doing some work for a client and one of the items we discussed was anti-virus software exclusions. These exclusions are not only important for workstations, but also for site servers. In fact, anti-virus software exclusions are even more important to the overall performance of a Configuration Manager site server. Again, this may seem counter-intuitive, but in order for Configuration Manager to run efficiently, without causing too much overhead to Disk IO and CPU, there are a number of recommended anti-virus software exclusions that should be implemented.
You would think that this information could be easily found within Configuration Manager 2012’s documentation, but it isn’t. To help you out, below is a list of anti-virus software exclusions that I recommend that you implement for site servers. Please make sure to also read my blog post about McAfee and SCCM if you are using McAfee anti-virus software.
Directories: Note: Adjust paths to match where Configuration Manager 2012 is installed. |
%allusersprofile%NTUser.pol |
Processes to exclude: |
Smsexec.exe |
SQL Server Processes to exclude:
|
· %ProgramFiles%Microsoft SQL ServerMSSQL11. <InstanceName>MSSQLBinnSQLServr.exe · %ProgramFiles%Microsoft SQL ServerMSRS11. <InstanceName>Reporting ServicesReportServerBinReportingServicesService.exe
|
SQL Server Files and Folders to exclude:
|
*.mdf |
IIS Exclusions: |
* .ida |
WSUS Exclusions:
|
*.cab |
If you have any questions or concerns about this list of anti-virus software exclusions, please feel free to contact me @GarthMJ or comment at the end of this blog post.