Home Uncategorized SBS 2003 / 2008 & Antivirus

SBS 2003 / 2008 & Antivirus

Posted on Posted in Uncategorized

2008

Exchange 2007

C:PROGRAM FILESMICROSOFTEXCHANGE SERVERMAILBOXFIRST STORAGE GROUP
C:PROGRAM FILESMICROSOFTEXCHANGE SERVERMAILBOXSECOND STORAGE GROUP

SQL Servers

C:PROGRAM FILESMICROSOFT SQL SERVERMSSQL10.SQLEXPRESSMSSQLDATA
C:WSUSSUSDBUPDATESERVICESDBFILES
C:PROGRAM FILES (X86)MICROSOFT SQL SERVERMSSQL.1MSSQLDATA
C:WINDOWSSYSMSISSEEMSSQL.2005MSSQLDATA

 

*Domain Controller related exclusions*
Active Directory database files = C:WINDOWSNTDS
SYSVOL C:WINDOWSSYSVOL
NTFRS Database Files = C:WINDOWSntfrs

2003

There are in fact a large number of exclusions that should be configured for any anti-virus, not just for NOD32. Try working through all of the following to see if that helps…

* Exchange*
Exchange Server Database = C:Program FilesExchsrvrMdbdata (check location)
Exchange MTA files = C:Program FilesExchsrvrMtadata
Exchange Message tracking log files = C:Program FilesExchsrvrserver_name.log
Exchange SMTP Mailroot = C:Program FilesExchsrvrMailroot
Exchange working files = C:Program FilesExchsrvrMdbdata
C:Program FilesExchsrvrConndata
Site Replication Service (not normally used in SBS but should be excluded anyway) =
C:Program FilesExchsrvrsrsdata

*IIS related Exclusions*
IIS System Files = C:WINDOWSsystem32inetsrv
IIS Compression Folder = C:WINDOWSIIS Temporary Compressed Files

*Domain Controller related exclusions*
Active Directory database files = C:WINDOWSNTDS
SYSVOL C:WINDOWSSYSVOL
NTFRS Database Files = C:WINDOWSntfrs

*Windows SharePoint Services*
Temporary SharePoint space = C:windowstempFrontpagetempdir

*Service Related Data Bases*
DHCP Database Store = C:WINDOWSsystem32dhcp
WINS Database Store = C:WINDOWSsystem32wins
X:Program FilesMicrosoft SQL ServerMSSQL$SBSMONITORINGData
X:Program FilesMicrosoft SQL ServerMSSQL$SHAREPOINTData
X:Program FilesMicrosoft SQL ServerMSSQLData

*Additional Exclusions*
Removable Storage Database (used by SBS Backup) = C:WindowsSystem32ntmsdata
SBS POP3 connector Failed Mail = C:Program FilesMicrosoft Windows Small Business ServerNetworkingPOP3Failed Mail
SBS POP3 connector Incoming Mail = C:Program FilesMicrosoft Windows Small Business ServerNetworkingPOP3Incoming Mail
Windows Update Store = C:WINDOWSSoftwareDistributionDataStore
X:urlcache
X:pagefile.sys

*AV Progam Exclusions*
x:Folder where AV puts quarrentined files
X:<AV application folder>

*Desktop Folder Exclusions*
These folders need to be excluded in the desktops and notebooks clients.
Windows Update Store = C:WINDOWSSoftwareDistributionDataStore

*SBS Licensing Exclusions*
File – %windir%system32licstr.cpa
Folder – %windir%windowssystem32lls
NOTE: Run the License Wiz and backup the licenses to a secure folder.

*Terminal Services Licensing Exclusions*
C:WINDOWSSystem32LServer
(folder should contain the following TS related stuff):
edb.log
edb.chk
res1.log
res2.log
TLSLic.edb
temp.edb

*Also, Refer to the MS KB Articles*
815623
822158
245822
284947

*Per 822158*
The Windows Update or Automatic Update database file
%windir%SoftwareDistributionDatastoredatastore.edb

The transaction log files. These files are located in the following folder
%windir%SoftwareDistributionDatastoreLogsedb*.log
Note The wildcard character indicates that there may be several files.
. Res1.log
. Res2.log
. Edb.chk
. Tmp.edb

*Per 815623*
In summary, the targeted and excluded list of folders for a SYSVOL tree that is placed in its default location would look similar to the following:
1. Exclude: %systemroot%sysvol
2. Scan: %systemroot%sysvoldomain
3. Exclude: %systemroot%sysvoldomainDO_NOT_REMOVE_NtFrs_PreInstall_Directory
4. Scan: %systemroot%sysvoldomainPolicies
5. Scan: %systemroot%sysvoldomainScripts
6. Exclude: %systemroot%sysvolstaging
7. Exclude: %systemroot%sysvolstaging areas
8. Exclude: %systemroot%sysvolsysvol

If any one of these folder or files have been moved or placed in a different location, scan or exclude the equivalent element.

DFS
The same resources that are excluded for a SYSVOL replica set must also be excluded when FRS is used to replicate shares that are mapped to the DFS root and link targets on Windows 2000 or Windows Server 2003-based member computers or domain controllers.

 

http://www.wilderssecurity.com/showthread.php?p=1178561