Compartir a través de


Recommendations for antivirus exclusions in MOM 2005 and OpsMgr 2007

I came across some official antivirus exclusion recommendations for MOM 2005 and Operations Manager 2007 that came from Kevin Holman, a Senior PFE out of our Las Colinas office.  If you need to add some exclusions then consider this gospel:

========

Exclusions by process executable:

Creating exclusions based on the executable can potential be very dangerous in that it limits the control of scanning potentially dangerous files handled by the process.  For this reason, unless absolutely necessary, we do not recommend relying on exclusions based on any process executables for MOM or OpsMgr servers.  However with that said, if you do decide that you need to make exclusions based on the process executables for whatever reason they are listed below:

MOM 2005 – momhost.exe
OpsMgr 2007 – monitoringhost.exe

Exclusions by Directories: The following includes real-time, scheduled scanner and local scanner directory specific exclusions for Operations Manager.  The directories listed here are default application directories.  You may need to modify these paths based on your specific environment.  Only the following MOM\OpsMgr related directories should be excluded. 

Important Note: When a directory to be excluded is greater than 8 characters in length, add both the short and long file names of the directory into the exclusion list. To traverse the sub-directories, this is required by some AV programs.

SQL Database Servers:
These include the SQL Server database files used by Operations Manager components as well as system database files for the master database and tempdb.  To exclude these by directory, exclude the directory for the LDF and MDF files:

Examples:
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data
D:\MSSQL\DATA
E:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Log

MOM 2005 (management servers and agents): These include the queue and log files used by Operations Manager.

Example:
C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Operations Manager\

OpsMgr 2007 (management servers and agents): These include the queue and log files used by Operations Manager.

Example:
C:\Program Files\System Center Operations Manager 2007\Health Service State\Health Service Store

Exclusion of File Type by Extensions: The following includes real-time, scheduled scanner and local scanner file extension specific exclusions for Operations Manager. 

SQL Database Servers: These include the SQL Server database files used by Operations Manager components as well as system database files for the master database and tempdb. 

Examples:
MDF, LDF

MOM 2005 (management servers and agents): These include the queue and log files used by Operations Manager.

Example:
WKF, PQF, PQF0, PQF1

OpsMgr 2007 (management servers and agents): These include the queue and log files used by Operations Manager.

Example:
EDB, CHK, LOG.

Note: Page files should also be excluded from any real time scanning.

=========

There are also some great recommendations over on Nick MacKechnie's blog so you'll want to check that out as well.

Hope this helps!

J.C. Hornbeck | Manageability Knowledge Engineer

Comments

  • Anonymous
    January 01, 2003
    Exclusions by process executable: Creating exclusions based on the executable can potential be very dangerous

  • Anonymous
    January 01, 2003
    thank you