< Blog

Configuration Manager 2012 and Anti-Virus Software Exclusions for Site Servers

By Garth Jones

As I explained in my previous blog post, I was doing some work for a client and one of the items we discussed was anti-virus software exclusions.

These exclusions are not only important for workstations, but also for site servers. In fact, anti-virus software exclusions are even more important to the overall performance of a Configuration Manager site server. Again, this may seem counter-intuitive, but in order for Configuration Manager to run efficiently, without causing too much overhead to Disk IO and CPU, there are a number of recommended anti-virus software exclusions that should be implemented.

You would think that this information could be easily found within Configuration Manager 2012’s documentation, but it isn’t. To help you out, below is a list of anti-virus software exclusions that I recommend that you implement for site servers.

Please make sure to also read my blog post about McAfee and SCCM if you are using McAfee anti-virus software.

Directories:

Note: Adjust paths to match where Configuration Manager 2012 is installed.

%allusersprofile%\NTUser.pol
%systemroot%\system32\GroupPolicy\registry.pol
%windir%\Security\database\*.chk
%windir%\Security\database\*.edb
%windir%\Security\database\*.jrs
%windir%\Security\database\*.log
%windir%\Security\database\*.sdb
%windir%\SoftwareDistribution\Datastore\Datastore.edb
%windir%\SoftwareDistribution\Datastore\Logs\edb.chk
%windir%\SoftwareDistribution\Datastore\Logs\edb*.log
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00001.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00002.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Res1.log
%windir%\SoftwareDistribution\Datastore\Logs\Res2.log
%windir%\SoftwareDistribution\Datastore\Logs\tmp.edb
%programfiles%\Microsoft Configuration Manager\Inboxes\*.*
%programfiles(x86)%\Microsoft Configuration Manager\Inboxes\*.*
%systemroot%\system32\GroupPolicy\Machine\registry.pol
%systemroot%\system32\GroupPolicy\User\registry.pol
C:\Windows\TEMP\BootImages and subfolders.
D:\SCCMContentLib
D:\SMSPKG
D:\SMSPKGD$
D:\SMSPKGSIG
D:\SMSSIG$
D:\Program Files\SMS_CCM\ServiceData
D:\Program Files\SMS_CCM\Logs
D:\Program Files\Microsoft Configuration Manager\Logs
D:\Program Files\Microsoft Configuration Manager\Install.map
D:\Sources
D:\SCCMImages
D:\CMBak

Processes to exclude:

Smsexec.exe
Ccmexec.exe
CmRcService.exe
Sitecomp.exe
Smswriter.exe
Smssqlbbkup.exe

SQL Server Processes to exclude:

·        %ProgramFiles%\Microsoft SQL Server\MSSQL11. <InstanceName>\MSSQL\Binn\SQLServr.exe

·        %ProgramFiles%\Microsoft SQL Server\MSRS11. <InstanceName>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe

SQL Server Files and Folders to exclude:

*.mdf
*.ldf
*.ndf
*.bak
*.trn

IIS Exclusions:

* .ida
%systemroot%\IIS Temporary Compressed Files
%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files


WSUS Exclusions:

*.cab
\WSUS\WSUSContent
\WSUS\UpdateServicesDBFiles
\SoftwareDistribution\Datastore
\SoftwareDistribution\Download

 

Configuration Manager 2012 and Anti-Virus Software Exclusions for Site Servers