Trend OfficeScan - Recommended Exemptions?

Discussion in 'Windows Server' started by Roman, Dec 30, 2007.

  1. Roman

    Roman Guest

    I'm deploying Trend OfficeScan across a small 5 client single server network.
    Are there any recommended antivirus scan Exemption Rules for Server 2003 R2
    x64 that should be in place?

    The server is running Terminal Services with the Office suite so e-mail etc
    is stored on the server.
     
    Roman, Dec 30, 2007
    #1
    1. Advertisements

  2. Roman

    FHFD Admin Guest

    Hello Roman! Here is the guidline I just used, graciously provided by on
    the posters over on the Microsoft SBS forum:

    Mark Storm


    Trend Micro CSM Suite File/Folder Exclusions:

    Hi Mark:

    Listed below are the items and their default locations - your
    installation may be different.


    Exchange
    Exchange Server Database = C:\Program Files\Exchsrvr\Mdbdata (check
    location see note above)
    Exchange MTA files = C:\Program Files\Exchsrvr\Mtadata
    Exchange Message tracking log files = C:\Program
    Files\Exchsrvr\server_name.log
    Exchange SMTP Mailroot = C:\Program Files\Exchsrvr\Mailroot
    Exchange working files = C:\Program Files\Exchsrvr\Mdbdata
    C:\Program Files\Exchsrvr\Conndata
    Site Replication Service (not normally used in SBS but should be
    excluded anyway) =
    C:\Program Files\Exchsrvr\srsdata


    IIS related Exclusions
    IIS System Files = C:\WINDOWS\system32\inetsrv
    IIS Compression Folder = C:\WINDOWS\IIS Temporary Compressed Files


    Domain Controller related exclusions
    Active Directory database files = C:\WINDOWS\NTDS
    SYSVOL C:\WINDOWS\SYSVOL
    NTFRS Database Files = C:\WINDOWS\ntfrs


    Windows SharePoint Services
    Temporary SharePoint space = C:\windows\temp\Frontpagetempdir

    Service Related Data Bases
    DHCP Database Store = C:\WINDOWS\system32\dhcp
    WINS Database Store = C:\WINDOWS\system32\wins
    X:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Data
    X:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Data
    X:\Program Files\Microsoft SQL Server\MSSQL\Data


    Additional Exclusions
    Removable Storage Database (used by SBS Backup) =
    C:\Windows\System32\ntmsdata
    SBS POP3 connector Failed Mail = C:\Program Files\Microsoft Windows
    Small Business Server\Networking\POP3\Failed Mail
    SBS POP3 connector Incoming Mail = C:\Program Files\Microsoft Windows
    Small Business Server\Networking\POP3\Incoming Mail
    Windows Update Store = C:\WINDOWS\SoftwareDistribution\DataStore
    X:\urlcache
    X:\pagefile.sys

    AV Progam Exclusions
    x:\Folder where AV puts quarrentined files
    X:\<AV application folder>

    Desktop Folder Exclusions
    These folders need to be excluded in the desktops and notebooks
    clients.
    Windows Update Store = C:\WINDOWS\SoftwareDistribution\DataStore

    SBS Licensing Exclusions
    File - %windir%\system32\licstr.cpa
    Folder - %windir%\windows\system32\lls
    NOTE: Run the License Wiz and backup the licenses to a secure folder.

    Terminal Services Licensing Exclusions
    C:\WINDOWS\System32\LServer
    Should contain the following TS related stuff:

    edb.log
    edb.chk
    res1.log
    res2.log
    TLSLic.edb
    temp.edb

    Also, Refer to the MS KB Articles
    815623
    822158
    245822
    284947

    Per 822158
    The Windows Update or Automatic Update database file
    %windir%\SoftwareDistribution\Datastore\datastore.edb

    The transaction log files. These files are located in the following
    folder
    %windir%\SoftwareDistribution\Datastore\Logs\edb*.log
    Note The wildcard character indicates that there may be several files.
    . Res1.log
    . Res2.log
    . Edb.chk
    . Tmp.edb

    Per 815623
    In summary, the targeted and excluded list of folders for a SYSVOL
    tree that is placed in its default location would look similar to the
    following:
    1. %systemroot%\sysvol Exclude
    2. %systemroot%\sysvol\domain Scan
    3. %systemroot%\sysvol\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory
    Exclude
    4. %systemroot%\sysvol\domain\Policies Scan
    5. %systemroot%\sysvol\domain\Scripts Scan
    6. %systemroot%\sysvol\staging Exclude
    7. %systemroot%\sysvol\staging areas Exclude
    8. %systemroot%\sysvol\sysvol Exclude

    If any one of these folder or files have been moved or placed in a
    different location, scan or exclude the equivalent element.

    . DFS
    The same resources that are excluded for a SYSVOL replica set must
    also be excluded when FRS is used to replicate shares that are mapped
    to the DFS root and link targets on Windows 2000 or Windows Server
    2003-based member computers or domain controllers.

    Aren't you sorry you asked?
     
    FHFD Admin, Dec 30, 2007
    #2
    1. Advertisements

  3. Roman

    Roman Guest

    Hi Mark,

    Thank you for the detailed post - I'm almost sorry I asked! I'll get to work
    on this list tomorrow before running OfficeScan.

    Regards,
    Roman
     
    Roman, Dec 30, 2007
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.