Turn off scanning of the Microsoft Forefront "tmp.

edb" file If you are using Forefront, turn off scanning of the Forefront database file (tmp .edb). This file is located in the following folder: %windir%\SoftwareDistribution\Datastore Turn off scanning of the log files that are located in the following folder: %ProgramData%\Microsoft\Search\Data\Applications\Windows Turn off scanning of Windows Update or Automatic Update related files Turn off scanning of the Windows Update or Automatic Update database file (Datast ore.edb). This file is located in the following folder: %windir%\SoftwareDistribution\Datastore Turn off scanning of the log files that are located in the following folder: %windir%\SoftwareDistribution\Datastore\Logs Specifically, exclude the following files: ?Res*.log ?Edb*.jrs ?Edb.chk ?Tmp.edb Turn off scanning of Windows Security files Add the following files in the %windir%\Security\Database path of the exclusions list: ?*.edb ?*.sdb ?*.log ?*.chk ?*.jrs Turn off scanning of Group Policy related files Group Policy user registry information. These files are located in the following folder: %allusersprofile%\ Specifically, exclude the following file: NTUser.pol Group Policy client settings file. This file is located in the following folder: %Systemroot%\System32\GroupPolicy\ Specifically, exclude the following file: Registry.pol Turn off scanning of Active Directory and Active Directory-related files Exclude the Main NTDS database files. The location of these files is specified in the following registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\DSA Databas e File The default location is %windir%\Ntds. Specifically, exclude the following files : Ntds.dit Ntds.pat Exclude the Active Directory transaction log files. The location of these files i s specified in the following registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\Database Lo g Files Path The default location is %windir%\Ntds. Specifically, exclude the following files : ?EDB*.log ?Res*.log ?Edb*.jrs ?Ntds.pat Note Windows Server 2003 no longer uses the Ntds.pat file.

Exclude the files in the NTDS Working folder that is specified in the following r egistry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\DSA Working Directory Specifically, exclude the following files: ?Temp.edb ?Edb.chk Turn off scanning of SYSVOL files Turn off scanning of files in the File Replication Service (FRS) Working folder t hat is specified in the following registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Working Di rectory The default location is %windir%\Ntfrs. Exclude the following files that exist i n the folder: ?edb.chk in the %windir%\Ntfrs\jet\sys folder ?Ntfrs.jdb in the %windir%\Ntfrs\jet folder ?*.log in the %windir%\Ntfrs\jet\log folder Turn off scanning of files in the FRS Database Log files that are specified in th e following registry key: HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\Ntfrs\Parameters\DB Log Fil e Directory The default location is %windir%\Ntfrs. Exclude the following files: ?Edb*.log (if the registry key is not set). ?FRS Working Dir\Jet\Log\Edb*.jrs (Windows Server 2008 and Windows Server 2008 R 2). Note Settings for specific file exclusions is documented here for completeness. By default, these folders allow access only to System and Administrators. Please verify that the correct protections are in place. These folders contain only co mponent working files for FRS and DFSR. Turn off scanning of the Staging folder as specified in the following registry ke y. HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\NtFrs\Parameters\Replica Se ts\GUID\Replica Set Stage By default, staging uses the following location: %systemroot%\Sysvol\Staging areas Exclude the following files: ?Nntfrs_cmp*.* Turn off scanning of files in the Sysvol\Sysvol folder. The current location of the Sysvol\Sysvol folder and all its subfolders is the f ile system reparse target of the replica set root. The Sysvol\Sysvol folder uses the following location: %systemroot%\Sysvol\Domain Exclude the following files from this folder and all its subfolders: ?*.adm ?*.admx ?*.adml ?Registry.pol ?*.aas ?*.inf ?Fdeploy.inf ?Scripts.ini ?*.ins ?Oscfilter.ini Turn off scanning of files in the FRS Preinstall folder that is in the following location: Replica_root\DO_NOT_REMOVE_NtFrs_PreInstall_Directory

The Preinstall folder is always open when FRS is running. Exclude the following files from this folder and all its subfolders: ?Ntfrs*.* Turn off scanning of files in the DFSR database and working folders. The location is specified by the following registry key: HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\DFSR\Parameters\Replication Groups\GUID\Replica Set Configuration File=Path > In this registry key, "Path" is the path of an XML file that states the name of the Replication Group. In this example, the path would contain "Domain System Vo lume." The default location is the following hidden folder: %systemdrive%\System Volume Information\DFSR Exclude the following files from this folder and all its subfolders: ?$db_normal$ ?FileIDTable_* ?SimilarityTable_* ?*.xml ?$db_dirty$ ?$db_lost$ ?Dfsr.db ?Fsr.chk ?*.frx ?*.log ?Fsr*.jrs ?Tmp.edb Turn off scanning of DFS files The same resources that are excluded for a SYSVOL replica set must also be exclu ded when FRS or DFSR is used to replicate shares that are mapped to the DFS root and link targets on Windows Server 2008 R2-based, Windows Server 2008-based, Wi ndows Server 2003-based, or Windows 2000-based member computers or domain contro llers. Turn off scanning of DHCP files By default, DHCP files that should be excluded are present in the following fold er on the server: %systemroot%\System32\DHCP Exclude the following files from this folder and all its subfolders: *.mdb *.pat *.log *.chk *.edb Turn off scanning of DNS files By default, DNS uses the following folder: %systemroot%\System32\Dns Exclude the following files from this folder and all its subfolders: *.log *.dns BOOT Turn off scanning of WINS files By default, WINS uses the following folder: %systemroot%\System32\Wins Exclude the following files from this folder and all its subfolders: *.chk *.log

*.mdb