Kaspersky Lab Scan Exclusions for Microsoft Products

Kaspersky Lab Scan Exclusions by Application
One of the first steps in the implementation of antivirus protection is creation of antivirus policies. On a
product by product basis, software vendors generally provide information as to what files, folders, processes
and file extensions should be excluded from scanning by an antivirus product. Its not a strict requirement
but it is generally done to improve performance of a system and/or increase system stability. In the end, it
becomes a determination of stability / performance versus security and should be handled on a case by case
basis given a specific product.
This article describes exclusions provided by Microsoft for its products specifically for:
Kaspersky Endpoint Security 10 for Windows

Kaspersky Anti-Virus 8.0 for Windows Servers Enterprise Edition
Transport level or product aware scanners like Kaspersky Anti-Virus for Microsoft ISA Server and Kaspersky
Security for Microsoft Exchange Server are out of scope of this document. In addition, non-Windows based
clients / servers are out of scope. In some cases, additional configuration, such as disabling the firewall
component of the antivirus software, is required for optimal operation of a server; however, agent
configuration beyond exclusions is out of scope.
Many of these items are also included in the default exclusion list available in KES 10 & WSEE 8.0 however
additional configuration may be required on a case by case basis. We have also included citations for the
specific Microsoft sites that discuss the exclusion in each section. Below, all recommendations are given for
default paths. If you use non default locations you should adjust these settings. All settings should be applied
temporary at first to evaluate a system.
In the current article you can find exclusions for:
Virus Scan Exclusions for Microsoft Products ..................................................................................................1
General Exclusions for Microsoft Windows 2008 R2, Windows 2008, Windows 2003 R2, Windows 2003,
Windows 2000, Windows 7, Windows Vista and Windows XP .........................................................................3
Windows Updates or Automatic Updates related files (database) ...........................................................3
Windows Updates or Automatic Updates related files (logs) ...................................................................4
Windows Security files ............................................................................................................................4
Group Policy related files. .......................................................................................................................4
Print Spooler ...........................................................................................................................................4
Paging file ...............................................................................................................................................4
MSMQ ....................................................................................................................................................4
Domain Controllers on Microsoft Windows 2008 R2, Windows 2008, Windows 2003 R2, Windows 2003,
Windows 2000................................................................................................................................................5
Active Directory related files (NTDS database).........................................................................................5
Active Directory related files (transaction logs). ......................................................................................5
Page 1 of 29
Active Directory related files (NTDS working directory). ..........................................................................5

Sysvol files (FRS working directory) .........................................................................................................5
Sysvol files (FRS database logs)................................................................................................................5
Sysvol files (staging files). ........................................................................................................................6
Sysvol subfolder. .....................................................................................................................................6
Sysvol files (FRS preinstall directory). ......................................................................................................6
DFS files (database, logs and working folders) .........................................................................................6
DHCP Servers ..................................................................................................................................................7
DNS Servers ....................................................................................................................................................7
WINS Servers ..................................................................................................................................................7
IIS Servers 6.0/7.0 ...........................................................................................................................................7
WSUS Servers .................................................................................................................................................8
Server Clusters................................................................................................................................................8
SQL Servers.....................................................................................................................................................8
Common Exclusions ................................................................................................................................8
SQL Server 2005 ......................................................................................................................................9
SQL Server 2008 ......................................................................................................................................9
SQL Server 2008 R2 .................................................................................................................................9
SQL Server 2012 ......................................................................................................................................9
ISA and Forefront Servers ...............................................................................................................................9
ISA 2000................................................................................................................................................10
ISA 2004/2006 SE/EE .............................................................................................................................10
IAG 2007 ...............................................................................................................................................10
TMG MBE..............................................................................................................................................11
TMG 2010. ............................................................................................................................................11
UAG 2010..............................................................................................................................................11
System Center Products and Their Predecessors ...........................................................................................12
SMS 2003. .............................................................................................................................................12
SCCM 2012 ...........................................................................................................................................12
SCCM 2007............................................................................................................................................13
SCDPM 2007. ........................................................................................................................................13
SCOM 2007/2012 and MOM 2005.........................................................................................................13
Page 2 of 29
SharePoint Servers & Services.......................................................................................................................13

SharePoint Service 3.0...........................................................................................................................13
SharePoint Portal Server 2001/2003. ....................................................................................................14
SharePoint Server 2007. ........................................................................................................................14
SharePoint Foundation 2010 .................................................................................................................14
SharePoint Server 2010 .........................................................................................................................14
SharePoint Foundation 2013 .................................................................................................................15
SharePoint Server 2013 .........................................................................................................................15
Virtualization Solutions .................................................................................................................................15
Hyper-V Servers ....................................................................................................................................15
MED-V ..................................................................................................................................................15
App-V....................................................................................................................................................16
Microsoft SBS 2003.......................................................................................................................................16
Microsoft Exchange Servers ..........................................................................................................................16
Exchange 2003 Servers..........................................................................................................................16
Lync Server 2010 ..........................................................................................................................................23
Data Protection Manager..............................................................................................................................24
Dynamics AX 2009 ........................................................................................................................................24
BizTalk 2004 Servers .....................................................................................................................................25
How to Add Exclusions in KES 10 for Windows ..............................................................................................26
How to Add Exclusions in KAV 8.0 for Windows Servers EE ...........................................................................28
Information about how to add these exclusions is located at the end of article.
General Exclusions for Microsoft Windows 2008 R2, Windows 2008,

Windows 2003 R2, Windows 2003, Windows 2000, Windows 7, Windows
Vista and Windows XP
Windows Updates or Automatic Updates related files (database)
Exclusion:
%windir%\SoftwareDistribution\Datastore\Datastore.edb
Page 3 of 29
Windows Updates or Automatic Updates related files (logs)

Exclusion:
%windir%\SoftwareDistribution\Datastore\Logs\Res*.log
%windir%\SoftwareDistribution\Datastore\Logs\Res*.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Edb.chk
%windir%\SoftwareDistribution\Datastore\Logs\Tmp.edb
Windows Security files
Scanning of these files may prevent security policy from being applied.
Exclusion:
%windir%\Security\Database\*.edb
%windir%\Security\Database\*.sdb
%windir%\Security\Database\*.log
%windir%\Security\Database\*.chk
%windir%\Security\Database\*.jrs
Group Policy related files.
Exclusion:
%allusersprofile%\NTUser.pol
%Systemroot%\System32\GroupPolicy\Registry.pol
Print Spooler
Service which manages print queues and controls printing jobs
Exclusion:
spoolsv.exe
Paging file
An important part of virtual memory implementation
Exclusion:
pagefile.sys
MSMQ
A messaging protocol that allows applications running on separate servers to communicate in a failsafe
manner
Exclusion:
%SystemRoot%\system32\MSMQ\
%SystemRoot%\system32\MSMQ\storage
Please use this link for more detailed information.
Page 4 of 29
Domain Controllers on Microsoft Windows 2008 R2, Windows 2008,

Windows 2003 R2, Windows 2003, Windows 2000
Active Directory related files (NTDS database).
Exclusion:
%windir%\Ntds\Ntds.dit
%windir%\Ntds\Ntds.pat
Non default path could be found here:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\DSA Database File
Active Directory related files (transaction logs).
Exclusion:
%windir%\Ntds\EDB*.log
%windir%\Ntds\Res*.log
%windir%\Ntds\Res*.jrs
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\DSA Working
Directory
Active Directory related files (NTDS working directory).
Exclusion:
%windir%\Ntds\Temp.edb
%windir%\Ntds\Edb.chk
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\DSA Working
Directory
Sysvol files (FRS working directory)
System volume is a shared folder that stores public files (elements of Group Policy, scripts, etc) distributed to
other domain controllers via File Replication service.
Exclusion:
%windir%\Ntfrs\edb.chk
%windir%\Ntfrs\Ntfrs.jdb
%windir%\Ntfrs\*.log
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Working Directory
Sysvol files (FRS database logs)
Located in %windir%\Ntfrs.
Exclusion:
Eedb*.log (if the registry key is not set)
FRS Working Dir\Jet\Log\Edb*.jrs (Windows 2008 and Windows 2008 R2)
Page 5 of 29

HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\Ntfrs\Parameters\DB Log File Directory
Sysvol files (staging files).
Exclusion:
%systemroot%\Sysvol\Staging areas\Nntfrs_cmp*.*
HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\NtFrs\Parameters\Replica
Sets\GUID\Replica\Set Stage
Sysvol subfolder.
Default location is %systemroot%\Sysvol\Sysvol.
Exclude the following files from this folder and all its subfolders:
*.adm
*admx
*.adml
Registry.pol
*.aas
*.inf
Fdeploy.inf
Scripts.ini
*.ins
Oscfilter.ini
Sysvol files (FRS preinstall directory).
Exclusion:
%windir%\sysvol\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory
DFS files (database, logs and working folders)
Distributed File System technology offers WAN friendly replication and simplified fault-tolerant access to
geographically dispersed files.
Default location is %systemdrive%\System Volume Information\DFSR.
$db_normal$
FileIDTable_2
SimilarityTable_2
*.xml
$db_dirty$
Dfsr.db
Fsr.chk
*.log
Fsr*.jrs
Tmp.edb
Page 6 of 29
Also, exclude the following replicated folder:

%systemdrive%\<replicated folder>\dfsrprivate\staging\*.frx
HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\DFSR\Parameters\Replication
Groups\GUID\Replica Set Configuration File=Path >
Please use this link & this link for more detailed information.
DHCP Servers
By default DHCP related files are located in %systemroot%\System32\DHCP.
*.mdb
*.pat
*.log
*.chk
*.edb
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCPServer\Parameters
DNS Servers
By default DNS related files are located in %systemroot%\System32\Dns.
*.log
*.dns
BOOT
WINS Servers
By default WINS related files are located in %systemroot%\System32\Wins.
*.chk
*.log
*.mdb
IIS Servers 6.0/7.0

Exclude:
%systemroot%\IIS Temporary Compressed Files (IIS 6.0)
%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files (IIS 7.0)
%systemroot%\system32\inetsrv
Page 7 of 29
WSUS Servers
Exclude:
Wsusscan.cab
Wsusscn2.cab
\WSUS\WSUSContent
\WSUS\UpdateServicesDBFiles
\SoftwareDistribution\Datastore
\SoftwareDistribution\Download
Please use this link and link for more detailed information.
Server Clusters
Exclude:
Q:\ (Quorum drive) - The path of the \mscs folder on the quorum hard disk. For example, exclude
the Q:\mscs folder from virus scanning.
C:\Windows\Cluster - The %Systemroot%\Cluster folder.
The temp folder for the Cluster Service account. For example, exclude the
\clusterserviceaccount\Local Settings\Temp folder from virus scanning.
SQL Servers
Common Exclusions
Exclude data files:
*.mdf
*.ndf
Exclude logs:
*.ldf
Exclude backup files:
*.bak
*.trn
Exclude SQL Audit Files
*.sqlaudit
Exclude SQL Trace Files
*.trc
Exclude full-text catalog files:
FTData folders
Page 8 of 29
Default instance: Program Files\Microsoft SQL Server\MSSQL\FTDATA

Named instance: Program Files\Microsoft SQL Server\MSSQL$instancename\FTDATA
Exclude Analysis Services data:

%ProgramFiles%\Microsoft SQL Server\MSSQL.X\OLAP\data
Exclude Analysis Services backup files:
%ProgramFiles%\Microsoft SQL Server\MSSQL.X\OLAP\Backup
Exclude Analysis Services logs:
%ProgramFiles%\Microsoft SQL Server\MSSQL.X\OLAP\Log
SQL Server 2005
%ProgramFiles%\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLServr.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL.3\Reporting
Services\ReportServer\Bin\ReportingServicesService.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL.2\OLAP\Bin\MSMDSrv.exe
SQL Server 2008
%ProgramFiles%\Microsoft SQL Server\MSSQL10.<Instance Name>\MSSQL\Binn\SQLServr.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL10.<Instance Name>\Reporting
%ProgramFiles%\Microsoft SQL Server\MSSQL10.<Instance Name>\OLAP\Bin\MSMDSrv.exe
SQL Server 2008 R2
%ProgramFiles%\Microsoft SQL Server\MSSQL10_50.<Instance Name>\MSSQL\Binn\SQLServr.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL10_50.<Instance Name>\Reporting
%ProgramFiles%\Microsoft SQL Server\MSSQL10_50.<Instance Name>\OLAP\Bin\MSMDSrv.exe
SQL Server 2012
%ProgramFiles%\Microsoft SQL Server\MSSQL11.<Instance Name>\MSSQL\Binn\SQLServr.exe
%ProgramFiles%\Microsoft SQL Server\MSRS11.<Instance Name>\Reporting
%ProgramFiles%\Microsoft SQL Server\MSAS11.<Instance Name>\OLAP\Bin\MSMDSrv.exe
ISA and Forefront Servers

This section contains information about:
Internet Security and Acceleration (ISA) Server 2000/2004/2006 Standard/Enterprise Editions.
Intelligent Application Gateway (IAG) 2007.
Forefront Threat Management Gateway (TMG) Medium Business Edition.
Forefront Threat Management Gateway (TMG) 2010.
Forefront Unified Access Gateway (UAG) 2010.
General exclusions:
Applications working directory
Page 9 of 29
Logs
Configuration storage
Cache storage
Applications processes
General folders and files mentioned in sections above
ISA/Forefront-aware antivirus program folders.
ISA 2000
Exclude:
%ProgramFiles%\Microsoft ISA Server
%ProgramFiles%\Microsoft ISA Server\ISALogs
ISA Server Web cache
%ProgramFiles%\Microsoft ISA Server\dailysum.exe
%ProgramFiles%\Microsoft ISA Server\repgen.exe
%ProgramFiles%\Microsoft ISA Server\mspadmin.exe
%ProgramFiles%\Microsoft ISA Server\w3prefch.exe
%ProgramFiles%\Microsoft ISA Server\wspsrv.exe
ISA 2004/2006 SE/EE
Exclude:
%ProgramFiles%\Microsoft SQL Server
ISA Server Web cache
%ProgramFiles%\Microsoft ISA Server\dailysum.exe
%ProgramFiles%\Microsoft ISA Server\isastg.exe
%ProgramFiles%\Microsoft ISA Server\mspadmin.exe
%ProgramFiles%\Microsoft ISA Server\w3prefch.exe
%ProgramFiles%\Microsoft ISA Server\wspsrv.exe
%ProgramFiles%\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL$MSFW\sqlservr.exe
%WinDir%\System32\dsamain.exe (Enterprise version only)
IAG 2007
Exclude:
The same files which were excluded for IIS.
The same files which were excluded for ISA 2006.
c:\whale-com\e-gap\
%WinDir%\System32\inetsrv\inetinfo.exe
%WinDir%\System32\inetsrv\w3wp.exe
%SystemDrive%\Whale-Com\e-Gap\common\bin\MonitorMgrCom.exe
%SystemDrive%\Whale-Com\e-Gap\common\bin\SessionMgrCom.exe
%SystemDrive%\Whale-Com\e-Gap\von\FileAccess\ShareAccess.exe
%SystemDrive%\Whale-Com\e-Gap\common\bin\UserMgrCom.exe
%SystemDrive%\Whale-Com\e-Gap\common\bin\whlerrsrvd.exe
%SystemDrive%\Whale-Com\e-Gap\common\bin\whlios.exe
Page 10 of 29
TMG MBE
Exclude:
%ProgramFiles(x86)%\Microsoft SQL Server
%SystemRoot%\Temp\ScanStorage
%ProgramFiles(x86)%\Microsoft ISA Server\Logs
TMG Web cache
%SystemDrive%\InetPub
%ProgramFiles(x86)%\Microsoft ISA Server\dailysum.exe
%ProgramFiles(x86)%\Microsoft ISA Server\isarepgen.exe
%ProgramFiles(x86)%\Microsoft ISA Server\isadlviewer.exe
%ProgramFiles(x86)%\Microsoft ISA Server\isastg.exe
%ProgramFiles(x86)%\Microsoft ISA Server\mspadmin.exe
%ProgramFiles(x86)%\Microsoft ISA Server\wspsrv.exe
%ProgramFiles(x86)%\Microsoft ISA Server\w3prefch.exe
%ProgramFiles(x86)%\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
%ProgramFiles(x86)%\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
%ProgramFiles(x86)%\Microsoft SQL Server\90\Shared\sqlwriter.exe
%WinDir%\System32\dsamain.exe
%WinDir%\System32\inetsrv\inetinfo.exe
%WinDir%\System32\inetsrv\w3wp.exe
TMG 2010.
Exclude:
%ProgramFiles%\Microsoft Forefront Threat Management Gateway
%ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS
%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSFW
%SystemRoot%\Temp\ScanStorage
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\Logs\Web cache
TMG Web cache
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\dailysum.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\isarepgen.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\isadlviewer.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\IsaManagedCtrl.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\isastg.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\mspadmin.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\wspsrv.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\w3prefch.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS\MSSQL\Binn\sqlservr.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS\MSSQL\Binn\ReportingServicesService.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSFW\MSSQL\Binn\sqlservr.exe
%WinDir%\System32\dsamain.exe
UAG 2010.
Exclude:
The same files which were excluded for IIS.
The same files which were excluded for TMG 2010.
Page 11 of 29
%ProgramFiles%\Microsoft Forefront Unified Access Gateway.

%ProgramFiles%\Microsoft Forefront Unified Access Gateway\DnsAlgSrv.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\MonitorMgrCom.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\SessionMgrCom.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\ShareAccess.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\uagqessvc.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\uagrdpsvc.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\UserMgrCom.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\WatchDogSrv.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\whlerrsrv.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\whlios.exe
System Center Products and Their Predecessors

This section contains information about:
Systems Management Server (SMS) 2003 and Configuration Manager (SCCM) 2007.
System Center Data Protection Manager (SCDPM) 2007.
System Center Operations Manager (SCOM) 2007 and Operations Manager (MOM) 2005.
SMS 2003.
Exclude:
SMS\Inboxes directory on Microsoft Systems Management Server site servers.
SMS_CCM\ServiceData directory on Microsoft SMS Management Points.
SCCM 2012
Exclude:
C:\Windows\TEMP\BootImages\{GUID}
\Windows\TEMP\BootImages\*
\ConfigMgr_OfflineImageServicing
%allusersprofile%\NTUser.pol
%systemroot%\system32\GroupPolicy\registry.pol
%windir%\Security\database\*.chk
%windir%\Security\database\*.edb
%windir%\Security\database\*.jrs
%windir%\Security\database\*.log
%windir%\Security\database\*.sdb
%windir%\SoftwareDistribution\Datastore\Datastore.edb
%windir%\SoftwareDistribution\Datastore\Logs\edb.chk
%windir%\SoftwareDistribution\Datastore\Logs\edb*.log
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00001.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00002.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Res1.log
%windir%\SoftwareDistribution\Datastore\Logs\Res2.log
%windir%\SoftwareDistribution\Datastore\Logs\tmp.edb
Page 12 of 29
%programfiles%\Microsoft Configuration Manager\Inboxes\*.*

%programfiles(x86)%\Microsoft Configuration Manager\Inboxes\*.*

SCCM 2007.
Exclude:
%ProgramFiles%\Microsoft Configuration Manager\Inboxes
SCDPM 2007.
Exclude:
%ProgramFiles%\Microsoft Data Protection Manager\DPM\XSD
%ProgramFiles%\Microsoft Data Protection Manager\DPM\Temp\MTA
%ProgramFiles%\Microsoft Data Protection Manager\DPM\bin\dpmra.exe
%WinDir%\Microsoft.net\Framework\v2.0.50727\csc.exe
SCOM 2007/2012 and MOM 2005.
Exclude:
Momhost.exe (MOM 2005)
Monitoringhost.exe (SCOM 2007 & SCOM 2012)
%allusersprofile%\Application Data\Microsoft\Microsoft Operations Manager\ (MOM 2005)
%ProgramFiles%\System Center Operations Manager 2007\Health Service State\Health Service Store
(SCOM 2007)
%ProgramFiles%\System Center 2012\Operations Manager\<Component>\Health Service
State\Health Service Store (SCOM 2012)
%Program Files%\Microsoft SQL Server\MSSQL.1\MSSQL\Data
%ProgramFiles%\Microsoft SQL Server\MSSQL.1\MSSQL\Log
Extensions: WKF, PQF, PQF0, PQF1, EDB, CHK, LOG, MDF, LDF
SharePoint Servers & Services

SharePoint Service 3.0.
Exclude:
%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\Logs
%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\Data\Applications (if
the computer is running the Windows SharePoint Services Search service)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files
%WinDir%\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files (on 64bit systems)
%allusersprofile%\Application Data\Microsoft\SharePoint\Config
%WinDir%\Temp\WebTempDir
%SystemDrive%\Documents and Settings\service_account\Local Settings\Temp\
Page 13 of 29

SharePoint Portal Server 2001/2003.
Exclude:
%ProgramFiles%\SharePoint Portal Server
%ProgramFiles%\Common Files\Microsoft Shared\Web Storage System
%WinDir%\Temp\Frontpagetempdir (If use are using SPS 2003 SP1)
SharePoint Server 2007.
Exclude:
%ProgramFiles%\Microsoft Office Servers\12.0\Data
%ProgramFiles%\Microsoft Office Servers\12.0\Logs
%ProgramFiles%\Microsoft Office Servers\12.0\Bin
SharePoint Foundation 2010
Exclude:
Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Logs
Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Data\Applications
Drive:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files
Drive: \Users\ServiceAccount\AppData\Local\Temp\WebTempDir
Drive:\ProgramData\Microsoft\SharePoint
Drive:\Users\account that the search service is running as\AppData\Local\Temp
Drive:\WINDOWS\system32\LogFiles
Drive:\Windows\Syswow64\LogFiles
Drive:\Users\ServiceAccount\AppData\Local\Temp
Drive:\Users\Default\AppData\Local\Temp
SharePoint Server 2010
Exclude:
Drive:\Program Files\Microsoft Office Servers\14.0\Data (This folder is used for the indexing process.
If the Index files are configured to be located in a different folder, you also have to exclude that
location.)
Drive:\Program Files\Microsoft Office Servers\14.0\Logs
Drive:\Program Files\Microsoft Office Servers\14.0\Bin
Drive:\Program Files\Microsoft Office Servers\14.0\Synchronization Service
Any location in which you decided to store the disk-based binary large object (BLOB) cache (for
example, C:\Blobcache)
Page 14 of 29
SharePoint Foundation 2013

Exclude:
Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\Logs
Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\Data\Applications
Drive:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files
Drive: \Users\ServiceAccount\AppData\Local\Temp\WebTempDir
Drive:\ProgramData\Microsoft\SharePoint
Drive:\Users\account that the search service is running as\AppData\Local\Temp
Drive:\WINDOWS\System32\LogFiles
Drive:\Windows\Syswow64\LogFiles
Drive:\Users\ServiceAccount\AppData\Local\Temp
Drive:\Users\Default\AppData\Local\Temp
SharePoint Server 2013
Exclude:
Drive:\Program Files\Microsoft Office Servers\15.0\Data (This folder is used for the indexing process.
If the index files are configured to be located in a different folder, you also have to exclude that
location.)
Drive:\Program Files\Microsoft Office Servers\15.0\Logs
Drive:\Program Files\Microsoft Office Servers\15.0\Bin
Drive:\Program Files\Microsoft Office Servers\15.0\Synchronization Service
Any location in which you decided to store the disk-based binary large object (BLOB) cache (for
example, C:\Blobcache).
Virtualization Solutions
Hyper-V Servers
Exclude:
Vmms.exe
Vmwp.exe
C:\ProgramData\Microsoft\Windows\Hyper-V
C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks
%systemdrive%\ProgramData\Microsoft\Windows\Hyper-V\Snapshots
MED-V
Exclude:
*.VHD - These represent the Virtual Hard Disk Image files. These will appear on test workstations
when test images are being used to finalize workspace policies.
*.VUD - These represent Virtual PC Undo Disk Files. These will appear on test workstations when test
images are being used to finalize workspace policies.
Page 15 of 29
*.VSV - These represent Virtual PC Saved State files. These will be on all MED-V clients running
Workspaces.
*.CKM - This is the packed image format used by MED-V (Kidaro Compressed Machine.) These will
be present on MED-V Servers, Image Distribution Servers, locally packed images on MED-V
Administration workstations, and as pre-staged images on clients.
*.VMC - These represent the Base Virtual Machine Settings File. Will be found on all MED-V Clients
and Test Workstations.
*.INDEX - These are index files used by the TrimTransfer Feature. These will be found on both clients
and servers.
*.EVHD - These are the encrypted virtual hard disk files used on MED-V Clients running workspaces.

App-V
Windows Vista, Windows Server 2008 or later
%USERPROFILE%\AppData\Local\SoftGrid Client
%USERPROFILE%\AppData\Roaming\SoftGrid Client
%PROGRAMDATA%\Microsoft\Application Virtualization Client\SoftGrid Client
Windows XP or Windows Server 2003
%USERPROFILE%\Application Data\SoftGrid Client
%ALLUSERSPROFILE%\Application Data\Microsoft\Application Virtualization Client\
%ALLUSERSPROFILE%\Documents\SoftGrid Client
Microsoft SBS 2003
%PROGRAMFILES%\Exchsrvr\Mailroot\vsi 1\PickUp
%PROGRAMFILES%\Exchsrvr\Mailroot\
%PROGRAMFILES%\Microsoft Windows Small Business Server\\Networking\POP3\Failed Mail
Microsoft Exchange Servers
Exchange 2003 Servers

Exclude:
Databases and log files across all storage groups are located in Exchsrvr\Mdbdata.
MTA files are located in Exchsrvr\Mtadata.
Additional log files such as Exchsrvr\server_name.log directory.
Exchsrvr\Mailroot virtual server folder.Working folder used to store streaming .tmp files that are
used for message conversion is located in
Exchsrvr\Mdbdata.
Temporary folder used in conjunction with offline maintenance utilities such as Eseutil.exe is located
in folder where the .exe file is run from.
Site Replication Service files are located in Exchsrvr\Srsdata.
IIS system files are located in %SystemRoot%\System32\Inetsrv.
Page 16 of 29
IIS 6.0 compression folder used with Outlook Web Access 2003 is located in %systemroot%\IIS
Temporary
Compressed Files.
Quorum disk and %Winnt%\Cluster (for clusters).
Exchsrvr\Conndata.
Exchange-aware antivirus program folders.
Cdb.exe
Cidaemon.exe
Store.exe
Emsmta.exe
Mad.exe
Mssearch.exe
Inetinfo.exe
W3wp.exe

Mailbox server role including clustered mailbox server
Exclude:
Databases, checkpoint files, log files and database content indexes located in subfolders under
%Program Files%\Microsoft\Exchange Server\Mailbox.
General log files like message tracking log files are located in subfolders under %Program
Files%\Microsoft\Exchange Server\TransportRoles\Logs and %Program Files%\Microsoft\Exchange
Server\Logging.
Offline Address Book files are located in subfolders under %Program Files%\Microsoft\Exchange
Server\ExchangeOAB.
IIS system files located in %SystemRoot%\System32\Inetsrv.
in the folder where the .exe file is run from.
Temporary folders used for conversions are located in servers TMP folder, %Program
Files%\Microsoft\Exchange Server\Working\OleConvertor and %Program
Files%\Microsoft\Exchange Server\Mailbox\MDBTEMP.
The quorum disk and the %Winnt%\Cluster.
Hub Transport server role
Exclude:
General log files are located in subfolders under %Program Files%\Microsoft\Exchange
Server\TransportRoles\Logs.
Message folders are located in subfolders under %Program Files%\Microsoft\Exchange
Server\TransportRoles.
Queue database, checkpoint and log files are located in %Program Files%\Microsoft\Exchange
Server\TransportRoles\Data\Queue.
Sender Reputation database, checkpoint and log files are located in %Program
Files%\Microsoft\Exchange Server\TransportRoles\Data\SenderReputation.
Page 17 of 29
IP filter database, checkpoint and log files are located in %Program Files%\Microsoft\Exchange
Server\TransportRoles\Data\IpFilter.
Temporary folders used for conversions are located in servers TMP folder and %Program
Files%\Microsoft\Exchange Server\Working\OleConvertor.
Edge Transport server role.

Exclude:
Active Directory Application Mode (ADAM) database and log files are located in %Program
Files%\Microsoft\Exchange Server\TransportRoles\Data\Adam.
General log files are located in subfolders under %Program Files%\Microsoft\Exchange
Server\TransportRoles\Log
Message folders are located in %Program Files%\Microsoft\Exchange Server\TransportRoles.
Queue database, checkpoint and log files are located in %Program Files%\Microsoft\Exchange
Server\TransportRoles\Data\Queue.
Sender Reputation database, checkpoint and log files are located in %Program
Files%\Microsoft\Exchange Server\TransportRoles\Data\SenderReputation.
IP filter database, checkpoint and log files are located in %Program Files%\Microsoft\Exchange
Server\TransportRoles\Data\IpFilter.
Temporary folders used for conversions are located in servers TMP folder and %Program
Files%\Microsoft\Exchange Server\Working\OleConvertor.Exchange-aware antivirus program
folders.
Client Access server role
Exclude:
Internet Information Services (IIS) 6.0 compression folder used with Microsoft Outlook Web Access is
located in %systemroot%\IIS Temporary Compressed Files.
Internet-related files are located in subfolders under %Program Files%\Microsoft\Exchange
Server\ClientAccess.
Temporary folder used for conversions is located in servers TMP folder.
Unified Messaging server role
Exclude:
Grammar files are located in subfolders under %Program Files%\Microsoft\Exchange
Server\UnifiedMessaging\grammars.
Voice prompts located in subfolders under %Program Files%\Microsoft\Exchange
Server\UnifiedMessaging\Prompts.
Voicemail files are located in %Program Files%\Microsoft\Exchange
Server\UnifiedMessaging\voicemail.
Bad voicemail files are located in %Program Files%\Microsoft\Exchange
Server\UnifiedMessaging\badvoicemail.
Cdb.exe
Cidaemon.exe
Cluster.exe
Dsamain.exe
Edgecredentialsvc.exe
Page 18 of 29
Edgetransport.exe
Galgrammargenerator.exe
Inetinfo.exe
Mad.exe
Microsoft.Exchange.Antispamupdatesvc.exe
Microsoft.Exchange.Contentfilter.Wrapper.exe
Microsoft.Exchange.Cluster.Replayservice.exe
Microsoft.Exchange.Edgesyncsvc.exe
Microsoft.Exchange.Imap4.exe
Microsoft.Exchange.Imap4service.exe
Microsoft.Exchange.Infoworker.Assistants.exe
Microsoft.Exchange.Monitoring.exe
Microsoft.Exchange.Pop3.exe
Microsoft.Exchange.Pop3service.exe
Microsoft.Exchange.Search.Exsearch.exe
Microsoft.Exchange.Servicehost.exe
Msexchangeadtopologyservice.exe
Msexchangefds.exe
Msexchangemailboxassistants.exeMsexchangemailsubmission.exe
Msexchangetransport.exe
Msexchangetransportlogsearch.exe
Msftefd.exe
Msftesql.exe
Oleconverter.exe
Powershell.exe
Sesworker.exe
Speechservice.exe
Store.exe
Transcodingservice.exe
Umservice.exe
Umworkerprocess.exe
W3wp.exe
Extension exclusions
In addition to excluding specific directories and processes, you should exclude the following Exchange specific
file name extensions in case directory exclusions fail or files are moved from their default locations.
Application-related extensions:
.config
.dia
.wsb
Database-related extensions:
.chk
.log
.edb
.jrs
Page 19 of 29
.que
Offline address book-related extensions:

.lzx
Content Index-related extensions:
.ci
.dir
.wid
.000
.001
.002
Unified Messaging-related extensions:
.cfg
.grxml
GroupMetrics:
.dsc
.bin
.xml
Mailbox server role including clustered mailbox server
Exclude:
Databases, checkpoint files, log files and database content indexes located in subfolders under
%ExchangeInstallPath%\Mailbox.
Group Metrics files are located in %ExchangeInstallPath%\GroupMetrics.
General log files like message tracking log files are located in subfolders under
%ExchangeInstallPath%\TransportRoles\Logs and %ExchangeInstallPath%\Logging.
Offline Address Book files are located in subfolders under %ExchangeInstallPath%\ExchangeOAB.
IIS system files located in %SystemRoot%\System32\Inetsrv.
in the folder where the .exe file is run from.
Mailbox database temporary folder is located in %ExchangeInstallPath%\Mailbox\MDBTEMP.
The quorum disk and the %Winnt%\Cluster.
Hub Transport server role
Exclude:
General log files are located in subfolders under %ExchangeInstallPath%\TransportRoles\Logs.
Pickup and Replay message directory folders are located in %ExchangeInstallPath%\TransportRoles.
Queue database, checkpoint and log files are located in
%ExchangeInstallPath%\TransportRoles\Data\Queue.
Page 20 of 29
Sender Reputation database, checkpoint and log files are located in

%ExchangeInstallPath%\TransportRoles\Data\SenderReputation.
IP filter database, checkpoint and log files are located in
%ExchangeInstallPath%\TransportRoles\Data\IpFilter.
Temporary folders used for conversions are located in servers TMP folder and
%ExchangeInstallPath%\Working\OleConvertor.
Edge Transport server role

Exclude:
Active Directory Application Mode (ADAM) database and log files are located in
%ExchangeInstallPath%\TransportRoles\Data\Adam.
General log files are located in subfolders under %ExchangeInstallPath%\TransportRoles\Logs.Pickup
and Replay message folders are located in %ExchangeInstallPath%\TransportRoles.
Queue database, checkpoint and log files are located in
%ExchangeInstallPath%\TransportRoles\Data\Queue.
Sender Reputation database, checkpoint and log files are located in
%ExchangeInstallPath%\TransportRoles\Data\SenderReputation.
IP filter database, checkpoint and log files are located in
%ExchangeInstallPath%\TransportRoles\Data\IpFilter.
Temporary folders used for conversions are located in servers TMP folder and
Client Access server role
Exclude:
Internet Information Services (IIS) 7.0 compression folder used with Microsoft Outlook Web App is
located in %SystemDrive%\inetpub\temp\IIS Temporary Compressed Files.
Internet Information Services (IIS) 7.0 compression folder used with Microsoft Outlook Web App is
located in %systemroot%\IIS Temporary Compressed Files.
Inetpub\logs\logfiles\w3svc.
Internet-related files are located in subfolders under %ExchangeInstallPath%\ClientAccess.
For servers that have protocol logging enabled for POP3 or IMAP4:
%ExchangeInstallPath%\Logging\POP3 and %ExchangeInstallPath%\Logging\IMAP4.
Temporary folder used for conversions is located in servers TMP folder and
Unified Messaging server role
Exclude:
Grammar files are located in subfolders under %ExchangeInstallPath%\UnifiedMessaging\grammars.
Voice prompts, greetings and informational message files are located in subfolders under
%ExchangeInstallPath%\UnifiedMessaging\Prompts.
Voicemail files are located in %ExchangeInstallPath%\UnifiedMessaging\voicemail.
Temporary files generated by Unified Messaging are located in
%ExchangeInstallPath%\UnifiedMessaging\temp.
Cdb.exe
Page 21 of 29
Cidaemon.exe
Cluster.exeDsamain.exe
EdgeCredentialSvc.exe
EdgeTransport.exe
ExFBA.exe
GalGrammarGenerator.exe
Inetinfo.exe
Mad.exe
Microsoft.Exchange.AddressBook.Service.exe
Microsoft.Exchange.AntispamUpdateSvc.exe
Microsoft.Exchange.ContentFilter.Wrapper.exe
Microsoft.Exchange.EdgeSyncSvc.exe
Microsoft.Exchange.Imap4.exe
Microsoft.Exchange.Imap4service.exe
Microsoft.Exchange.Infoworker.Assistants.exe
Microsoft.Exchange.Monitoring.exe
Microsoft.Exchange.Pop3.exe
Microsoft.Exchange.Pop3service.exe
Microsoft.Exchange.ProtectedServiceHost.exe
Microsoft.Exchange.RPCClientAccess.Service.exe
Microsoft.Exchange.Search.Exsearch.exe
Microsoft.Exchange.Servicehost.exe
MSExchangeASTopologyService.exe
MSExchangeFDS.exe
MSExchangeMailboxAssistants.exe
MSExchangeMailboxReplication.exe
MSExchangeMailSubmission.exe
MSExchangeRepl.exe
MSExchangeTransport.exe
MSExchangeTransportLogSearch.exe
MSExchangeThrottling.exe
Msftefd.exe
Msftesql.exe
OleConverter.exe
Powershell.exe
SESWorker.exe
SpeechService.exe
Store.exe
TranscodingService.exe
UmService.exe
UmWorkerProcess.exe
W3wp.exe
Extension exclusions
In addition to excluding specific directories and processes, you should exclude the following Exchange specific
file name extensions in case directory exclusions fail or files are moved from their default locations.
Page 22 of 29
Application-related extensions:
.config
.dia
.wsb
Database-related extensions:
.chk.log
.edb
.jrs
.que
Offline address book-related extensions:
.lzx
Content Index-related extensions:
.ci
.dir
.wid
.000
.001
.002
Unified Messaging-related extensions:
.cfg
.grxml
GroupMetrics:
.dsc
.bin
.xml
Lync Server 2010

Processes:
ASMCUSvc.exe
AVMCUSvc.exe
DataMCUSvc.exe
DataProxy.exe
FileTransferAgent.exe
IMMCUSvc.exe
MasterReplicatorAgent.exe
MediaRelaySvc.exe
MediationServerSvc.exe
MeetingMCUSvc.exe
Page 23 of 29
MRASSvc.exe
OcsAppServerHost.exe
QmsSvc.exe
ReplicaReplicatorAgent.exe
RTCArch.exe
RtcCdr.exe
RTCSrv.exe
IIS processes:
%systemroot%\system32\inetsrv\w3wp.exe
%systemroot%\SysWOW64\inetsrv\w3wp.exe
SQL Server processes:
%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLServr.exe
%ProgramFiles%\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting
%ProgramFiles%\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\Bin\MSMDSrv.exe
Directories and files:
%systemroot%\System32\LogFiles
%systemroot%\SysWow64\LogFiles
%systemroot%\Windows\Assembly\GAC_MSIL
%programfiles%\Microsoft Lync Server 2010
%programfiles%\commonfiles\Microsoft Lync Server 2010
%SystemDrive%\RtcReplicaRoot
File share store (specified in Topology Builder). File stores are specified in Topology Builder.
SQL Server data and log files, including those for the back-end database, user store, archiving store,
monitoring store, and application store. Database and log files can be specified in Topology Builder.
Data Protection Manager
\XSD
\Temp\MTA
Dpmra.exe
Csc.exe
Dynamics AX 2009
For versions up to AX 2009 exclude:
All the AOD, AOI, ADD, ADI, KHD & KHI files, or
alternatively, the whole application folder
Page 24 of 29
BizTalk 2004 Servers
Exclude any file receive queue folders.

EntSSO.exe, MSDTC.exe, BTSNTSvc.exe, BTSNTSvc64.exe, SQLServr.exe, but also others as IIS, Customer WCF
services, MSMQ, Rule Engine, SQL Agent, SSIS, SSNS and other applications used in integration scenarios.
Page 25 of 29
How to Add Exclusions in KES 10 for Windows

The first way to create a default exclusion which includes many of the default Windows Workstation / Server
lists list is during policy creation.
During creation, the two checkboxes to create default rules will need to be checked.
Page 26 of 29
Examples of auto-generated rules:
Alternatively, specific exclusions can be created after the policy has been created in the General Protection
Settings area of the policy.
Page 27 of 29
How to Add Exclusions in KAV 8.0 for Windows Servers EE

Please note that many of the exclusions mentioned above are prepopulated due to this product being
specifically targeted at Server environment. Review these default exclusions will be necessary if there has
been customization in your environment, specifically looking for non-default installation paths and updating
as needed will ensure proper exclusion. The exclusion rules can be found in the Advanced area of the policy
under Trusted Zone -> Settings.
Page 28 of 29
Page 29 of 29

Kaspersky Lab Scan Exclusions for Microsoft Products

Diunggah oleh

Informasi Dokumen

Deskripsi Asli:

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Kaspersky Lab Scan Exclusions for Microsoft Products

Diunggah oleh

Hak Cipta:

Format Tersedia

Kaspersky Lab Scan Exclusions by Application

Kaspersky Endpoint Security 10 for Windows

Active Directory related files (NTDS working directory). ..........................................................................5

SharePoint Servers & Services.......................................................................................................................13

General Exclusions for Microsoft Windows 2008 R2, Windows 2008,

Windows Updates or Automatic Updates related files (logs)

Domain Controllers on Microsoft Windows 2008 R2, Windows 2008,

Non default path could be found here:

Also, exclude the following replicated folder:

IIS Servers 6.0/7.0

Please use this link for more detailed information.

Default instance: Program Files\Microsoft SQL Server\MSSQL\FTDATA

Exclude Analysis Services data:

ISA and Forefront Servers

%ProgramFiles%\Microsoft Forefront Unified Access Gateway.

Please use this link for more detailed information.

System Center Products and Their Predecessors

%programfiles%\Microsoft Configuration Manager\Inboxes\*.*

Please use this link for more detailed information.

SharePoint Servers & Services

Please use this link for more detailed information.

SharePoint Foundation 2013

Please use this link for more detailed information.

Please use this link for more detailed information.

Microsoft SBS 2003

Please use this link for more detailed information.

Microsoft Exchange Servers

Exchange 2003 Servers

Please use this link for more detailed information.

Edge Transport server role.

Offline address book-related extensions:

Sender Reputation database, checkpoint and log files are located in

Edge Transport server role

Lync Server 2010

Data Protection Manager

Please use this link for more detailed information.

Please use this link for more detailed information.

BizTalk 2004 Servers

Exclude any file receive queue folders.

Please use this link for more detailed information.

How to Add Exclusions in KES 10 for Windows

Examples of auto-generated rules:

How to Add Exclusions in KAV 8.0 for Windows Servers EE

Anda mungkin juga menyukai

%programfiles%\Microsoft Configuration Manager\Inboxes\.