Exclusiones de Antivirus para la plataforma Windows – August 13 2007

Hola… Tiempaso sin actualizar mi blog.

pero con justas razones ya que estuve bien ocupadito este semestre… por ejemplo estuve en Teched 2007, la convencion mas grande de Microsoft anual, estuve de vacaciones en Los Angeles CA, cambie de rol en mi empresa, ahora soy Technical Account Manager & IT Coordinator 🙂 y pues haciendo laboratorio de cuanta cosa, inclusive incursionando en software libre como Asterisk. esto para ponerlo a funcionar con LiveComm y Exchange.

poco a poco ire colocando nuevas cosas. por ahora comencemos con estas recomendaciones que me he encontrado en un blog acerca de las exclusiones de antivirus para plataforma Windows. Debo agradecer al personaje que hizo este resumen, pues esta muy bueno.

estas son:

Consider the following file scanning exceptions for your Anti-Virus software where applicable:
NOTE: The %systemroot% is normally the C:WINDOWS or C:WINNT directory depending on your OS. 

NOTE: the %systemroot% variable will not work as an exclusion for some OSs.  So make sure to spell out full path in your exclusion files (GPO or via AntiVirus Server)
1.) %systemroot%System32Spool (and all the sub-folders and files)
2.) %systemroot%SoftwareDistributionDatastore
Refer to the following article for information:
KB822158 – Virus scanning recommendations for computers that are running Windows Server 2003, Windows 2000, or Windows XP http://support.microsoft.com/kb/822158
3.) Any Network Drives that are mapped.
The following steps are Server Role specific:
==========================================================
1.) If your system is also a Domain Controller (DC) / DNS / DHCP also exclude the following from Anti-Virus Scanning:
a.) %systemroot%Sysvol folder (include all the sub-folders and files)
b.) %systemroot%system32dhcp folder (include all the sub-folders and files)
c.) %systemroot%system32dns folder (include all the sub-folders and files)
d.) %systemroot%ntds
Refer to the following article for information:
KB822158 – Virus scanning recommendations for computers that are running Windows Server 2003, Windows 2000, or Windows XP http://support.microsoft.com/kb/822158
2.) If File Replication (NTFR) service is running on your system, make sure your Anti-Virus software is compatible:
KB815263 – Antivirus, backup, and disk optimization programs that are compatible with the File Replication Service
http://support.microsoft.com/kb/815263
And exclude:
a.) %systemroot%ntfrs folder (include all the sub-folders and files)
b.) Files that have the .log and .dit extension
3.) If you have IIS installed, exclude:
a.) The IIS compression directory (default compression directory is %systemroot%IIS Temporary Compressed Files)
b.) %systemroot%system32inetsrv folder
c.) Files that have the .log extension
Refer to the following knowledge base articles for reference:
KB817442 – IIS 6.0: Antivirus Scanning of IIS Compression Directory May Result in 0-Byte File
http://support.microsoft.com/kb/817442
KB821749 – Antivirus software may cause IIS to stop unexpectedly
http://support.microsoft.com/kb/821749
4.) If you have SQL installed, you may want to exclude the SQL folder and databases files (or database file types) from scanning for performance reasons:
KB309422 – Guidelines for choosing antivirus software to run on the computers that are running SQL Server
http://support.microsoft.com/kb/309422
5.) If you have Exchange installed, perform the relevant file-based scanning exclusions listed in Knowledge Base articles:
KB328841 – Exchange and antivirus software
http://support.microsoft.com/kb/328841
KB823166 – Overview of Exchange Server 2003 and antivirus software
http://support.microsoft.com/kb/823166
KB245822 – Recommendations for troubleshooting an Exchange Server computer with antivirus software installed
http://support.microsoft.com/kb/245822
6.) If you have Cluster services, make sure your Anti-Virus software is compatible:
KB250355 – Antivirus Software May Cause Problems with Cluster Services
http://support.microsoft.com/kb/250355
NOTE: If you have a SQL cluster, make sure that you exclude these locations from virus scanning:
a.) Q: (Quorum drive)
b.) %systemroot%Cluster
c.) SQL Server data files that have the .mdf extension, the .ldf extension, and the .ndf extension
7.) If you have Sharepoint installed, you should exclude:
a.) Drive:Program FilesSharePoint Portal Server
b.) Drive:Program FilesCommon FilesMicrosoft SharedWeb Storage System
c.) Drive:MSDEDatabases (particularly on SBS) (where Drive: is the drive letter where you installed SharePoint Portal Server)
Refer to the following knowledge base articles for reference:
KB320111 – Random Errors May Occur When Antivirus Software Scans Microsoft Web Storage System
http://support.microsoft.com/kb/320111
KB322941 – Microsoft’s Position on Antivirus Solutions for Microsoft SharePoint Portal Server
http://support.microsoft.com/kb/322941
8.) If you have a Systems Management Server (SMS), you should exclude folders:
a.) SMSInboxes
b.) SMS_CCMServiceData
Refer to the following knowledge base articles for reference:
KB327453 – Antivirus programs may contribute to file backlogs in SMS 2.0 and in SMS 2003
http://support.microsoft.com/kb/327453

NOTE: If you exclude the SMSInboxes directory from virus scanning or remove the antivirus software, you may make the site server and all clients vulnerable to potential virus risks. The client base component files reside in the SMSInboxes directory.
9.) If you have a MOM (Microsoft Operations Manager) Server, you consider excluding:
a.) Drive:Documents and SettingsAll UsersApplication DataMicrosoftMicrosoft Operations Manager
b.) Drive:Program FilesMicrosoft Operations Manager 2005 (where Drive: is the drive letter where profiles are located)
10.) If you have an Internet Security and Acceleration Server (ISA) Server, you should exclude:
a.) The ISALogs folder. By default, the ISALogs folder is located in the folder where you installed ISA Server. Typically, this location is Drive:Program FilesMicrosoft ISA Server.
Refer to the following knowledge base articles for reference:
KB887311 – Event ID 5, event ID 14079, and event ID 14176 are logged in the Application log on your Internet Security and Acceleration Server 2000 computer
http://support.microsoft.com/kb/887311
11.) If you have a Windows Software Update Services (WSUS) Server role, you consider excluding:
a.) Drive:MSSQL$WSUS
b.) Drive:WSUS
(where Drive: is the drive letter where you installed Windows Software Update
Services)
Also refer to the following knowledge base articles for reference:
KB900638 – Multiple symptoms occur if an antivirus scan occurs while the Wsusscan.cab file is copied
http://support.microsoft.com/kb/900638
MORE INFORMATION:
KB49500 – List of antivirus software vendors
http://support.microsoft.com/kb/49500
KB129972 – Computer viruses: description, prevention, and recovery
http://support.microsoft.com/kb/129972
Small Business Server (SBS):
========================================
KB885685 – How to troubleshoot the POP3 Connector in Windows Small Business Server 2003
http://support.microsoft.com/kb/885685
SOX050603700001 – How do I exclude a file from AV scanning?
SOX040212700018 – Anti Virus Software and System State Backup
SOX060301700048 – ISA 2004 Firewall Service crashes intermittently with Event ID: 5 Source: Microsoft Firewall
SOX060307700037 – MOM 2005/ File level Anti-virus scanners
SOX061205700029 – MOM Agent Installation fails with -2147023277
KB837932 – Event ID 2108 and Event ID 1084 occur during inbound replication of Active Directory in Windows 2000 Server and in Windows Server 2003
http://support.microsoft.com/kb/837932
Anti-Virus folder exclusions have not been configured (Exchange)
http://www.microsoft.com/technet/prodtechnol/exchange/Analyzer/9fb755f5-5f0b-4817-a584-70c76a62eae2.mspx
Process: Manage Antivirus Software on Domain Controllers
http://www.microsoft.com/technet/solutionaccelerators/cits/mo/winsrvmg/adpog/adpog3.mspx#EHBBG
Keywords:
AV scanning, Scan exceptions, Antivirus scanning, first level scanning exclusions, first level scanning exceptions, Server Roles, Server scanning

Tomado de: http://myitforum.com/cs2/blogs/scassells/archive/2007/05/14/what-anti-virus-scanning-exclusions-should-be-considered-for-system-and-servers.aspx

3 comentarios en “Exclusiones de Antivirus para la plataforma Windows – August 13 2007”

  1. Muy buen articulo!!!!
    Tienes idea de donde puedo sacar exclusiones de AV (para un McAfee) para servidores de Apache, y APP Servers??
    Desde ya muchas gracias!
    Saludos!

Deja un comentario

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *