lundi 14 mars 2011

[TMG] Antivirus exclusions


I often see question about installing an anti-virus or not on Forefront TMG. Of course it's possible and these exclusions are for real-time protection.

Keep in mind that these exclusions must be done before starting the real-time protection, in other case the server may encounter performance issues for example.


Folders to exclude:
  • %windir%\SoftwareDistribution\Datastore
  • %windir%\SoftwareDistribution\Datastore\Logs
  • %ProgramFiles%\Microsoft Forefront Threat Management Gateway
  • %ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS
  • %ProgramFiles%\Microsoft SQL Server\MSSQL10.MSFW
  • %SystemRoot%\Temp\ScanStorage
  • %ProgramFiles%\Microsoft Forefront Threat Management Gateway\Logs
  • Dossier défini en tant que cache Web
Files to exclude:
  • %allusersprofile%\NTUser.pol
  • %Systemroot%\System32\GroupPolicy\Registry.pol
  • %windir%\Security\Database\*.edb
  • %windir%\Security\Database\*.sdb
  • %windir%\Security\Database\*.log
  • %windir%\Security\Database\*.chk
  • %windir%\Security\Database\*.jrs
  • Res*.log
  • Res*.jrs
  • Edb.chk
  • Tmp.edb
    Process to exclude:
    NameLocation
    Active Directory Web Services%WinDir%\ADWS\Microsoft.ActiveDirectory.WebServices.exe
    ISASTGCTRL%WinDir%\System32\dsamain.exe
    Microsoft Forefront TMG Control%ProgramFiles%\Microsoft Forefront Threat Management Gateway\mspadmin.exe
    Microsoft Forefront TMG Firewall%ProgramFiles%\Microsoft Forefront Threat Management Gateway\wspsrv.exe
    Microsoft Forefront TMG Job Scheduler%ProgramFiles%\Microsoft Forefront Threat Management Gateway\w3prefch.exe
    Microsoft Forefront TMG Managed Control%ProgramFiles%\Microsoft Forefront Threat Management Gateway\IsaManagedCtrl.exe
    Microsoft Forefront TMG Storage%ProgramFiles%\Microsoft Forefront Threat Management Gateway\isastg.exe
    SQL Server (ISARS)%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSFW\MSSQL\Binn\sqlservr.exe
    SQL Server (MSFW)%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSFW\MSSQL\Binn\sqlservr.exe
    SQL Server Reporting Services (ISARS)%ProgramFiles%\Microsoft SQL Server\MSRS10.ISARS\Reporting Services\ReportServer\bin\ReportingServicesService.exe
    SQL Server VSS Writer%ProgramFiles%\Microsoft SQL Server\90\Shared\sqlwriter.exe
    TMG Diagnostic Logging Viewer%ProgramFiles%\Microsoft Forefront Threat Management Gateway\isadlviewer.exe
    TMG Report Generator%ProgramFiles%\Microsoft Forefront Threat Management Gateway\isarepgen.exe
    TMG Report Summary Generator%ProgramFiles%\Microsoft Forefront Threat Management Gateway\dailysum.exe

    Folders to exclude if Forefront Protection 2010 for Exchange Server and Exchange Edge are installed:

    • %ExchangeInstallPath%\TransportRoles\Data\Adam
    • %ExchangeInstallPath%\TransportRoles\Logs
    • %ExchangeInstallPath%\TransportRoles
    • %ExchangeInstallPath%\TransportRoles\Data\Queue
    • %ExchangeInstallPath%\TransportRoles\Data\SenderReputation
    • %ExchangeInstallPath%\TransportRoles\Data\IpFilter
    • %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server
    • %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data
    • %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data\Archive
    • %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data\Engines
    • %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data\Quarantine
    Files to exclude if Forefront Protection 2010 for Exchange Server and Exchange Edge are installed:
    *.000*.ci*.dt*.klb*.set
    *.001*.config*.edb*.kli*.v3d
    *.002*.da1*.fdb*.log*.vdb
    *.avc*.dat*.fdm*.lzx*.vdm
    *.bin*.def*.grxml*.lst*.wid
    *.cab*.dia*.ide*.mdb*.wsb
    *.cfg*.dir*.jrs*.ppl*.xml
    *.chk*.dsc*.key*.que

    Process to exclude for Forefront Protection 2010 for Exchange Server :
    NameLocation
    Extract Files Module%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FscDiag.exe
    Forefront Utility Module%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FscUtility.exe
    FSC Exec Module%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FscExec.exe
    FSC Internet Scanner Module%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FscTransportScanner.exe
    FSC Manual Scanner Module%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FscManualScanner.exe
    FSC Realtime/Scheduled Scanner Module%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FscRealtimeScanner.exe
    FSC Starter Module%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FscStarter.exe
    Microsoft Forefront Server Protection Controller%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FSCController.exe
    Microsoft Forefront Server Protection Eventing Service%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FSCEventing.exe
    Microsoft Forefront Server Protection Mail Pickup Service%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FSEMailPickup.exe
    Microsoft Forefront Server Protection Monitor%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FSCMonitor.exe
    Microsoft Forefront Server Protection Registration Service%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FSEIMC.exe
    Microsoft Forefront Server Protection VSS Writer Service%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\fscvsswriter.exe
    Microsoft Forefront Protection Get Engine Files Module%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\GetEngineFiles.exe
    Microsoft Forefront Protection Scan Engine Test Module%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\ScanEngineTest.exe
    Microsoft Forefront Protection Scan Engine Test Module%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\ScanEngineTest64.exe

    Process to exclude for Exchange Edge 2010 :
    NameLocation
    CoreXT base ATL7 service exe test%ExchangeInstallPath%\TransportRoles\agents\Hygiene\
    Microsoft.Exchange.ContentFilter.Wrapper.exe
    Mailbox Replication Service%ExchangeInstallPath%\Bin\MSExchangeMailboxReplication.exe
    Microsoft Exchange Anti-spam Update%ExchangeInstallPath%\Bin\Microsoft.Exchange.AntispamUpdateSvc.exe
    Microsoft Exchange Credential Service%ExchangeInstallPath%\Bin\Microsoft.Exchange.EdgeCredentialSvc.exe
    Microsoft Exchange Edge Transport Service%ExchangeInstallPath%\Bin\EdgeTransport.exe
    Microsoft Exchange EdgeSync Service%ExchangeInstallPath%\Bin\Microsoft.Exchange.EdgeSyncSvc.exe
    Microsoft Exchange Monitoring%ExchangeInstallPath%\Bin\Microsoft.Exchange.Monitoring.exe
    Microsoft Exchange Protected Host Service%ExchangeInstallPath%\Bin\Microsoft.Exchange.ProtectedServiceHost.exe
    Microsoft Exchange Search Indexer%ExchangeInstallPath%\Bin\Microsoft.Exchange.Search.Exsearch.exe
    Microsoft Exchange Service Host%ExchangeInstallPath%\Bin\Microsoft.Exchange.Servicehost.exe
     Microsoft Exchange Transport%ExchangeInstallPath%\Bin\MSExchangeTransport.exe
    Microsoft Exchange Transport Log Search%ExchangeInstallPath%\Bin\MSExchangeTransportLogSearch.exe
    PowershellPowershell.exe

    Aucun commentaire:

    Publier un commentaire