lundi 14 mars 2011

[TMG] Exclusions anti-virus


J'ai souvent vue ou eu des demandes sur la faisabilité ou non d'installer un client anti-virus sur un serveur Forefront TMG. Bien entendu cela reste possible et ces exclusions concerne l'analyse ne temps réel.
J’insiste beaucoup sur le fait que ces exclusions doivent être mises en place avant le démarrage du moteur antiviral, ce type de serveur étant assez sensible cela peut vite entrainer des comportements aléatoires voir un effondrement des performances dans le cas contraire.


Dossiers à exclure :
  • %windir%\SoftwareDistribution\Datastore
  • %windir%\SoftwareDistribution\Datastore\Logs
  • %ProgramFiles%\Microsoft Forefront Threat Management Gateway
  • %ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS
  • %ProgramFiles%\Microsoft SQL Server\MSSQL10.MSFW
  • %SystemRoot%\Temp\ScanStorage
  • %ProgramFiles%\Microsoft Forefront Threat Management Gateway\Logs
  • Dossier défini en tant que cache Web
Fichiers à exclure :
  • %allusersprofile%\NTUser.pol
  • %Systemroot%\System32\GroupPolicy\Registry.pol
  • %windir%\Security\Database\*.edb
  • %windir%\Security\Database\*.sdb
  • %windir%\Security\Database\*.log
  • %windir%\Security\Database\*.chk
  • %windir%\Security\Database\*.jrs
  • Res*.log
  • Res*.jrs
  • Edb.chk
  • Tmp.edb
    Processus à exclure :
    NomEmplacement
    Active Directory Web Services%WinDir%\ADWS\Microsoft.ActiveDirectory.WebServices.exe
    ISASTGCTRL%WinDir%\System32\dsamain.exe
    Microsoft Forefront TMG Control%ProgramFiles%\Microsoft Forefront Threat Management Gateway\mspadmin.exe
    Microsoft Forefront TMG Firewall%ProgramFiles%\Microsoft Forefront Threat Management Gateway\wspsrv.exe
    Microsoft Forefront TMG Job Scheduler%ProgramFiles%\Microsoft Forefront Threat Management Gateway\w3prefch.exe
    Microsoft Forefront TMG Managed Control%ProgramFiles%\Microsoft Forefront Threat Management Gateway\IsaManagedCtrl.exe
    Microsoft Forefront TMG Storage%ProgramFiles%\Microsoft Forefront Threat Management Gateway\isastg.exe
    SQL Server (ISARS)%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSFW\MSSQL\Binn\sqlservr.exe
    SQL Server (MSFW)%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSFW\MSSQL\Binn\sqlservr.exe
    SQL Server Reporting Services (ISARS)%ProgramFiles%\Microsoft SQL Server\MSRS10.ISARS\Reporting Services\ReportServer\bin\ReportingServicesService.exe
    SQL Server VSS Writer%ProgramFiles%\Microsoft SQL Server\90\Shared\sqlwriter.exe
    TMG Diagnostic Logging Viewer%ProgramFiles%\Microsoft Forefront Threat Management Gateway\isadlviewer.exe
    TMG Report Generator%ProgramFiles%\Microsoft Forefront Threat Management Gateway\isarepgen.exe
    TMG Report Summary Generator%ProgramFiles%\Microsoft Forefront Threat Management Gateway\dailysum.exe

    Dossiers à exclure si vous avez installé Forefront Protection 2010 for Exchange Server et Exchange Edge :

    • %ExchangeInstallPath%\TransportRoles\Data\Adam
    • %ExchangeInstallPath%\TransportRoles\Logs
    • %ExchangeInstallPath%\TransportRoles
    • %ExchangeInstallPath%\TransportRoles\Data\Queue
    • %ExchangeInstallPath%\TransportRoles\Data\SenderReputation
    • %ExchangeInstallPath%\TransportRoles\Data\IpFilter
    • %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server
    • %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data
    • %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data\Archive
    • %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data\Engines
    • %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data\Quarantine
    Fichiers à exclure si vous avez installé Forefront Protection 2010 for Exchange Server et Exchange Edge :
    *.000*.ci*.dt*.klb*.set
    *.001*.config*.edb*.kli*.v3d
    *.002*.da1*.fdb*.log*.vdb
    *.avc*.dat*.fdm*.lzx*.vdm
    *.bin*.def*.grxml*.lst*.wid
    *.cab*.dia*.ide*.mdb*.wsb
    *.cfg*.dir*.jrs*.ppl*.xml
    *.chk*.dsc*.key*.que

    Processus à exclure pour Forefront Protection 2010 for Exchange Server :
    NomEmplacement
    Extract Files Module%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FscDiag.exe
    Forefront Utility Module%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FscUtility.exe
    FSC Exec Module%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FscExec.exe
    FSC Internet Scanner Module%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FscTransportScanner.exe
    FSC Manual Scanner Module%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FscManualScanner.exe
    FSC Realtime/Scheduled Scanner Module%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FscRealtimeScanner.exe
    FSC Starter Module%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FscStarter.exe
    Microsoft Forefront Server Protection Controller%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FSCController.exe
    Microsoft Forefront Server Protection Eventing Service%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FSCEventing.exe
    Microsoft Forefront Server Protection Mail Pickup Service%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FSEMailPickup.exe
    Microsoft Forefront Server Protection Monitor%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FSCMonitor.exe
    Microsoft Forefront Server Protection Registration Service%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FSEIMC.exe
    Microsoft Forefront Server Protection VSS Writer Service%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\fscvsswriter.exe
    Microsoft Forefront Protection Get Engine Files Module%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\GetEngineFiles.exe
    Microsoft Forefront Protection Scan Engine Test Module%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\ScanEngineTest.exe
    Microsoft Forefront Protection Scan Engine Test Module%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\ScanEngineTest64.exe

    Processus à exclure pour Exchange Edge 2010 :
    NomEmplacement
    CoreXT base ATL7 service exe test%ExchangeInstallPath%\TransportRoles\agents\Hygiene\
    Microsoft.Exchange.ContentFilter.Wrapper.exe
    Mailbox Replication Service%ExchangeInstallPath%\Bin\MSExchangeMailboxReplication.exe
    Microsoft Exchange Anti-spam Update%ExchangeInstallPath%\Bin\Microsoft.Exchange.AntispamUpdateSvc.exe
    Microsoft Exchange Credential Service%ExchangeInstallPath%\Bin\Microsoft.Exchange.EdgeCredentialSvc.exe
    Microsoft Exchange Edge Transport Service%ExchangeInstallPath%\Bin\EdgeTransport.exe
    Microsoft Exchange EdgeSync Service%ExchangeInstallPath%\Bin\Microsoft.Exchange.EdgeSyncSvc.exe
    Microsoft Exchange Monitoring%ExchangeInstallPath%\Bin\Microsoft.Exchange.Monitoring.exe
    Microsoft Exchange Protected Host Service%ExchangeInstallPath%\Bin\Microsoft.Exchange.ProtectedServiceHost.exe
    Microsoft Exchange Search Indexer%ExchangeInstallPath%\Bin\Microsoft.Exchange.Search.Exsearch.exe
    Microsoft Exchange Service Host%ExchangeInstallPath%\Bin\Microsoft.Exchange.Servicehost.exe
     Microsoft Exchange Transport%ExchangeInstallPath%\Bin\MSExchangeTransport.exe
    Microsoft Exchange Transport Log Search%ExchangeInstallPath%\Bin\MSExchangeTransportLogSearch.exe
    PowershellPowershell.exe

    Aucun commentaire:

    Publier un commentaire