J'ai souvent vue ou eu des demandes sur la faisabilité ou non d'installer un client anti-virus sur un serveur Forefront TMG. Bien entendu cela reste possible et ces exclusions concerne l'analyse ne temps réel.
J’insiste beaucoup sur le fait que ces exclusions doivent être mises en place avant le démarrage du moteur antiviral, ce type de serveur étant assez sensible cela peut vite entrainer des comportements aléatoires voir un effondrement des performances dans le cas contraire.
- %windir%\SoftwareDistribution\Datastore
- %windir%\SoftwareDistribution\Datastore\Logs
- %ProgramFiles%\Microsoft Forefront Threat Management Gateway
- %ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS
- %ProgramFiles%\Microsoft SQL Server\MSSQL10.MSFW
- %SystemRoot%\Temp\ScanStorage
- %ProgramFiles%\Microsoft Forefront Threat Management Gateway\Logs
- Dossier défini en tant que cache Web
Fichiers à exclure :
- %allusersprofile%\NTUser.pol
- %Systemroot%\System32\GroupPolicy\Registry.pol
- %windir%\Security\Database\*.edb
- %windir%\Security\Database\*.sdb
- %windir%\Security\Database\*.log
- %windir%\Security\Database\*.chk
- %windir%\Security\Database\*.jrs
- Res*.log
- Res*.jrs
- Edb.chk
- Tmp.edb
Processus à exclure :
| Nom | Emplacement |
| Active Directory Web Services | %WinDir%\ADWS\Microsoft.ActiveDirectory.WebServices.exe |
| ISASTGCTRL | %WinDir%\System32\dsamain.exe |
| Microsoft Forefront TMG Control | %ProgramFiles%\Microsoft Forefront Threat Management Gateway\mspadmin.exe |
| Microsoft Forefront TMG Firewall | %ProgramFiles%\Microsoft Forefront Threat Management Gateway\wspsrv.exe |
| Microsoft Forefront TMG Job Scheduler | %ProgramFiles%\Microsoft Forefront Threat Management Gateway\w3prefch.exe |
| Microsoft Forefront TMG Managed Control | %ProgramFiles%\Microsoft Forefront Threat Management Gateway\IsaManagedCtrl.exe |
| Microsoft Forefront TMG Storage | %ProgramFiles%\Microsoft Forefront Threat Management Gateway\isastg.exe |
| SQL Server (ISARS) | %ProgramFiles%\Microsoft SQL Server\MSSQL10.MSFW\MSSQL\Binn\sqlservr.exe |
| SQL Server (MSFW) | %ProgramFiles%\Microsoft SQL Server\MSSQL10.MSFW\MSSQL\Binn\sqlservr.exe |
| SQL Server Reporting Services (ISARS) | %ProgramFiles%\Microsoft SQL Server\MSRS10.ISARS\Reporting Services\ReportServer\bin\ReportingServicesService.exe |
| SQL Server VSS Writer | %ProgramFiles%\Microsoft SQL Server\90\Shared\sqlwriter.exe |
| TMG Diagnostic Logging Viewer | %ProgramFiles%\Microsoft Forefront Threat Management Gateway\isadlviewer.exe |
| TMG Report Generator | %ProgramFiles%\Microsoft Forefront Threat Management Gateway\isarepgen.exe |
| TMG Report Summary Generator | %ProgramFiles%\Microsoft Forefront Threat Management Gateway\dailysum.exe |
Dossiers à exclure si vous avez installé Forefront Protection 2010 for Exchange Server et Exchange Edge :
- %ExchangeInstallPath%\TransportRoles\Data\Adam
- %ExchangeInstallPath%\TransportRoles\Logs
- %ExchangeInstallPath%\TransportRoles
- %ExchangeInstallPath%\TransportRoles\Data\Queue
- %ExchangeInstallPath%\TransportRoles\Data\SenderReputation
- %ExchangeInstallPath%\TransportRoles\Data\IpFilter
- %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server
- %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data
- %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data\Archive
- %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data\Engines
- %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data\Quarantine
| *.000 | *.ci | *.dt | *.klb | *.set |
| *.001 | *.config | *.edb | *.kli | *.v3d |
| *.002 | *.da1 | *.fdb | *.log | *.vdb |
| *.avc | *.dat | *.fdm | *.lzx | *.vdm |
| *.bin | *.def | *.grxml | *.lst | *.wid |
| *.cab | *.dia | *.ide | *.mdb | *.wsb |
| *.cfg | *.dir | *.jrs | *.ppl | *.xml |
| *.chk | *.dsc | *.key | *.que |
Processus à exclure pour Forefront Protection 2010 for Exchange Server :
| Nom | Emplacement |
| Extract Files Module | %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FscDiag.exe |
| Forefront Utility Module | %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FscUtility.exe |
| FSC Exec Module | %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FscExec.exe |
| FSC Internet Scanner Module | %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FscTransportScanner.exe |
| FSC Manual Scanner Module | %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FscManualScanner.exe |
| FSC Realtime/Scheduled Scanner Module | %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FscRealtimeScanner.exe |
| FSC Starter Module | %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FscStarter.exe |
| Microsoft Forefront Server Protection Controller | %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FSCController.exe |
| Microsoft Forefront Server Protection Eventing Service | %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FSCEventing.exe |
| Microsoft Forefront Server Protection Mail Pickup Service | %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FSEMailPickup.exe |
| Microsoft Forefront Server Protection Monitor | %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FSCMonitor.exe |
| Microsoft Forefront Server Protection Registration Service | %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\FSEIMC.exe |
| Microsoft Forefront Server Protection VSS Writer Service | %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\fscvsswriter.exe |
| Microsoft Forefront Protection Get Engine Files Module | %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\GetEngineFiles.exe |
| Microsoft Forefront Protection Scan Engine Test Module | %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\ScanEngineTest.exe |
| Microsoft Forefront Protection Scan Engine Test Module | %ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\ScanEngineTest64.exe |
Processus à exclure pour Exchange Edge 2010 :
| Nom | Emplacement |
| CoreXT base ATL7 service exe test | %ExchangeInstallPath%\TransportRoles\agents\Hygiene\ Microsoft.Exchange.ContentFilter.Wrapper.exe |
| Mailbox Replication Service | %ExchangeInstallPath%\Bin\MSExchangeMailboxReplication.exe |
| Microsoft Exchange Anti-spam Update | %ExchangeInstallPath%\Bin\Microsoft.Exchange.AntispamUpdateSvc.exe |
| Microsoft Exchange Credential Service | %ExchangeInstallPath%\Bin\Microsoft.Exchange.EdgeCredentialSvc.exe |
| Microsoft Exchange Edge Transport Service | %ExchangeInstallPath%\Bin\EdgeTransport.exe |
| Microsoft Exchange EdgeSync Service | %ExchangeInstallPath%\Bin\Microsoft.Exchange.EdgeSyncSvc.exe |
| Microsoft Exchange Monitoring | %ExchangeInstallPath%\Bin\Microsoft.Exchange.Monitoring.exe |
| Microsoft Exchange Protected Host Service | %ExchangeInstallPath%\Bin\Microsoft.Exchange.ProtectedServiceHost.exe |
| Microsoft Exchange Search Indexer | %ExchangeInstallPath%\Bin\Microsoft.Exchange.Search.Exsearch.exe |
| Microsoft Exchange Service Host | %ExchangeInstallPath%\Bin\Microsoft.Exchange.Servicehost.exe |
| Microsoft Exchange Transport | %ExchangeInstallPath%\Bin\MSExchangeTransport.exe |
| Microsoft Exchange Transport Log Search | %ExchangeInstallPath%\Bin\MSExchangeTransportLogSearch.exe |
| Powershell | Powershell.exe |
Aucun commentaire:
Enregistrer un commentaire