Anti Virus Exclusion Guidelines for Microsoft Products
Running a good, constantly updated Anti-Virus program on your computers – server and workstations – is a must when looking into the potential risks in today’s IT world. However, when installing Anti-Virus software on a computer, you also risk having issues with some of the services and applications that run on these computers, most specially with the server machines. Anti-Virus software scans and sometimes locks files on the computers, and when you scan these files, performance and operating system reliability problems may occur because of file locking.
This is why it is extremely important to properly configure the Anti-Virus software to exclude specific files, file type and/or folders on the computers (most importantly – server machines) with an anti virus exclusion.
However, please note: When possible, try not exclude files based on the file name extension. For example, try not exclude all files that have a .dit or .vhd extensions. Of course this may not always be possible, but do try to be as specific as possible with any anti virus exclusion . In addition, try to exclude specific files and not entire folders. Excluding an entire folder maybe simpler but may not provide as much protection as excluding specific files based on file names.
With that said, enclosed is a comprehensive list of services and or software and links to articles that describe the proper Microsoft recommendations for configuring anti-Virus software that runs on servers hosting them.
General Enterprise Configuration Recommendations for Windows operating systems:
Windows / Active Directory:
SCOM / MOM:
WSUS and Windows Update:
Some sources for this list include:
Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows
Anti-Virus Exclusions and You! – Dude where’s my PFE? – Site Home – TechNet Blogs
Windows Anti Virus Exclusion List – TechNet Articles – Home – TechNet Wiki
Anti virus software is a good idea to protect your machine but they can cause some conflicts. Setting up simple anti virus exclusions is a good way around this issue. This article serves as a nice list of anti virus exclusion guidelines for Microsoft products specifically.