Anti Virus Exclusion Guidelines for Microsoft Products

Running a good, constantly updated Anti-Virus program on your computers – server and workstations – is a must when looking into the potential risks in today’s IT world. However, when installing Anti-Virus software on a computer, you also risk having issues with some of the services and applications that run on these computers, most specially with the server machines. Anti-Virus software scans and sometimes locks files on the computers, and when you scan these files, performance and operating system reliability problems may occur because of file locking.

This is why it is extremely important to properly configure the Anti-Virus software to exclude specific files, file type and/or folders on the computers (most importantly – server machines) with an anti virus exclusion.

However, please note: When possible, try not exclude files based on the file name extension. For example, try not exclude all files that have a .dit or .vhd extensions. Of course this may not always be possible, but do try to be as specific as possible with any anti virus exclusion . In addition, try to exclude specific files and not entire folders. Excluding an entire folder maybe simpler but may not provide as much protection as excluding specific files based on file names.

With that said, enclosed is a comprehensive list of services and or software and links to articles that describe the proper Microsoft recommendations for configuring anti-Virus software that runs on servers hosting them.

General Enterprise Configuration Recommendations for Windows operating systems:

http://support.microsoft.com/kb/822158

Forefront:

http://support.microsoft.com/kb/943556

http://support.microsoft.com/kb/943620

http://technet.microsoft.com/en-us/library/cc707727.aspx

Windows / Active Directory:

http://support.microsoft.com/kb/822158

http://support.microsoft.com/kb/837932

http://support.microsoft.com/kb/943556

FRS:

http://support.microsoft.com/kb/815263

SQL:

http://support.microsoft.com/kb/309422

IIS:

http://support.microsoft.com/kb/821749

http://support.microsoft.com/kb/817442

DHCP:

http://support.microsoft.com/kb/927059

SCCM:

http://blogs.technet.com/b/configurationmgr/archive/2010/11/30/configmgr-2007-antivirus-scan-and-exclusion-recommendations.aspx

SCOM / MOM:

http://support.microsoft.com/kb/975931

http://social.technet.microsoft.com/wiki/contents/articles/recommendations-for-antivirus-exclusions-in-mom-2005-and-operations-manager-2007.aspx

SMS:

http://support.microsoft.com/kb/327453

Hyper-V:

http://support.microsoft.com/kb/961804

Med-V:

http://social.technet.microsoft.com/wiki/contents/articles/recommended-anti-virus-exclusions-for-med-v-client-and-workspace-installations.aspx

App-V:

http://support.microsoft.com/kb/2576031

Exchange Server:

http://support.microsoft.com/kb/328841

http://support.microsoft.com/kb/823166

http://support.microsoft.com/kb/245822

http://technet.microsoft.com/en-us/library/bb332342(EXCHG.80).aspx

http://technet.microsoft.com/en-us/library/bb332342.aspx

Lync:

http://technet.microsoft.com/en-us/library/gg195736.aspx

Failover Clustering:

http://support.microsoft.com/kb/250355

SharePoint:

http://support.microsoft.com/kb/952167

http://support.microsoft.com/kb/320111

http://support.microsoft.com/kb/322941

ISA:

http://support.microsoft.com/kb/887311

WSUS and Windows Update:

http://support.microsoft.com/kb/900638

SBS:

http://support.microsoft.com/kb/885685

DPM:

http://technet.microsoft.com/en-us/library/bb808691.aspx

http://technet.microsoft.com/en-us/library/ff399439.aspx

Dynamics CRM:

http://community.dynamics.com/product/crm/crmtechnical/b/crminthefield/archive/2011/01/24/anti-virus-exclusions-for-microsoft-dynamics-crm.aspx

Dynamics AX:

http://blogs.msdn.com/b/czdaxsup/archive/2010/05/13/ax-application-files-locked-by-another-process.aspx

Some sources for this list include:

Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows
http://support.microsoft.com/kb/822158

Anti-Virus Exclusions and You! – Dude where’s my PFE? – Site Home – TechNet Blogs
http://blogs.technet.com/b/jeff_stokes/archive/2010/05/19/anti-virus-exclusions-and-you.aspx

Windows Anti Virus Exclusion List – TechNet Articles – Home – TechNet Wiki
http://social.technet.microsoft.com/wiki/contents/articles/953.aspx

Conclusion

Anti virus software is a good idea to protect your machine but they can cause some conflicts. Setting up simple anti virus exclusions is a good way around this issue. This article serves as a nice list of anti virus exclusion guidelines for Microsoft products specifically.