Recommended antivirus exclusions for OpsMgr

We’ve dealt with AV exclusions for SMS and ConfigMgr for a long time, so having information about recommended exclusion practices for OpsMgr 2007 is definitely welcome.

While not officially documented, the OpsMgr teams recommends the following:

For the application side:

I. Operations Manager Server:

“\Program Files\System Center Operations Manager\…\Health Service State” and all sub-directories

‘%windir\temp%’ or other directory depends on the directory store for the ETL files (defined in starttracing.cmd)

 

II. Operations Manager Agent:

“\Program Files\System Center Operations Manager\…\Health Service State” and all sub-directories

‘%windir\temp%’ or other directory depends on the directory store for the ETL files (defined in starttracing.cmd)

 

III. Database server:

OpsMgr /DW database directory and all other database directories

 

IV. OpsMgr Console:

\Documents and Settings\<USER>\Local Settings\…\Microsoft.MOM.UI.Console

 

V. In addition, the following directories:

%installdir%\Health Service State

%installdir%\Config Service State

%installdir%\SDK Service State

%installdir%\tools\tmf

%windir%\temp\OpsMgrTrace

 

VI. Processes:

Excluding by process executable is very dangerous, in that it limits the control of scanning potentially dangerous files handled by the process, because it excludes any and all files involved. If you do want to exclude the processes – they are documented below:

OpsMgr 2007 – monitoringhost.exe

 

VII. SQL Database Servers:

These include the SQL Server database files used by Operations Manager components as well as system database files for the master database and tempdb. To exclude these by directory, exclude the directory for the LDF and MDF files:

Examples:

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data

D:\MSSQL\DATA

E:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Log

 

VIII. Exclusion of File Type by Extensions:

Real-time, scheduled scanner and local scanner file extension specific exclusions:

OpsMgr 2007 (management servers and agents):

These include the queue and log files used by Operations Manager.

Example:

EDB, CHK, LOG.

Leave a Reply

Your email address will not be published. Required fields are marked *