First published on TECHNET on Jan 11, 2013
Authored by Clifton Hughes
With the release of Service Pack 1 for System Center 2012 Configuration Manager, we have been seeing some issues (not necessarily new issues) revealed with Antivirus Exclusion issues around OSD and Boot Image related activities as follows:
OSD Related A/V Exclusion Considerations:
Boot image actions:
Folders to exclude from AV scanning:
OS image actions:
Folders to exclude from AV scanning:
Boot images not updated after upgrading to SP1 in System Center 2012 Configuration Manager:
I was also provided anecdotal information from an issue that if you find yourself in situation where boot images didn’t get updated during site upgrade to SP1, you
can manually update the boot images using the following instructions:
General Antivirus Exclusions and Additional Information for System Center 2012 Configuration Manager Endpoint Protection
Additionally per my other post showing how to import various templates for different servers, here is the general list of file/folder exclusions exported from the Endpoint Protection System Center 2012 Configuration Manager template"
%allusersprofile%\NTUser.pol
%systemroot%\system32\GroupPolicy\registry.pol
%windir%\Security\database\*.chk
%windir%\Security\database\*.edb
%windir%\Security\database\*.jrs
%windir%\Security\database\*.log
%windir%\Security\database\*.sdb
%windir%\SoftwareDistribution\Datastore\Datastore.edb
%windir%\SoftwareDistribution\Datastore\Logs\edb.chk
%windir%\SoftwareDistribution\Datastore\Logs\edb*.log
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00001.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00002.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Res1.log
%windir%\SoftwareDistribution\Datastore\Logs\Res2.log
%windir%\SoftwareDistribution\Datastore\Logs\tmp.edb
%programfiles%\Microsoft Configuration Manager\Inboxes\*.* (shortened list for blog sake)
%programfiles(x86)%\Microsoft Configuration Manager\Inboxes\*.* (shortened list for blog sake)
These entries above were taken directly from one of the included templates in System Center 2012 Configuration Manager which I have attached to the post
Additional links to Antivirus and Antimalware Information:
Where is the Documentation for System Center 2012 Endpoint Protection?
Forefront Endpoint Protection Blog
Guidance on serve initial FEP definition update with SCCM through DP
Important Changes to Forefront Product Roadmaps
Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows
http://support.microsoft.com/kb/822158
Antivirus programs may contribute to file backlogs in SMS 2.0, SMS 2003 and Configuration Manager 2007:
http://support.microsoft.com/kb/327453
ConfigMgr 2007 Antivirus Scan and Exclusion Recommendations:
http://blogs.technet.com/b/configurationmgr/archive/2010/11/30/configmgr-2007-antivirus-scan-and-ex...
Thanks, Cliff Hughes
Premier Field Engineer
System Center 2012 Configuration Manager
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.