Antivirus Exclusion List for ASP.NET applications hosted on IIS
Published Feb 15 2019 06:05 AM 31.6K Views

This article includes information about folders that need to be excluded from antivirus scanning in applications:

1. The physical file folders for the web sites content, no matter it is a local folder or a network share.

The default location is mentioned below, however please note that your content may reside in a different directory as well. Please check the path to which your website and the virtual directories under it points to, in order to identify the correct path.


2. .Net Framework config directory





3. temp file directory

C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files

4. IIS config folder  

In case you are running IIS in shared configuration and your server happens to host the configuration on a different location, ensure to exclude it from the scan. More information about shared config can be found here.


5. IIS Temporary Compressed Files

%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files

Author: Amol Mehrotra

Version history
Last update:
‎Feb 15 2019 06:05 AM
Updated by: