Antivirus Exclusion List for ASP.NET applications hosted on IIS
Published Feb 15 2019 06:05 AM 19.8K Views

This article includes information about folders that need to be excluded from antivirus scanning in ASP.net applications:

1. The physical file folders for the web sites content, no matter it is a local folder or a network share.

The default location is mentioned below, however please note that your content may reside in a different directory as well. Please check the path to which your website and the virtual directories under it points to, in order to identify the correct path.

C:\inetpub\wwwroot

2. .Net Framework config directory

C:\Windows\Microsoft.NET\Framework\v2.0.50727\CONFIG

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\CONFIG

C:\Windows\Microsoft.NET\Framework\v4.0.30319\Config

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config

3. ASP.net temp file directory

C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files

C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files

C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files

4. IIS config folder  

In case you are running IIS in shared configuration and your server happens to host the configuration on a different location, ensure to exclude it from the scan. More information about shared config can be found here.

%SystemDrive%\Windows\System32\inetsrv\config\

5. IIS Temporary Compressed Files

%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files

Author: Amol Mehrotra

Version history
Last update:
‎Feb 15 2019 06:05 AM
Updated by: