SCCM on Windows Server 2016: The Defender Gotcha
Hello! My name is Todd Linke, and I am a Premier Field Engineer at Microsoft where I specialize in System Center Configuration Manager. For those of you that may not be aware, SCCM generates a lot of disk activity, on its site servers. It is not unusual for SCCM to write a file, perform a checksum analysis, and then move or delete the file after processing so quickly that you would not see the file at all if you were monitoring the folder with Windows Explorer. Due to this activity, it is necessary to configure file system and process exclusions for Antivirus Real-Time Scanning solutions. This must be done regardless of the chosen Antivirus solution whether it be Windows Defender or a 3rd party AV, as well as with other security products that actively monitor file system changes.
