kaspersky lab scan exclusions
TRANSCRIPT
-
7/26/2019 Kaspersky Lab Scan Exclusions
1/29
Page 1 of 29
Kaspersky Lab Scan Exclusions by Application
One of the first steps in the implementation of antivirus protection is creation of antivirus policies. On aproduct by product basis, software vendors generally provide information as to what files, folders, processes
and file extensions should be excluded from scanning by an antivirus product. Its not a strict requirement
but it is generally done to improve performance of a system and/or increase system stability. In the end, it
becomes a determination of stability / performance versus security and should be handled on a case by case
basis given a specific product.
This article describes exclusions provided by Microsoft for its products specifically for:
Kaspersky Endpoint Security 10 for Windows
Kaspersky Anti-Virus 8.0 for Windows Servers Enterprise Edition
Transport level or product aware scanners like Kaspersky Anti-Virus for Microsoft ISA Server and Kaspersky
Security for Microsoft Exchange Server are out of scope of this document. In addition, non-Windows based
clients / servers are out of scope. In some cases, additional configuration, such as disabling the firewall
component of the antivirus software, is required for optimal operation of a server; however, agent
configuration beyond exclusions is out of scope.
Many of these items are also included in the default exclusion list available in KES 10 & WSEE 8.0 however
additional configuration may be required on a case by case basis. We have also included citations for the
specific Microsoft sites that discuss the exclusion in each section. Below, all recommendations are given for
default paths. If you use non default locations you should adjust these settings. All settings should be applied
temporary at first to evaluate a system.
In the current article you can find exclusions for:
Virus Scan Exclusions for Microsoft Products ..................................................................................................1
General Exclusions for Microsoft Windows 2008 R2, Windows 2008, Windows 2003 R2, Windows 2003,
Windows 2000, Windows 7, Windows Vista and Windows XP .........................................................................3
Windows Updates or Automatic Updates related files (database) ...........................................................3
Windows Updates or Automatic Updates related files (logs) ...................................................................4
Windows Security files ............................................................................................................................4
Group Policy related files. .......................................................................................................................4
Print Spooler ...........................................................................................................................................4
Paging file ...............................................................................................................................................4
MSMQ ....................................................................................................................................................4
Domain Controllers on Microsoft Windows 2008 R2, Windows 2008, Windows 2003 R2, Windows 2003,
Windows 2000 ................................................................................................................................................5
Active Directory related files (NTDS database).........................................................................................5Active Directory related files (transaction logs). ......................................................................................5
-
7/26/2019 Kaspersky Lab Scan Exclusions
2/29
Page 2 of 29
Active Directory related files (NTDS working directory). ..........................................................................5
Sysvol files (FRS working directory) .........................................................................................................5
Sysvol files (FRS database logs)................................................................................................................5
Sysvol files (staging files). ........................................................................................................................6
Sysvol subfolder. .....................................................................................................................................6
Sysvol files (FRS preinstall directory). ......................................................................................................6
DFS files (database, logs and working folders) .........................................................................................6
DHCP Servers ..................................................................................................................................................7
DNS Servers ....................................................................................................................................................7
WINS Servers ..................................................................................................................................................7
IIS Servers 6.0/7.0 ...........................................................................................................................................7
WSUS Servers .................................................................................................................................................8
Server Clusters................................................................................................................................................8
SQL Servers.....................................................................................................................................................8
Common Exclusions ................................................................................................................................8
SQL Server 2005 ......................................................................................................................................9
SQL Server 2008 ......................................................................................................................................9
SQL Server 2008 R2 .................................................................................................................................9
SQL Server 2012 ......................................................................................................................................9
ISA and Forefront Servers ...............................................................................................................................9
ISA 2000 ................................................................................................................................................10
ISA 2004/2006 SE/EE .............................................................................................................................10
IAG 2007 ...............................................................................................................................................10
TMG MBE..............................................................................................................................................11TMG 2010. ............................................................................................................................................11
UAG 2010..............................................................................................................................................11
System Center Products and Their Predecessors ...........................................................................................12
SMS 2003. .............................................................................................................................................12
SCCM 2012 ...........................................................................................................................................12
SCCM 2007............................................................................................................................................13
SCDPM 2007. ........................................................................................................................................13
SCOM 2007/2012 and MOM 2005.........................................................................................................13
-
7/26/2019 Kaspersky Lab Scan Exclusions
3/29
Page 3 of 29
SharePoint Servers & Services.......................................................................................................................13
SharePoint Service 3.0...........................................................................................................................13
SharePoint Portal Server 2001/2003. ....................................................................................................14
SharePoint Server 2007. ........................................................................................................................14
SharePoint Foundation 2010 .................................................................................................................14
SharePoint Server 2010 .........................................................................................................................14
SharePoint Foundation 2013 .................................................................................................................15
SharePoint Server 2013 .........................................................................................................................15
Virtualization Solutions .................................................................................................................................15
Hyper-V Servers ....................................................................................................................................15
MED-V ..................................................................................................................................................15
App-V ....................................................................................................................................................16
Microsoft SBS 2003 .......................................................................................................................................16
Microsoft Exchange Servers ..........................................................................................................................16
Exchange 2003 Servers..........................................................................................................................16
Exchange 2007 Servers..........................................................................................................................17
Exchange 2010 Servers..........................................................................................................................20
Lync Server 2010 ..........................................................................................................................................23
Data Protection Manager..............................................................................................................................24
Dynamics AX 2009 ........................................................................................................................................24
BizTalk 2004 Servers .....................................................................................................................................25
How to Add Exclusions in KES 10 for Windows ..............................................................................................26
How to Add Exclusions in KAV 8.0 for Windows Servers EE ...........................................................................28
Information about how to add these exclusions is located at the end of article.
General Exclusions for Microsoft Windows 2008 R2, Windows 2008,
Windows 2003 R2, Windows 2003, Windows 2000, Windows 7, Windows
Vista and Windows XP
Windows Updates or Automatic Updates related files (database)
Exclusion:
%windir%\SoftwareDistribution\Datastore\Datastore.edb
-
7/26/2019 Kaspersky Lab Scan Exclusions
4/29
Page 4 of 29
Windows Updates or Automatic Updates related files (logs)
Exclusion: %windir%\SoftwareDistribution\Datastore\Logs\Res*.log
%windir%\SoftwareDistribution\Datastore\Logs\Res*.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Edb.chk
%windir%\SoftwareDistribution\Datastore\Logs\Tmp.edb
Windows Security files
Scanning of these files may prevent security policy from being applied.
Exclusion:
%windir%\Security\Database\*.edb
%windir%\Security\Database\*.sdb %windir%\Security\Database\*.log
%windir%\Security\Database\*.chk
%windir%\Security\Database\*.jrs
Group Policy related files.
Exclusion:
%allusersprofile%\NTUser.pol
%Systemroot%\System32\GroupPolicy\Registry.pol
Print Spooler
Service which manages print queues and controls printing jobs
Exclusion:
spoolsv.exe
Paging file
An important part of virtual memory implementation
Exclusion:
pagefile.sys
MSMQA messaging protocol that allows applications running on separate servers to communicate in a failsafe
manner
Exclusion:
%SystemRoot%\system32\MSMQ\
%SystemRoot%\system32\MSMQ\storage
Please use thislinkfor more detailed information.
http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0 -
7/26/2019 Kaspersky Lab Scan Exclusions
5/29
Page 5 of 29
Domain Controllers on Microsoft Windows 2008 R2, Windows 2008,
Windows 2003 R2, Windows 2003, Windows 2000
Active Directory related files (NTDS database).
Exclusion:
%windir%\Ntds\Ntds.dit
%windir%\Ntds\Ntds.pat
Non default path could be found here:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\DSA Database File
Active Directory related files (transaction logs).
Exclusion:
%windir%\Ntds\EDB*.log
%windir%\Ntds\Res*.log
%windir%\Ntds\Res*.jrs
Non default path could be found here:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\DSA Working
Directory
Active Directory related files (NTDS working directory).
Exclusion:
%windir%\Ntds\Temp.edb
%windir%\Ntds\Edb.chk
Non default path could be found here:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\DSA Working
Directory
Sysvol files (FRS working directory)
System volume is a shared folder that stores public files (elements of Group Policy, scripts, etc) distributed to
other domain controllers via File Replication service.
Exclusion:
%windir%\Ntfrs\edb.chk
%windir%\Ntfrs\Ntfrs.jdb
%windir%\Ntfrs\*.log
Non default path could be found here:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Working Directory
Sysvol files (FRS database logs)
Located in %windir%\Ntfrs.
Exclusion:
Eedb*.log (if the registry key is not set) FRS Working Dir\Jet\Log\Edb*.jrs (Windows 2008 and Windows 2008 R2)
-
7/26/2019 Kaspersky Lab Scan Exclusions
6/29
Page 6 of 29
Non default path could be found here:
HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\Ntfrs\Parameters\DB Log File Directory
Sysvol files (staging files).
Exclusion:
%systemroot%\Sysvol\Staging areas\Nntfrs_cmp*.*
Non default path could be found here:
HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\NtFrs\Parameters\Replica
Sets\GUID\Replica\Set Stage
Sysvol subfolder.
Default location is %systemroot%\Sysvol\Sysvol.Exclude the following files from this folder and all its subfolders:
*.adm
*admx
*.adml
Registry.pol
*.aas
*.inf
Fdeploy.inf
Scripts.ini
*.ins
Oscfilter.ini
Sysvol files (FRS preinstall directory).
Exclusion:
%windir%\sysvol\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory
DFS files (database, logs and working folders)
Distributed File System technology offers WAN friendly replication and simplified fault-tolerant access to
geographically dispersed files.
Default location is %systemdrive%\System Volume Information\DFSR.
Exclude the following files from this folder and all its subfolders:
$db_normal$ FileIDTable_2
SimilarityTable_2
*.xml
$db_dirty$
Dfsr.db
Fsr.chk
*.log
Fsr*.jrs
Tmp.edb
-
7/26/2019 Kaspersky Lab Scan Exclusions
7/29
Page 7 of 29
Also, exclude the following replicated folder:
%systemdrive%\\dfsrprivate\staging\*.frx
Non default path could be found here:
HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\DFSR\Parameters\Replication
Groups\GUID\Replica Set Configuration File=Path >
Please use thislink& thislinkfor more detailed information.
DHCP ServersBy default DHCP related files are located in %systemroot%\System32\DHCP.
Exclude the following files from this folder and all its subfolders:
*.mdb
*.pat
*.log
*.chk
*.edb
Non default path could be found here:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCPServer\Parameters
Please use thislinkfor more detailed information.
DNS ServersBy default DNS related files are located in %systemroot%\System32\Dns.
Exclude the following files from this folder and all its subfolders:
*.log
*.dns
BOOT
Please use thislinkfor more detailed information.
WINS Servers
By default WINS related files are located in %systemroot%\System32\Wins.Exclude the following files from this folder and all its subfolders:
*.chk
*.log
*.mdb
Please use thislinkfor more detailed information.
IIS Servers 6.0/7.0Exclude:
%systemroot%\IIS Temporary Compressed Files (IIS 6.0)
%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files (IIS 7.0)
%systemroot%\system32\inetsrv
http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://blogs.technet.com/b/askds/archive/2010/03/31/tuning-replication-performance-in-dfsr-especially-on-win2008-r2.aspxhttp://blogs.technet.com/b/askds/archive/2010/03/31/tuning-replication-performance-in-dfsr-especially-on-win2008-r2.aspxhttp://blogs.technet.com/b/askds/archive/2010/03/31/tuning-replication-performance-in-dfsr-especially-on-win2008-r2.aspxhttp://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0http://blogs.technet.com/b/askds/archive/2010/03/31/tuning-replication-performance-in-dfsr-especially-on-win2008-r2.aspxhttp://support.microsoft.com/kb/822158/en-us?wa=wsignin1.0 -
7/26/2019 Kaspersky Lab Scan Exclusions
8/29
Page 8 of 29
Please use thislinkfor more detailed information.
WSUS ServersExclude:
Wsusscan.cab
Wsusscn2.cab
\WSUS\WSUSContent
\WSUS\UpdateServicesDBFiles
\SoftwareDistribution\Datastore
\SoftwareDistribution\Download
Please use thislinkandlinkfor more detailed information.
Server Clusters
Exclude:
Q:\ (Quorum drive) - The path of the \mscs folder on the quorum hard disk. For example, exclude
the Q:\mscs folder from virus scanning.
C:\Windows\Cluster - The %Systemroot%\Cluster folder.
The temp folder for the Cluster Service account. For example, exclude the
\clusterserviceaccount\Local Settings\Temp folder from virus scanning.
Please use thislinkfor more detailed information.
SQL Servers
Common Exclusions
Exclude data files:
*.mdf
*.ndf
Exclude logs:
*.ldf
Exclude backup files:
*.bak
*.trn
Exclude SQL Audit Files
*.sqlaudit
Exclude SQL Trace Files
*.trc
Exclude full-text catalog files:FTData folders
http://support.microsoft.com/kb/821749http://support.microsoft.com/kb/821749http://support.microsoft.com/kb/821749http://support.microsoft.com/kb/900638http://support.microsoft.com/kb/900638http://support.microsoft.com/kb/900638http://technet.microsoft.com/en-us/library/dd939908(WS.10).aspx#avhttp://technet.microsoft.com/en-us/library/dd939908(WS.10).aspx#avhttp://technet.microsoft.com/en-us/library/dd939908(WS.10).aspx#avhttp://support.microsoft.com/kb/250355http://support.microsoft.com/kb/250355http://support.microsoft.com/kb/250355http://support.microsoft.com/kb/250355http://technet.microsoft.com/en-us/library/dd939908(WS.10).aspx#avhttp://support.microsoft.com/kb/900638http://support.microsoft.com/kb/821749 -
7/26/2019 Kaspersky Lab Scan Exclusions
9/29
Page 9 of 29
Default instance: Program Files\Microsoft SQL Server\MSSQL\FTDATA
Named instance: Program Files\Microsoft SQL Server\MSSQL$instancename\FTDATA
Exclude Analysis Services data:
%ProgramFiles%\Microsoft SQL Server\MSSQL.X\OLAP\data
Exclude Analysis Services backup files:
%ProgramFiles%\Microsoft SQL Server\MSSQL.X\OLAP\Backup
Exclude Analysis Services logs:
%ProgramFiles%\Microsoft SQL Server\MSSQL.X\OLAP\Log
SQL Server 2005
%ProgramFiles%\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLServr.exe %ProgramFiles%\Microsoft SQL Server\MSSQL.3\Reporting
Services\ReportServer\Bin\ReportingServicesService.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL.2\OLAP\Bin\MSMDSrv.exe
SQL Server 2008
%ProgramFiles%\Microsoft SQL Server\MSSQL10.\MSSQL\Binn\SQLServr.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL10.\Reporting
Services\ReportServer\Bin\ReportingServicesService.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL10.\OLAP\Bin\MSMDSrv.exe
SQL Server 2008 R2 %ProgramFiles%\Microsoft SQL Server\MSSQL10_50.\MSSQL\Binn\SQLServr.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL10_50.\Reporting
Services\ReportServer\Bin\ReportingServicesService.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL10_50.\OLAP\Bin\MSMDSrv.exe
SQL Server 2012
%ProgramFiles%\Microsoft SQL Server\MSSQL11.\MSSQL\Binn\SQLServr.exe
%ProgramFiles%\Microsoft SQL Server\MSRS11.\Reporting
Services\ReportServer\Bin\ReportingServicesService.exe
%ProgramFiles%\Microsoft SQL Server\MSAS11.\OLAP\Bin\MSMDSrv.exe
Please use thislinkfor more detailed information.
ISA and Forefront ServersThis section contains information about:
Internet Security and Acceleration (ISA) Server 2000/2004/2006 Standard/Enterprise Editions.
Intelligent Application Gateway (IAG) 2007.
Forefront Threat Management Gateway (TMG) Medium Business Edition.
Forefront Threat Management Gateway (TMG) 2010.
Forefront Unified Access Gateway (UAG) 2010.
General exclusions: Applications working directory
http://support.microsoft.com/kb/309422http://support.microsoft.com/kb/309422http://support.microsoft.com/kb/309422http://support.microsoft.com/kb/309422 -
7/26/2019 Kaspersky Lab Scan Exclusions
10/29
Page 10 of 29
Logs
Configuration storage
Cache storage Applications processes
General folders and files mentioned in sections above
ISA/Forefront-aware antivirus program folders.
ISA 2000
Exclude:
%ProgramFiles%\Microsoft ISA Server
%ProgramFiles%\Microsoft ISA Server\ISALogs
ISA Server Web cache
%ProgramFiles%\Microsoft ISA Server\dailysum.exe
%ProgramFiles%\Microsoft ISA Server\repgen.exe %ProgramFiles%\Microsoft ISA Server\mspadmin.exe
%ProgramFiles%\Microsoft ISA Server\w3prefch.exe
%ProgramFiles%\Microsoft ISA Server\wspsrv.exe
ISA 2004/2006 SE/EE
Exclude:
%ProgramFiles%\Microsoft ISA Server
%ProgramFiles%\Microsoft SQL Server
ISA Server Web cache
%ProgramFiles%\Microsoft ISA Server\dailysum.exe
%ProgramFiles%\Microsoft ISA Server\isastg.exe
%ProgramFiles%\Microsoft ISA Server\mspadmin.exe
%ProgramFiles%\Microsoft ISA Server\w3prefch.exe
%ProgramFiles%\Microsoft ISA Server\wspsrv.exe
%ProgramFiles%\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL$MSFW\sqlservr.exe
%WinDir%\System32\dsamain.exe (Enterprise version only)
IAG 2007
Exclude:
The same files which were excluded for IIS. The same files which were excluded for ISA 2006.
c:\whale-com\e-gap\
%WinDir%\System32\inetsrv\inetinfo.exe
%WinDir%\System32\inetsrv\w3wp.exe
%SystemDrive%\Whale-Com\e-Gap\common\bin\MonitorMgrCom.exe
%SystemDrive%\Whale-Com\e-Gap\common\bin\SessionMgrCom.exe
%SystemDrive%\Whale-Com\e-Gap\von\FileAccess\ShareAccess.exe
%SystemDrive%\Whale-Com\e-Gap\common\bin\UserMgrCom.exe
%SystemDrive%\Whale-Com\e-Gap\common\bin\whlerrsrvd.exe
%SystemDrive%\Whale-Com\e-Gap\common\bin\whlios.exe
-
7/26/2019 Kaspersky Lab Scan Exclusions
11/29
Page 11 of 29
TMG MBE
Exclude:
%ProgramFiles%\Microsoft ISA Server %ProgramFiles(x86)%\Microsoft SQL Server
%SystemRoot%\Temp\ScanStorage
%ProgramFiles(x86)%\Microsoft ISA Server\Logs
TMG Web cache
%SystemDrive%\InetPub
%ProgramFiles(x86)%\Microsoft ISA Server\dailysum.exe
%ProgramFiles(x86)%\Microsoft ISA Server\isarepgen.exe
%ProgramFiles(x86)%\Microsoft ISA Server\isadlviewer.exe
%ProgramFiles(x86)%\Microsoft ISA Server\isastg.exe
%ProgramFiles(x86)%\Microsoft ISA Server\mspadmin.exe
%ProgramFiles(x86)%\Microsoft ISA Server\wspsrv.exe
%ProgramFiles(x86)%\Microsoft ISA Server\w3prefch.exe
%ProgramFiles(x86)%\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
%ProgramFiles(x86)%\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
%ProgramFiles(x86)%\Microsoft SQL Server\90\Shared\sqlwriter.exe
%WinDir%\System32\dsamain.exe
%WinDir%\System32\inetsrv\inetinfo.exe
%WinDir%\System32\inetsrv\w3wp.exe
TMG 2010.
Exclude:
%ProgramFiles%\Microsoft Forefront Threat Management Gateway
%ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS
%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSFW
%SystemRoot%\Temp\ScanStorage
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\Logs\Web cache
TMG Web cache
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\dailysum.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\isarepgen.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\isadlviewer.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\IsaManagedCtrl.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\isastg.exe %ProgramFiles%\Microsoft Forefront Threat Management Gateway\mspadmin.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\wspsrv.exe
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\w3prefch.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS\MSSQL\Binn\sqlservr.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS\MSSQL\Binn\ReportingServicesService.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSFW\MSSQL\Binn\sqlservr.exe
%WinDir%\System32\dsamain.exe
UAG 2010.
Exclude:
The same files which were excluded for IIS. The same files which were excluded for TMG 2010.
-
7/26/2019 Kaspersky Lab Scan Exclusions
12/29
Page 12 of 29
%ProgramFiles%\Microsoft Forefront Unified Access Gateway.
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\DnsAlgSrv.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\MonitorMgrCom.exe %ProgramFiles%\Microsoft Forefront Unified Access Gateway\SessionMgrCom.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\ShareAccess.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\uagqessvc.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\uagrdpsvc.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\UserMgrCom.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\WatchDogSrv.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\whlerrsrv.exe
%ProgramFiles%\Microsoft Forefront Unified Access Gateway\whlios.exe
Please use thislinkfor more detailed information.
System Center Products and Their PredecessorsThis section contains information about:
Systems Management Server (SMS) 2003 and Configuration Manager (SCCM) 2007.
System Center Data Protection Manager (SCDPM) 2007.
System Center Operations Manager (SCOM) 2007 and Operations Manager (MOM) 2005.
SMS 2003.
Exclude:
SMS\Inboxes directory on Microsoft Systems Management Server site servers.
SMS_CCM\ServiceData directory on Microsoft SMS Management Points.
Please use thislinkfor more detailed information.
SCCM 2012
Exclude:
C:\Windows\TEMP\BootImages\{GUID}
\Windows\TEMP\BootImages\*
\ConfigMgr_OfflineImageServicing
%allusersprofile%\NTUser.pol
%systemroot%\system32\GroupPolicy\registry.pol
%windir%\Security\database\*.chk %windir%\Security\database\*.edb
%windir%\Security\database\*.jrs
%windir%\Security\database\*.log
%windir%\Security\database\*.sdb
%windir%\SoftwareDistribution\Datastore\Datastore.edb
%windir%\SoftwareDistribution\Datastore\Logs\edb.chk
%windir%\SoftwareDistribution\Datastore\Logs\edb*.log
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00001.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00002.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Res1.log
%windir%\SoftwareDistribution\Datastore\Logs\Res2.log %windir%\SoftwareDistribution\Datastore\Logs\tmp.edb
http://technet.microsoft.com/en-us/library/cc707727.aspxhttp://technet.microsoft.com/en-us/library/cc707727.aspxhttp://technet.microsoft.com/en-us/library/cc707727.aspxhttp://support.microsoft.com/kb/327453http://support.microsoft.com/kb/327453http://support.microsoft.com/kb/327453http://support.microsoft.com/kb/327453http://technet.microsoft.com/en-us/library/cc707727.aspx -
7/26/2019 Kaspersky Lab Scan Exclusions
13/29
Page 13 of 29
%programfiles%\Microsoft Configuration Manager\Inboxes\*.*
%programfiles(x86)%\Microsoft Configuration Manager\Inboxes\*.*
Please use thislinkfor more detailed information.
SCCM 2007.
Exclude:
%ProgramFiles%\Microsoft Configuration Manager\Inboxes
Please use thislinkfor more detailed information.
SCDPM 2007.
Exclude:
%ProgramFiles%\Microsoft Data Protection Manager\DPM\XSD %ProgramFiles%\Microsoft Data Protection Manager\DPM\Temp\MTA
%ProgramFiles%\Microsoft Data Protection Manager\DPM\bin\dpmra.exe
%WinDir%\Microsoft.net\Framework\v2.0.50727\csc.exe
Please use thislinkfor more detailed information.
SCOM 2007/2012 and MOM 2005.
Exclude:
Momhost.exe (MOM 2005)
Monitoringhost.exe (SCOM 2007 & SCOM 2012)
%allusersprofile%\Application Data\Microsoft\Microsoft Operations Manager\ (MOM 2005) %ProgramFiles%\System Center Operations Manager 2007\Health Service State\Health Service Store
(SCOM 2007)
%ProgramFiles%\System Center 2012\Operations Manager\\Health Service
State\Health Service Store (SCOM 2012)
%Program Files%\Microsoft SQL Server\MSSQL.1\MSSQL\Data
%ProgramFiles%\Microsoft SQL Server\MSSQL.1\MSSQL\Log
Extensions: WKF, PQF, PQF0, PQF1, EDB, CHK, LOG, MDF, LDF
Please use thislinkfor more detailed information.
SharePoint Servers & Services
SharePoint Service 3.0.
Exclude:
%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\Logs
%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\Data\Applications (if
the computer is running the Windows SharePoint Services Search service)
%WinDir%\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files
%WinDir%\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files (on 64bit systems)
%allusersprofile%\Application Data\Microsoft\SharePoint\Config
%WinDir%\Temp\WebTempDir
%SystemDrive%\Documents and Settings\service_account\Local Settings\Temp\
http://blogs.technet.com/b/systemcenterpfe/archive/2013/01/11/updated-system-center-2012-configuration-manager-antivirus-exclusions-with-more-details.aspxhttp://blogs.technet.com/b/systemcenterpfe/archive/2013/01/11/updated-system-center-2012-configuration-manager-antivirus-exclusions-with-more-details.aspxhttp://blogs.technet.com/b/systemcenterpfe/archive/2013/01/11/updated-system-center-2012-configuration-manager-antivirus-exclusions-with-more-details.aspxhttp://technet.microsoft.com/en-us/library/bb932206.aspxhttp://technet.microsoft.com/en-us/library/bb932206.aspxhttp://technet.microsoft.com/en-us/library/bb932206.aspxhttp://technet.microsoft.com/en-us/library/bb808691.aspxhttp://technet.microsoft.com/en-us/library/bb808691.aspxhttp://technet.microsoft.com/en-us/library/bb808691.aspxhttp://support.microsoft.com/kb/975931http://support.microsoft.com/kb/975931http://support.microsoft.com/kb/975931http://support.microsoft.com/kb/975931http://technet.microsoft.com/en-us/library/bb808691.aspxhttp://technet.microsoft.com/en-us/library/bb932206.aspxhttp://blogs.technet.com/b/systemcenterpfe/archive/2013/01/11/updated-system-center-2012-configuration-manager-antivirus-exclusions-with-more-details.aspx -
7/26/2019 Kaspersky Lab Scan Exclusions
14/29
Page 14 of 29
Please use thislinkfor more detailed information.
SharePoint Portal Server 2001/2003.
Exclude:
%ProgramFiles%\SharePoint Portal Server
%ProgramFiles%\Common Files\Microsoft Shared\Web Storage System
%WinDir%\Temp\Frontpagetempdir (If use are using SPS 2003 SP1)
Please use thislinkfor more detailed information.
SharePoint Server 2007.
Exclude:
%ProgramFiles%\Microsoft Office Servers\12.0\Data %ProgramFiles%\Microsoft Office Servers\12.0\Logs
%ProgramFiles%\Microsoft Office Servers\12.0\Bin
Please use thislinkfor more detailed information.
SharePoint Foundation 2010
Exclude:
Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Logs
Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Data\Applications
Drive:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files
Drive: \Users\ServiceAccount\AppData\Local\Temp\WebTempDir Drive:\ProgramData\Microsoft\SharePoint
Drive:\Users\account that the search service is running as\AppData\Local\Temp
Drive:\WINDOWS\system32\LogFiles
Drive:\Windows\Syswow64\LogFiles
Drive:\Users\ServiceAccount\AppData\Local\Temp
Drive:\Users\Default\AppData\Local\Temp
Please use thislinkfor more detailed information.
SharePoint Server 2010
Exclude: Drive:\Program Files\Microsoft Office Servers\14.0\Data (This folder is used for the indexing process.
If the Index files are configured to be located in a different folder, you also have to exclude that
location.)
Drive:\Program Files\Microsoft Office Servers\14.0\Logs
Drive:\Program Files\Microsoft Office Servers\14.0\Bin
Drive:\Program Files\Microsoft Office Servers\14.0\Synchronization Service
Any location in which you decided to store the disk-based binary large object (BLOB) cache (for
example, C:\Blobcache)
Please use thislinkfor more detailed information.
http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/?id=320111http://support.microsoft.com/?id=320111http://support.microsoft.com/?id=320111http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/?id=320111http://support.microsoft.com/kb/952167 -
7/26/2019 Kaspersky Lab Scan Exclusions
15/29
Page 15 of 29
SharePoint Foundation 2013
Exclude:
Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\Logs Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\Data\Applications
Drive:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files
Drive: \Users\ServiceAccount\AppData\Local\Temp\WebTempDir
Drive:\ProgramData\Microsoft\SharePoint
Drive:\Users\account that the search service is running as\AppData\Local\Temp
Drive:\WINDOWS\System32\LogFiles
Drive:\Windows\Syswow64\LogFiles
Drive:\Users\ServiceAccount\AppData\Local\Temp
Drive:\Users\Default\AppData\Local\Temp
Please use thislinkfor more detailed information.
SharePoint Server 2013
Exclude:
Drive:\Program Files\Microsoft Office Servers\15.0\Data (This folder is used for the indexing process.
If the index files are configured to be located in a different folder, you also have to exclude that
location.)
Drive:\Program Files\Microsoft Office Servers\15.0\Logs
Drive:\Program Files\Microsoft Office Servers\15.0\Bin
Drive:\Program Files\Microsoft Office Servers\15.0\Synchronization Service
Any location in which you decided to store the disk-based binary large object (BLOB) cache (forexample, C:\Blobcache).
Please use thislinkfor more detailed information.
Virtualization SolutionsHyper-V Servers
Exclude:
Vmms.exe
Vmwp.exe
C:\ProgramData\Microsoft\Windows\Hyper-V
C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks
%systemdrive%\ProgramData\Microsoft\Windows\Hyper-V\Snapshots
Please use thislinkfor more detailed information.
MED-V
Exclude:
*.VHD- These represent the Virtual Hard Disk Image files. These will appear on test workstations
when test images are being used to finalize workspace policies.
*.VUD- These represent Virtual PC Undo Disk Files. These will appear on test workstations when test
images are being used to finalize workspace policies.
http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/961804http://support.microsoft.com/kb/961804http://support.microsoft.com/kb/961804http://support.microsoft.com/kb/961804http://support.microsoft.com/kb/952167http://support.microsoft.com/kb/952167 -
7/26/2019 Kaspersky Lab Scan Exclusions
16/29
Page 16 of 29
*.VSV- These represent Virtual PC Saved State files. These will be on all MED-V clients running
Workspaces.
*.CKM- This is the packed image format used by MED-V (Kidaro Compressed Machine.) These willbe present on MED-V Servers, Image Distribution Servers, locally packed images on MED-V
Administration workstations, and as pre-staged images on clients.
*.VMC- These represent the Base Virtual Machine Settings File. Will be found on all MED-V Clients
and Test Workstations.
*.INDEX- These are index files used by the TrimTransfer Feature. These will be found on both clients
and servers.
*.EVHD- These are the encrypted virtual hard disk files used on MED-V Clients running workspaces.
Please use thislinkfor more detailed information.
App-VWindows Vista, Windows Server 2008 or later
%USERPROFILE%\AppData\Local\SoftGrid Client
%USERPROFILE%\AppData\Roaming\SoftGrid Client
%PROGRAMDATA%\Microsoft\Application Virtualization Client\SoftGrid Client
Windows XP or Windows Server 2003
%USERPROFILE%\Application Data\SoftGrid Client
%ALLUSERSPROFILE%\Application Data\Microsoft\Application Virtualization Client\
%ALLUSERSPROFILE%\Documents\SoftGrid Client
Please use thislinkfor more detailed information.
Microsoft SBS 2003 %PROGRAMFILES%\Exchsrvr\Mailroot\vsi 1\PickUp
%PROGRAMFILES%\Exchsrvr\Mailroot\
%PROGRAMFILES%\Microsoft Windows Small Business Server\\Networking\POP3\Failed Mail
Please use thislinkfor more detailed information.
Microsoft Exchange Servers
Exchange 2003 ServersExclude:
Databases and log files across all storage groups are located in Exchsrvr\Mdbdata.
MTA files are located in Exchsrvr\Mtadata.
Additional log files such as Exchsrvr\server_name.log directory.
Exchsrvr\Mailroot virtual server folder.Working folder used to store streaming .tmp files that are
used for message conversion is located in
Exchsrvr\Mdbdata.
Temporary folder used in conjunction with offline maintenance utilities such as Eseutil.exe is located
in folder where the .exe file is run from.
Site Replication Service files are located in Exchsrvr\Srsdata.
IIS system files are located in %SystemRoot%\System32\Inetsrv.
http://social.technet.microsoft.com/wiki/contents/articles/566.aspxhttp://social.technet.microsoft.com/wiki/contents/articles/566.aspxhttp://social.technet.microsoft.com/wiki/contents/articles/566.aspxhttp://support.microsoft.com/kb/2576031http://support.microsoft.com/kb/2576031http://support.microsoft.com/kb/2576031http://support.microsoft.com/kb/885685http://support.microsoft.com/kb/885685http://support.microsoft.com/kb/885685http://support.microsoft.com/kb/885685http://support.microsoft.com/kb/2576031http://social.technet.microsoft.com/wiki/contents/articles/566.aspx -
7/26/2019 Kaspersky Lab Scan Exclusions
17/29
Page 17 of 29
IIS 6.0 compression folder used with Outlook Web Access 2003 is located in %systemroot%\IIS
Temporary
Compressed Files. Quorum disk and %Winnt%\Cluster (for clusters).
Exchsrvr\Conndata.
Exchange-aware antivirus program folders.
Cdb.exe
Cidaemon.exe
Store.exe
Emsmta.exe
Mad.exe
Mssearch.exe
Inetinfo.exe
W3wp.exe
Please use thislinkfor more detailed information.
Exchange 2007 Servers
Mailbox server role including clustered mailbox server
Exclude:
Databases, checkpoint files, log files and database content indexes located in subfolders under
%Program Files%\Microsoft\Exchange Server\Mailbox.
General log files like message tracking log files are located in subfolders under %Program
Files%\Microsoft\Exchange Server\TransportRoles\Logs and %Program Files%\Microsoft\Exchange
Server\Logging.
Offline Address Book files are located in subfolders under %Program Files%\Microsoft\Exchange
Server\ExchangeOAB.
IIS system files located in %SystemRoot%\System32\Inetsrv.
Temporary folder used in conjunction with offline maintenance utilities such as Eseutil.exe is located
in the folder where the .exe file is run from.
Temporary folders used for conversions are located in servers TMP folder, %Program
Files%\Microsoft\Exchange Server\Working\OleConvertor and %Program
Files%\Microsoft\Exchange Server\Mailbox\MDBTEMP.
The quorum disk and the %Winnt%\Cluster.
Exchange-aware antivirus program folders.
Hub Transport server role
Exclude:
General log files are located in subfolders under %Program Files%\Microsoft\Exchange
Server\TransportRoles\Logs.
Message folders are located in subfolders under %Program Files%\Microsoft\Exchange
Server\TransportRoles.
Queue database, checkpoint and log files are located in %Program Files%\Microsoft\Exchange
Server\TransportRoles\Data\Queue.
Sender Reputation database, checkpoint and log files are located in %Program
Files%\Microsoft\Exchange Server\TransportRoles\Data\SenderReputation.
http://support.microsoft.com/kb/823166http://support.microsoft.com/kb/823166http://support.microsoft.com/kb/823166http://support.microsoft.com/kb/823166 -
7/26/2019 Kaspersky Lab Scan Exclusions
18/29
Page 18 of 29
IP filter database, checkpoint and log files are located in %Program Files%\Microsoft\Exchange
Server\TransportRoles\Data\IpFilter.
Temporary folders used for conversions are located in servers TMP folder and %ProgramFiles%\Microsoft\Exchange Server\Working\OleConvertor.
Exchange-aware antivirus program folders.
Edge Transport server role.
Exclude:
Active Directory Application Mode (ADAM) database and log files are located in %Program
Files%\Microsoft\Exchange Server\TransportRoles\Data\Adam.
General log files are located in subfolders under %Program Files%\Microsoft\Exchange
Server\TransportRoles\Log
Message folders are located in %Program Files%\Microsoft\Exchange Server\TransportRoles.
Queue database, checkpoint and log files are located in %Program Files%\Microsoft\ExchangeServer\TransportRoles\Data\Queue.
Sender Reputation database, checkpoint and log files are located in %Program
Files%\Microsoft\Exchange Server\TransportRoles\Data\SenderReputation.
IP filter database, checkpoint and log files are located in %Program Files%\Microsoft\Exchange
Server\TransportRoles\Data\IpFilter.
Temporary folders used for conversions are located in servers TMP folder and %Program
Files%\Microsoft\Exchange Server\Working\OleConvertor.Exchange-aware antivirus program
folders.
Client Access server role
Exclude: Internet Information Services (IIS) 6.0 compression folder used with Microsoft Outlook Web Access is
located in %systemroot%\IIS Temporary Compressed Files.
IIS system files are located in %SystemRoot%\System32\Inetsrv.
Internet-related files are located in subfolders under %Program Files%\Microsoft\Exchange
Server\ClientAccess.
Temporary folder used for conversions is located in servers TMP folder.
Unified Messaging server role
Exclude:
Grammar files are located in subfolders under %Program Files%\Microsoft\Exchange
Server\UnifiedMessaging\grammars.
Voice prompts located in subfolders under %Program Files%\Microsoft\Exchange
Server\UnifiedMessaging\Prompts.
Voicemail files are located in %Program Files%\Microsoft\Exchange
Server\UnifiedMessaging\voicemail.
Bad voicemail files are located in %Program Files%\Microsoft\Exchange
Server\UnifiedMessaging\badvoicemail.
Cdb.exe
Cidaemon.exe
Cluster.exe
Dsamain.exe
Edgecredentialsvc.exe
-
7/26/2019 Kaspersky Lab Scan Exclusions
19/29
Page 19 of 29
Edgetransport.exe
Galgrammargenerator.exe
Inetinfo.exe Mad.exe
Microsoft.Exchange.Antispamupdatesvc.exe
Microsoft.Exchange.Contentfilter.Wrapper.exe
Microsoft.Exchange.Cluster.Replayservice.exe
Microsoft.Exchange.Edgesyncsvc.exe
Microsoft.Exchange.Imap4.exe
Microsoft.Exchange.Imap4service.exe
Microsoft.Exchange.Infoworker.Assistants.exe
Microsoft.Exchange.Monitoring.exe
Microsoft.Exchange.Pop3.exe
Microsoft.Exchange.Pop3service.exe
Microsoft.Exchange.Search.Exsearch.exe
Microsoft.Exchange.Servicehost.exe
Msexchangeadtopologyservice.exe
Msexchangefds.exe
Msexchangemailboxassistants.exeMsexchangemailsubmission.exe
Msexchangetransport.exe
Msexchangetransportlogsearch.exe
Msftefd.exe
Msftesql.exe
Oleconverter.exe Powershell.exe
Sesworker.exe
Speechservice.exe
Store.exe
Transcodingservice.exe
Umservice.exe
Umworkerprocess.exe
W3wp.exe
Extension exclusions
In addition to excluding specific directories and processes, you should exclude the following Exchange specificfile name extensions in case directory exclusions fail or files are moved from their default locations.
Application-related extensions:
.config
.dia
.wsb
Database-related extensions:
.chk
.log
.edb
.jrs
-
7/26/2019 Kaspersky Lab Scan Exclusions
20/29
Page 20 of 29
.que
Offline address book-related extensions: .lzx
Content Index-related extensions:
.ci
.dir
.wid
.000
.001
.002
Unified Messaging-related extensions: .cfg
.grxml
GroupMetrics:
.dsc
.bin
.xml
Please use thislinkfor more detailed information.
Exchange 2010 Servers
Mailbox server role including clustered mailbox server
Exclude:
Databases, checkpoint files, log files and database content indexes located in subfolders under
%ExchangeInstallPath%\Mailbox.
Group Metrics files are located in %ExchangeInstallPath%\GroupMetrics.
General log files like message tracking log files are located in subfolders under
%ExchangeInstallPath%\TransportRoles\Logs and %ExchangeInstallPath%\Logging.
Offline Address Book files are located in subfolders under %ExchangeInstallPath%\ExchangeOAB.
IIS system files located in %SystemRoot%\System32\Inetsrv.
Temporary folder used in conjunction with offline maintenance utilities such as Eseutil.exe is located
in the folder where the .exe file is run from.
Mailbox database temporary folder is located in %ExchangeInstallPath%\Mailbox\MDBTEMP.
The quorum disk and the %Winnt%\Cluster.
Exchange-aware antivirus program folders.
Hub Transport server role
Exclude:
General log files are located in subfolders under %ExchangeInstallPath%\TransportRoles\Logs.
Pickup and Replay message directory folders are located in %ExchangeInstallPath%\TransportRoles.
Queue database, checkpoint and log files are located in%ExchangeInstallPath%\TransportRoles\Data\Queue.
http://technet.microsoft.com/en-us/library/bb332342(EXCHG.80).aspxhttp://technet.microsoft.com/en-us/library/bb332342(EXCHG.80).aspxhttp://technet.microsoft.com/en-us/library/bb332342(EXCHG.80).aspxhttp://technet.microsoft.com/en-us/library/bb332342(EXCHG.80).aspx -
7/26/2019 Kaspersky Lab Scan Exclusions
21/29
Page 21 of 29
Sender Reputation database, checkpoint and log files are located in
%ExchangeInstallPath%\TransportRoles\Data\SenderReputation.
IP filter database, checkpoint and log files are located in%ExchangeInstallPath%\TransportRoles\Data\IpFilter.
Temporary folders used for conversions are located in servers TMP folder and
%ExchangeInstallPath%\Working\OleConvertor.
Exchange-aware antivirus program folders.
Edge Transport server role
Exclude:
Active Directory Application Mode (ADAM) database and log files are located in
%ExchangeInstallPath%\TransportRoles\Data\Adam.
General log files are located in subfolders under %ExchangeInstallPath%\TransportRoles\Logs.Pickup
and Replay message folders are located in %ExchangeInstallPath%\TransportRoles. Queue database, checkpoint and log files are located in
%ExchangeInstallPath%\TransportRoles\Data\Queue.
Sender Reputation database, checkpoint and log files are located in
%ExchangeInstallPath%\TransportRoles\Data\SenderReputation.
IP filter database, checkpoint and log files are located in
%ExchangeInstallPath%\TransportRoles\Data\IpFilter.
Temporary folders used for conversions are located in servers TMP folder and
%ExchangeInstallPath%\Working\OleConvertor.
Exchange-aware antivirus program folders.
Client Access server roleExclude:
Internet Information Services (IIS) 7.0 compression folder used with Microsoft Outlook Web App is
located in %SystemDrive%\inetpub\temp\IIS Temporary Compressed Files.
Internet Information Services (IIS) 7.0 compression folder used with Microsoft Outlook Web App is
located in %systemroot%\IIS Temporary Compressed Files.
IIS system files are located in %SystemRoot%\System32\Inetsrv.
Inetpub\logs\logfiles\w3svc.
Internet-related files are located in subfolders under %ExchangeInstallPath%\ClientAccess.
For servers that have protocol logging enabled for POP3 or IMAP4:
%ExchangeInstallPath%\Logging\POP3 and %ExchangeInstallPath%\Logging\IMAP4.
Temporary folder used for conversions is located in servers TMP folder and
%ExchangeInstallPath%\Working\OleConvertor.
Unified Messaging server role
Exclude:
Grammar files are located in subfolders under %ExchangeInstallPath%\UnifiedMessaging\grammars.
Voice prompts, greetings and informational message files are located in subfolders under
%ExchangeInstallPath%\UnifiedMessaging\Prompts.
Voicemail files are located in %ExchangeInstallPath%\UnifiedMessaging\voicemail.
Temporary files generated by Unified Messaging are located in
%ExchangeInstallPath%\UnifiedMessaging\temp.
Cdb.exe
-
7/26/2019 Kaspersky Lab Scan Exclusions
22/29
Page 22 of 29
Cidaemon.exe
Cluster.exeDsamain.exe
EdgeCredentialSvc.exe EdgeTransport.exe
ExFBA.exe
GalGrammarGenerator.exe
Inetinfo.exe
Mad.exe
Microsoft.Exchange.AddressBook.Service.exe
Microsoft.Exchange.AntispamUpdateSvc.exe
Microsoft.Exchange.ContentFilter.Wrapper.exe
Microsoft.Exchange.EdgeSyncSvc.exe
Microsoft.Exchange.Imap4.exe
Microsoft.Exchange.Imap4service.exe
Microsoft.Exchange.Infoworker.Assistants.exe
Microsoft.Exchange.Monitoring.exe
Microsoft.Exchange.Pop3.exe
Microsoft.Exchange.Pop3service.exe
Microsoft.Exchange.ProtectedServiceHost.exe
Microsoft.Exchange.RPCClientAccess.Service.exe
Microsoft.Exchange.Search.Exsearch.exe
Microsoft.Exchange.Servicehost.exe
MSExchangeASTopologyService.exe
MSExchangeFDS.exe MSExchangeMailboxAssistants.exe
MSExchangeMailboxReplication.exe
MSExchangeMailSubmission.exe
MSExchangeRepl.exe
MSExchangeTransport.exe
MSExchangeTransportLogSearch.exe
MSExchangeThrottling.exe
Msftefd.exe
Msftesql.exe
OleConverter.exe
Powershell.exe SESWorker.exe
SpeechService.exe
Store.exe
TranscodingService.exe
UmService.exe
UmWorkerProcess.exe
W3wp.exe
Extension exclusions
In addition to excluding specific directories and processes, you should exclude the following Exchange specific
file name extensions in case directory exclusions fail or files are moved from their default locations.
-
7/26/2019 Kaspersky Lab Scan Exclusions
23/29
Page 23 of 29
Application-related extensions:
.config .dia
.wsb
Database-related extensions:
.chk.log
.edb
.jrs
.que
Offline address book-related extensions:
.lzx
Content Index-related extensions:
.ci
.dir
.wid
.000
.001
.002
Unified Messaging-related extensions:
.cfg
.grxml
GroupMetrics:
.dsc
.bin
.xml
Please use thislinkfor more detailed information.
Lync Server 2010Processes:
ASMCUSvc.exe
AVMCUSvc.exe
DataMCUSvc.exe
DataProxy.exe
FileTransferAgent.exe
IMMCUSvc.exe
MasterReplicatorAgent.exe
MediaRelaySvc.exe
MediationServerSvc.exe MeetingMCUSvc.exe
http://technet.microsoft.com/en-us/library/bb332342.aspxhttp://technet.microsoft.com/en-us/library/bb332342.aspxhttp://technet.microsoft.com/en-us/library/bb332342.aspxhttp://technet.microsoft.com/en-us/library/bb332342.aspx -
7/26/2019 Kaspersky Lab Scan Exclusions
24/29
Page 24 of 29
MRASSvc.exe
OcsAppServerHost.exe
QmsSvc.exe ReplicaReplicatorAgent.exe
RTCArch.exe
RtcCdr.exe
RTCSrv.exe
IIS processes:
%systemroot%\system32\inetsrv\w3wp.exe
%systemroot%\SysWOW64\inetsrv\w3wp.exe
SQL Server processes:
%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLServr.exe %ProgramFiles%\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting
Services\ReportServer\Bin\ReportingServicesService.exe
%ProgramFiles%\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\Bin\MSMDSrv.exe
Directories and files:
%systemroot%\System32\LogFiles
%systemroot%\SysWow64\LogFiles
%systemroot%\Windows\Assembly\GAC_MSIL
%programfiles%\Microsoft Lync Server 2010
%programfiles%\commonfiles\Microsoft Lync Server 2010
%SystemDrive%\RtcReplicaRoot
File share store (specified in Topology Builder). File stores are specified in Topology Builder.
SQL Server data and log files, including those for the back-end database, user store, archiving store,
monitoring store, and application store. Database and log files can be specified in Topology Builder.
Please use thislinkfor more detailed information.
Data Protection Manager
\XSD
\Temp\MTA Dpmra.exe
Csc.exe
Please use thislinkfor more detailed information.
Dynamics AX 2009For versions up to AX 2009 exclude:
All the AOD, AOI, ADD, ADI, KHD & KHI files, or
alternatively, the whole application folder
http://technet.microsoft.com/en-us/library/gg195736.aspxhttp://technet.microsoft.com/en-us/library/gg195736.aspxhttp://technet.microsoft.com/en-us/library/gg195736.aspxhttp://technet.microsoft.com/en-us/library/ff399439.aspxhttp://technet.microsoft.com/en-us/library/ff399439.aspxhttp://technet.microsoft.com/en-us/library/ff399439.aspxhttp://technet.microsoft.com/en-us/library/ff399439.aspxhttp://technet.microsoft.com/en-us/library/gg195736.aspx -
7/26/2019 Kaspersky Lab Scan Exclusions
25/29
Page 25 of 29
Please use thislinkfor more detailed information.
BizTalk 2004 Servers
Exclude any file receive queue folders.
EntSSO.exe, MSDTC.exe, BTSNTSvc.exe, BTSNTSvc64.exe, SQLServr.exe, but also others as IIS, Customer WCF
services, MSMQ, Rule Engine, SQL Agent, SSIS, SSNS and other applications used in integration scenarios.
Please use thislinkfor more detailed information.
http://blogs.msdn.com/b/czdaxsup/archive/2010/05/13/ax-application-files-locked-by-another-process.aspxhttp://blogs.msdn.com/b/czdaxsup/archive/2010/05/13/ax-application-files-locked-by-another-process.aspxhttp://blogs.msdn.com/b/czdaxsup/archive/2010/05/13/ax-application-files-locked-by-another-process.aspxhttp://support.microsoft.com/?id=318941http://support.microsoft.com/?id=318941http://support.microsoft.com/?id=318941http://support.microsoft.com/?id=318941http://blogs.msdn.com/b/czdaxsup/archive/2010/05/13/ax-application-files-locked-by-another-process.aspx -
7/26/2019 Kaspersky Lab Scan Exclusions
26/29
Page 26 of 29
How to Add Exclusions in KES 10 for Windows
The first way to create a default exclusion which includes many of the default Windows Workstation / Serverlists list is during policy creation.
During creation, the two checkboxes to create default rules will need to be checked.
-
7/26/2019 Kaspersky Lab Scan Exclusions
27/29
Page 27 of 29
Examples of auto-generated rules:
Alternatively, specific exclusions can be created after the policy has been created in the General Protection
Settings area of the policy.
-
7/26/2019 Kaspersky Lab Scan Exclusions
28/29
Page 28 of 29
How to Add Exclusions in KAV 8.0 for Windows Servers EE
Please note that many of the exclusions mentioned above are prepopulated due to this product being
specifically targeted at Server environment. Review these default exclusions will be necessary if there has
been customization in your environment, specifically looking for non-default installation paths and updating
as needed will ensure proper exclusion. The exclusion rules can be found in the Advanced area of the policy
under Trusted Zone -> Settings.
-
7/26/2019 Kaspersky Lab Scan Exclusions
29/29