Forums on Intune, SCCM, and Windows 11
Welcome to the forums. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your topics and posts, as well as connect with other members through your own private inbox!
SOLVED Anti-virus scan exclusions for Configuration Manager 2012
- Thread starter Manuel
- Start date
- Replies 5
- Views 10K
- Messages
- 5,043
- Solutions
- 145
- Reaction score
- 981
- Points
- 413
What AV software have you installed on client computers ?.
- Messages
- 5,043
- Solutions
- 145
- Reaction score
- 981
- Points
- 413
ConfigMgrInstallDir = <driveletter>:\Program Files\Microsoft Configuration Manager
Location File(s)
ConfigMgrInstallDir Install.map
ConfigMgrInstallDir\Inboxes *.adc, *.box, *.ccr, *.cfg, *.cmn, *.ct0, *.ct1, *.ct2, *.dat, *.dc, *.ddr, *.i*, *.ins, *.ist, *.job, *.lkp, *.lo_, *.log, *.mif, *.mof, *.nal, *.ncf, *.nhm, *.ofn, *.ofr, *.p*, *.pcf, *.pck, *.pdf, *.pkg, *.pkn, *.rpl, *.rpt, *.sca, *.scd, *.scu, *.sha, *.sic, *.sid, *.srq, *.srs, *.ssu, *.svf, *.tmp, *.udc
ConfigMgrInstallDir\Logs *.log
<driveletter>:\SMSPKG *.*
<driveletter>:\SMSPKG?$ (?=driveletter) *.*
<driveletter>:\SMSPKGSIG *.*
<driveletter>:\SMSSIG$ *.*
<driveletter>:\SCCMContentLib *.*
<driveletter>:\Program Files\SMS_CCM\ServiceData *.msg, *.que, *.xml
<driveletter>:\Program Files\SMS_CCM\Logs *.log
Configuration Manager 2012 processes that can be excluded are:
Update 7-7-2012: When using System Center Endpoint Protection you can use the out of the box template (SCEP12_Default_CfgMgr2012.xml) located %Program Files%\Microsoft Configuration Manager\AdminConsole\XmlStorage\EPTemplates.
In the template the following folders and filetypes are excluded:
Location File(s)
ConfigMgrInstallDir Install.map
ConfigMgrInstallDir\Inboxes *.adc, *.box, *.ccr, *.cfg, *.cmn, *.ct0, *.ct1, *.ct2, *.dat, *.dc, *.ddr, *.i*, *.ins, *.ist, *.job, *.lkp, *.lo_, *.log, *.mif, *.mof, *.nal, *.ncf, *.nhm, *.ofn, *.ofr, *.p*, *.pcf, *.pck, *.pdf, *.pkg, *.pkn, *.rpl, *.rpt, *.sca, *.scd, *.scu, *.sha, *.sic, *.sid, *.srq, *.srs, *.ssu, *.svf, *.tmp, *.udc
ConfigMgrInstallDir\Logs *.log
<driveletter>:\SMSPKG *.*
<driveletter>:\SMSPKG?$ (?=driveletter) *.*
<driveletter>:\SMSPKGSIG *.*
<driveletter>:\SMSSIG$ *.*
<driveletter>:\SCCMContentLib *.*
<driveletter>:\Program Files\SMS_CCM\ServiceData *.msg, *.que, *.xml
<driveletter>:\Program Files\SMS_CCM\Logs *.log
Configuration Manager 2012 processes that can be excluded are:
- Smsexec.exe
- Ccmexec.exe
- CmRcService.exe
- Sitecomp.exe
- Smswriter.exe
- Smssqlbkup.exe
- %windir%ccmcache
Update 7-7-2012: When using System Center Endpoint Protection you can use the out of the box template (SCEP12_Default_CfgMgr2012.xml) located %Program Files%\Microsoft Configuration Manager\AdminConsole\XmlStorage\EPTemplates.
In the template the following folders and filetypes are excluded:
- %allusersprofile%\NTUser.pol
- %systemroot%\system32\GroupPolicy\Machine\registry.pol (update 30/1/2014; in the Template \Machine\ is left out, thanks to Kim Oppalfens)
- %windir%\Security\database\*.chk
- %windir%\Security\database\*.edb
- %windir%\Security\database\*.jrs
- %windir%\Security\database\*.log
- %windir%\Security\database\*.sdb
- %windir%\SoftwareDistribution\Datastore\Datastore.edb
- %windir%\Software\Distribution\Datastore\Logs\edb.chk
- %windir%\Software\Distribution\Datastore\Logs\edb*.log
- %windir%\Software\Distribution\Datastore\Logs\Edbres00001.jrs
- %windir%\Software\Distribution\Datastore\Logs\Edbres00002.jrs
- %windir%\Software\Distribution\Datastore\Logs\Res1.log
- %windir%\Software\Distribution\Datastore\Logs\Res2.log
- %windir%\Software\Distribution\Datastore\Logs\tmp.edb
- %programfiles%\Microsoft Configuration Manager\Inboxes\adsrv.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\AIKbMgr.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\amtproxymgr.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\auth.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\ccr.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\ccrretry.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\certmgr.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\clifiles.src
- %programfiles%\Microsoft Configuration Manager\Inboxes\colfile.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\coll_out.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\COLLEVAL.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\CompSumm.Box
- %programfiles%\Microsoft Configuration Manager\Inboxes\dataldr.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\ddm.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\ddmnotif.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\despoolr.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\distmgr.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\epmgr.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\hman.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\inventry.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\invproc.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\mmctrl.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\notictrl.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\objmgr.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\offermgr.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\OfferSum.Box
- %programfiles%\Microsoft Configuration Manager\Inboxes\pkginfo.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\PkgTransferMgr.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\policypv.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\polreq.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\rcm.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\replmgr.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\RuleEngine.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\schedule.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\sinv.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\sitecomp.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\sitectrl.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\SiteStat.Box
- %programfiles%\Microsoft Configuration Manager\Inboxes\smsbkup.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\statmgr.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\swmproc.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\WSUSMgr.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\wsyncmgr.box
OP
Manuel
Well-Known Member
- Messages
- 301
- Reaction score
- 8
- Points
- 18
- Thread Starter
- #5
Thank you Prajwal.
Let me tell you that I was checking the AG agents examination exlussions you posted here and I found several mistakes in the sintaxis like:
Instead: %windir%ccmcache
I have to type: %windir%\ccmcache
Instead of: \Software\Distribution\
I have to tupe: \SoftwareDistribution\
For the rest, I am pretty sure they are exclussions for SCCM site server except for these above that are for Windows:
Let me tell you that I was checking the AG agents examination exlussions you posted here and I found several mistakes in the sintaxis like:
Instead: %windir%ccmcache
I have to type: %windir%\ccmcache
Instead of: \Software\Distribution\
I have to tupe: \SoftwareDistribution\
For the rest, I am pretty sure they are exclussions for SCCM site server except for these above that are for Windows:
- %allusersprofile%\NTUser.pol
- %systemroot%\system32\GroupPolicy\Machine\registry.pol
- %windir%\Security\database\*.chk
- %windir%\Security\database\*.edb
- %windir%\Security\database\*.jrs
- %windir%\Security\database\*.log
- %windir%\Security\database\*.sdb
- %windir%\SoftwareDistribution\Datastore\Datastore.edb
- %windir%\Software\Distribution\Datastore\Logs\edb.chk
- %windir%\Software\Distribution\Datastore\Logs\edb*.log
- %windir%\Software\Distribution\Datastore\Logs\Edbres00001.jrs
- %windir%\Software\Distribution\Datastore\Logs\Edbres00002.jrs
- %windir%\Software\Distribution\Datastore\Logs\Res1.log
- %windir%\Software\Distribution\Datastore\Logs\Res2.log
- %windir%\Software\Distribution\Datastore\Logs\tmp.edb
- Messages
- 5,043
- Solutions
- 145
- Reaction score
- 981
- Points
- 413
Cool.. Thank you so much. Marking this thread as Solved.
- Status
