Trend OfficeScan - Recommended Exemptions?

[Guest Roman]

I'm deploying Trend OfficeScan across a small 5 client single server network.

Are there any recommended antivirus scan Exemption Rules for Server 2003 R2

x64 that should be in place?

 

The server is running Terminal Services with the Office suite so e-mail etc

is stored on the server.

[Guest FHFD Admin]

Re: Trend OfficeScan - Recommended Exemptions?

 

Hello Roman! Here is the guidline I just used, graciously provided by on

the posters over on the Microsoft SBS forum:

 

Mark Storm

 

 

Trend Micro CSM Suite File/Folder Exclusions:

 

Hi Mark:

 

Listed below are the items and their default locations - your

installation may be different.

 

 

Exchange

Exchange Server Database = C:\Program Files\Exchsrvr\Mdbdata (check

location see note above)

Exchange MTA files = C:\Program Files\Exchsrvr\Mtadata

Exchange Message tracking log files = C:\Program

Files\Exchsrvr\server_name.log

Exchange SMTP Mailroot = C:\Program Files\Exchsrvr\Mailroot

Exchange working files = C:\Program Files\Exchsrvr\Mdbdata

C:\Program Files\Exchsrvr\Conndata

Site Replication Service (not normally used in SBS but should be

excluded anyway) =

C:\Program Files\Exchsrvr\srsdata

 

 

IIS related Exclusions

IIS System Files = C:\WINDOWS\system32\inetsrv

IIS Compression Folder = C:\WINDOWS\IIS Temporary Compressed Files

 

 

Domain Controller related exclusions

Active Directory database files = C:\WINDOWS\NTDS

SYSVOL C:\WINDOWS\SYSVOL

NTFRS Database Files = C:\WINDOWS\ntfrs

 

 

Windows SharePoint Services

Temporary SharePoint space = C:\windows\temp\Frontpagetempdir

 

Service Related Data Bases

DHCP Database Store = C:\WINDOWS\system32\dhcp

WINS Database Store = C:\WINDOWS\system32\wins

X:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Data

X:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Data

X:\Program Files\Microsoft SQL Server\MSSQL\Data

 

 

Additional Exclusions

Removable Storage Database (used by SBS Backup) =

C:\Windows\System32\ntmsdata

SBS POP3 connector Failed Mail = C:\Program Files\Microsoft Windows

Small Business Server\Networking\POP3\Failed Mail

SBS POP3 connector Incoming Mail = C:\Program Files\Microsoft Windows

Small Business Server\Networking\POP3\Incoming Mail

Windows Update Store = C:\WINDOWS\SoftwareDistribution\DataStore

X:\urlcache

X:\pagefile.sys

 

AV Progam Exclusions

x:\Folder where AV puts quarrentined files

X:\<AV application folder>

 

Desktop Folder Exclusions

These folders need to be excluded in the desktops and notebooks

clients.

Windows Update Store = C:\WINDOWS\SoftwareDistribution\DataStore

 

SBS Licensing Exclusions

File - %windir%\system32\licstr.cpa

Folder - %windir%\windows\system32\lls

NOTE: Run the License Wiz and backup the licenses to a secure folder.

 

Terminal Services Licensing Exclusions

C:\WINDOWS\System32\LServer

Should contain the following TS related stuff:

 

edb.log

edb.chk

res1.log

res2.log

TLSLic.edb

temp.edb

 

Also, Refer to the MS KB Articles

815623

822158

245822

284947

 

Per 822158

The Windows Update or Automatic Update database file

%windir%\SoftwareDistribution\Datastore\datastore.edb

 

The transaction log files. These files are located in the following

folder

%windir%\SoftwareDistribution\Datastore\Logs\edb*.log

Note The wildcard character indicates that there may be several files.

. Res1.log

. Res2.log

. Edb.chk

. Tmp.edb

 

Per 815623

In summary, the targeted and excluded list of folders for a SYSVOL

tree that is placed in its default location would look similar to the

following:

1. %systemroot%\sysvol Exclude

2. %systemroot%\sysvol\domain Scan

3. %systemroot%\sysvol\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory

Exclude

4. %systemroot%\sysvol\domain\Policies Scan

5. %systemroot%\sysvol\domain\Scripts Scan

6. %systemroot%\sysvol\staging Exclude

7. %systemroot%\sysvol\staging areas Exclude

8. %systemroot%\sysvol\sysvol Exclude

 

If any one of these folder or files have been moved or placed in a

different location, scan or exclude the equivalent element.

 

. DFS

The same resources that are excluded for a SYSVOL replica set must

also be excluded when FRS is used to replicate shares that are mapped

to the DFS root and link targets on Windows 2000 or Windows Server

2003-based member computers or domain controllers.

 

Aren't you sorry you asked?

 

--

Larry

"Roman" <roman(at)romanportal(dot)com> wrote in message

news:684B7171-CA1F-4E16-8AF7-7FF6F400E1D8@microsoft.com...

> I'm deploying Trend OfficeScan across a small 5 client single server

> network.

> Are there any recommended antivirus scan Exemption Rules for Server 2003

> R2

> x64 that should be in place?

>

> The server is running Terminal Services with the Office suite so e-mail

> etc

> is stored on the server.

[Guest Roman]

Re: Trend OfficeScan - Recommended Exemptions?

 

Hi Mark,

 

Thank you for the detailed post - I'm almost sorry I asked! I'll get to work

on this list tomorrow before running OfficeScan.

 

Regards,

Roman

 

"FHFD Admin" wrote:

> Hello Roman! Here is the guidline I just used, graciously provided by on

> the posters over on the Microsoft SBS forum:

>

> Mark Storm

>

>

> Trend Micro CSM Suite File/Folder Exclusions:

>

> Hi Mark:

>

> Listed below are the items and their default locations - your

> installation may be different.

>

>

> Exchange

> Exchange Server Database = C:\Program Files\Exchsrvr\Mdbdata (check

> location see note above)

> Exchange MTA files = C:\Program Files\Exchsrvr\Mtadata

> Exchange Message tracking log files = C:\Program

> Files\Exchsrvr\server_name.log

> Exchange SMTP Mailroot = C:\Program Files\Exchsrvr\Mailroot

> Exchange working files = C:\Program Files\Exchsrvr\Mdbdata

> C:\Program Files\Exchsrvr\Conndata

> Site Replication Service (not normally used in SBS but should be

> excluded anyway) =

> C:\Program Files\Exchsrvr\srsdata

>

>

> IIS related Exclusions

> IIS System Files = C:\WINDOWS\system32\inetsrv

> IIS Compression Folder = C:\WINDOWS\IIS Temporary Compressed Files

>

>

> Domain Controller related exclusions

> Active Directory database files = C:\WINDOWS\NTDS

> SYSVOL C:\WINDOWS\SYSVOL

> NTFRS Database Files = C:\WINDOWS\ntfrs

>

>

> Windows SharePoint Services

> Temporary SharePoint space = C:\windows\temp\Frontpagetempdir

>

> Service Related Data Bases

> DHCP Database Store = C:\WINDOWS\system32\dhcp

> WINS Database Store = C:\WINDOWS\system32\wins

> X:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Data

> X:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Data

> X:\Program Files\Microsoft SQL Server\MSSQL\Data

>

>

> Additional Exclusions

> Removable Storage Database (used by SBS Backup) =

> C:\Windows\System32\ntmsdata

> SBS POP3 connector Failed Mail = C:\Program Files\Microsoft Windows

> Small Business Server\Networking\POP3\Failed Mail

> SBS POP3 connector Incoming Mail = C:\Program Files\Microsoft Windows

> Small Business Server\Networking\POP3\Incoming Mail

> Windows Update Store = C:\WINDOWS\SoftwareDistribution\DataStore

> X:\urlcache

> X:\pagefile.sys

>

> AV Progam Exclusions

> x:\Folder where AV puts quarrentined files

> X:\<AV application folder>

>

> Desktop Folder Exclusions

> These folders need to be excluded in the desktops and notebooks

> clients.

> Windows Update Store = C:\WINDOWS\SoftwareDistribution\DataStore

>

> SBS Licensing Exclusions

> File - %windir%\system32\licstr.cpa

> Folder - %windir%\windows\system32\lls

> NOTE: Run the License Wiz and backup the licenses to a secure folder.

>

> Terminal Services Licensing Exclusions

> C:\WINDOWS\System32\LServer

> Should contain the following TS related stuff:

>

> edb.log

> edb.chk

> res1.log

> res2.log

> TLSLic.edb

> temp.edb

>

> Also, Refer to the MS KB Articles

> 815623

> 822158

> 245822

> 284947

>

> Per 822158

> The Windows Update or Automatic Update database file

> %windir%\SoftwareDistribution\Datastore\datastore.edb

>

> The transaction log files. These files are located in the following

> folder

> %windir%\SoftwareDistribution\Datastore\Logs\edb*.log

> Note The wildcard character indicates that there may be several files.

> . Res1.log

> . Res2.log

> . Edb.chk

> . Tmp.edb

>

> Per 815623

> In summary, the targeted and excluded list of folders for a SYSVOL

> tree that is placed in its default location would look similar to the

> following:

> 1. %systemroot%\sysvol Exclude

> 2. %systemroot%\sysvol\domain Scan

> 3. %systemroot%\sysvol\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory

> Exclude

> 4. %systemroot%\sysvol\domain\Policies Scan

> 5. %systemroot%\sysvol\domain\Scripts Scan

> 6. %systemroot%\sysvol\staging Exclude

> 7. %systemroot%\sysvol\staging areas Exclude

> 8. %systemroot%\sysvol\sysvol Exclude

>

> If any one of these folder or files have been moved or placed in a

> different location, scan or exclude the equivalent element.

>

> . DFS

> The same resources that are excluded for a SYSVOL replica set must

> also be excluded when FRS is used to replicate shares that are mapped

> to the DFS root and link targets on Windows 2000 or Windows Server

> 2003-based member computers or domain controllers.

>

> Aren't you sorry you asked?

>

> --

> Larry

> "Roman" <roman(at)romanportal(dot)com> wrote in message

> news:684B7171-CA1F-4E16-8AF7-7FF6F400E1D8@microsoft.com...

> > I'm deploying Trend OfficeScan across a small 5 client single server

> > network.

> > Are there any recommended antivirus scan Exemption Rules for Server 2003

> > R2

> > x64 that should be in place?

> >

> > The server is running Terminal Services with the Office suite so e-mail

> > etc

> > is stored on the server.

>

>

>