If you're deploying file-level scanners on Exchange 2010 servers, make sure that the appropriate exclusions, such as directory exclusions, process exclusions, and file name extension exclusions, are in place for both memory-resident and file-level scanning. This section describes directory exclusions, process exclusions, and file name extension exclusions for each server or server role
| Directory Exclusions |
|
|
|
|
| Server role | Exclusion Type | Item(s) | Exclusions | Exclusion Consolidated Paths |
| Mailbox Server Role | File-Level | Databases | Command to Retrieve the location: Get-MailboxDatabase -server <servername> | format-list *path* |
|
|
|
| Log Files |
|
|
|
|
| Checkpoints |
|
|
|
|
| Database Content Indexes (default is same location as databases) |
|
|
|
|
| Group Metrics files | %ExchangeInstallPath%\GroupMetricsExchangeInstallPath%\TransportRoles\Logs and %ExchangeInstallPath%\Logging) |
|
|
|
| Offline Address Book Files | %ExchangeInstallPath%\ExchangeOAB |
|
|
|
| IIS System Files | %SystemRoot%\System32\Inetsrv |
|
|
|
| Temporary Folder | Same Path where Eseutil.exe resides |
|
|
|
| Mailbox database temporary folder | %ExchangeInstallPath%\Mailbox\MDBTEMP |
|
|
|
| Any Exchange aware Anti-Virus Folders |
|
|
|
|
| Mailbox Server that is a member of a Database Availability Group (DAG) | %Winnt%\Cluster |
|
|
|
| Witness Server directories: (Typically on the Hub Transport Server) |
| |
| Hub Transport Server Role | File-Level | Log Files: Message Tracking, Connectivity logs,… | Default path: %ExchangeInstallPath%\TransportRoles\Logs Command to Retrieve the location: Get-TransportServer <serverName> | Format-List *logpath*,*tracingpath* | %ExchangeInstallPath%\TransportRoles\ |
|
|
| Pickup and Replay directories | Default Path: %ExchangeInstallPath%\TransportRoles Command to Retrieve the location: Get-TransportServer <serverName> fl *dir*path* |
|
|
|
| Queue database, checkpoint and log files | Default path: %ExchangeInstallPath%\TransportRoles\Data\Queue |
|
|
|
| Sender Reputation database, checkpoint, log files | Default Path: %ExchangeInstallPath%\TransportRoles\Data\SenderReputation |
|
|
|
| IP filter Database, Checkpoint, log files | Default Path: %ExchangeInstallPath%\TransportRoles\Data\IpFilter |
|
|
|
| Temporary Folders | Exchange Servere Temp folder: TMP |
|
|
|
|
| OLE Conversions: %ExchangeInstallPath%\Working\OleConvertor |
|
|
|
| Any Exchange aware Anti-Virus Folders |
|
|
| Edge Transport Server Role | File-Level | AD LDS log files | Default: %ExchangeInstallpath%\TransportRoles\Data\ADAM |
|
|
|
| Pickup and Replay directories | Default Path: %ExchangeInstallPath%\TransportRoles Command to Retrieve the location: Get-TransportServer <serverName> fl *dir*path* | %ExchangeInstallPath%\TransportRoles\ |
|
|
| Queue database, checkpoint and log files | Default path: %ExchangeInstallPath%\TransportRoles\Data\Queue |
|
|
|
| Sender Reputation database, checkpoint, log files | Default Path: %ExchangeInstallPath%\TransportRoles\Data\SenderReputation |
|
|
|
| IP filter Database, Checkpoint, log files | Default Path: %ExchangeInstallPath%\TransportRoles\Data\IpFilter |
|
|
|
| Temporary Folders | Exchange Servere Temp folder: TMP |
|
|
|
|
| OLE Conversions: %ExchangeInstallPath%\Working\OleConvertor |
|
|
|
| Any Exchange aware Anti-Virus Folders |
|
|
| Client Access Server Role | File-Level | Servers using IIS 7.0: Temporary files | "%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files" |
|
|
|
| Servers using IIS 6.0: Temporary files | "%SystemRoot%\IIS Temporary Compressed Files" |
|
|
|
| IIS System Files | %SystemRoot%\System32\Inetsrv |
|
|
|
|
| InetPub\logs\logfiles\w3svc |
|
|
|
| Internet Related Sub Folders | %ExchangeInstallPath%\ClientAccess |
|
|
|
| Servers with POP3: | %ExchangeInstallPath%\Logging\POP3 |
|
|
|
| Servers with IMAP4: | %ExchangeInstallPath%\Logging\IMAP4 |
|
|
|
| Temporary Folders for Conversions: | Exchange Servers Temp Folder: TMP |
|
|
|
|
| %ExchangeInstallPath%\Working\OleConvertor |
|
| Unified Messaging Server Role | File-Level | Grammer Files for different locales | %ExchangeInstallPath%\UnifiedMessaging\grammars |
|
|
|
| Voice Prompts | %ExchangeInstallPath%\UnifiedMessaging\Prompts |
|
|
|
| VoiceMail Files | %ExchangeInstallPath%\UnifiedMessaging\Voicemail |
|
|
|
| Temporary Files | %ExchangeInstallPath%\UnifiedMessaging\temp |
|
| Forefront Protection for Exchange | File-Level | Forefront install folder | Default: "%Program Files%\Microsoft Forefront Security\Exchange Server" | %Program Files%\Microsoft Forefront Security\Exchange Server |
|
|
| Archived Messages | Default: "%Program Files%\Microsoft Forefront Security\Exchange Server\Data\Archive" |
|
|
|
| Quarantined files | Default: "%Program Files%\Microsoft Forefront Security\Exchange Server\Data\Quarantine" |
|
|
|
| Antivirus Engine files | Default: "%Program Files%\Microsoft Forefront Security\Exchange Server\Data\Engines\x86" |
|
|
|
| Configuration Files | Default: %Program Files%\Microsoft Forefront Security\Exchange Server\Data |
|
| Process Exclusions |
|
|
|
|
| Server role | Exclusion Type | Process exclusions |
|
|
| Set these for all Server Roles | Process-Exclusion | Cdb.exe | Microsoft.Exchange.Search.Exsearch.exe |
|
|
|
| Cidaemon.exe | Microsoft.Exchange.Servicehost.exe |
|
|
|
| Cluster.exe | MSExchangeASTopologyService.exe |
|
|
|
| Dsamain.exe | MSExchangeFDS.exe |
|
|
|
| EdgeCredentialSvc.exe | MSExchangeMailboxAssistants.exe |
|
|
|
| EdgeTransport.exe | MSExchangeMailboxReplication.exe |
|
|
|
| ExFBA.exe | MSExchangeMailSubmission.exe |
|
|
|
| GalGrammarGenerator.exe | MSExchangeRepl.exe |
|
|
|
| Inetinfo.exe | MSExchangeTransport.exe |
|
|
|
| Mad.exe | MSExchangeTransportLogSearch.exe |
|
|
|
| Microsoft.Exchange.AddressBook.Service.exe | MSExchangeThrottling.exe |
|
|
|
| Microsoft.Exchange.AntispamUpdateSvc.exe | Msftefd.exe |
|
|
|
| Microsoft.Exchange.ContentFilter.Wrapper.exe | Msftesql.exe |
|
|
|
| Microsoft.Exchange.EdgeSyncSvc.exe | OleConverter.exe |
|
|
|
| Microsoft.Exchange.Imap4.exe | Powershell.exe |
|
|
|
| Microsoft.Exchange.Imap4service.exe | SESWorker.exe |
|
|
|
| Microsoft.Exchange.Infoworker.Assistants.exe | SpeechService.exe |
|
|
|
| Microsoft.Exchange.Monitoring.exe | Store.exe |
|
|
|
| Microsoft.Exchange.Pop3.exe | TranscodingService.exe |
|
|
|
| Microsoft.Exchange.Pop3service.exe | UmService.exe |
|
|
|
| Microsoft.Exchange.ProtectedServiceHost.exe | UmWorkerProcess.exe |
|
|
|
| Microsoft.Exchange.RPCClientAccess.Service.exe | W3wp.exe |
|
| Forefront Protection for Exchange Server | Process-Exclusion | Adonavsvc.exe | FscStatsServ.exe |
|
|
|
| FscController.exe | FscTransportScanner.exe |
|
|
|
| FscDiag.exe | FscUtility.exe |
|
|
|
| FscExec.exe | FsEmailPickup.exe |
|
|
|
| FscImc.exe | FssaClient.exe |
|
|
|
| FscManualScanner.exe | GetEngineFiles.exe |
|
|
|
| FscMonitor.exe | PerfmonitorSetup.exe |
|
|
|
| FscRealtimeScanner.exe | ScanEngineTest.exe |
|
|
|
| FscStarter.exe | SemSetup.exe |
|
Perfect list !!!
ReplyDeleteBetter than MSFT provided it
Tnx