Friday, August 13, 2010

Exchange 2010 – Antivirus Exclusions

 

If you're deploying file-level scanners on Exchange 2010 servers, make sure that the appropriate exclusions, such as directory exclusions, process exclusions, and file name extension exclusions, are in place for both memory-resident and file-level scanning. This section describes directory exclusions, process exclusions, and file name extension exclusions for each server or server role

Directory Exclusions

 

 

 

 

Server role

Exclusion Type

Item(s)

Exclusions

Exclusion Consolidated Paths

Mailbox Server Role

File-Level

Databases

Command to Retrieve the location:  

Get-MailboxDatabase -server <servername> | format-list *path*

 

 

 

Log Files

 

 

 

 

Checkpoints

 

 

 

 

Database Content Indexes (default is same location as databases)

 

 

 

 

Group Metrics files

%ExchangeInstallPath%\GroupMetricsExchangeInstallPath%\TransportRoles\Logs   and %ExchangeInstallPath%\Logging)

 

 

 

Offline Address Book Files

%ExchangeInstallPath%\ExchangeOAB

 

 

 

IIS System Files

%SystemRoot%\System32\Inetsrv

 

 

 

Temporary Folder

Same Path where Eseutil.exe resides

 

 

 

Mailbox database temporary folder

%ExchangeInstallPath%\Mailbox\MDBTEMP

 

 

 

Any Exchange aware Anti-Virus Folders

 

 

 

 

Mailbox Server that is a member of a Database Availability Group (DAG)

%Winnt%\Cluster

 

 

 

Witness Server directories:  (Typically on the Hub Transport Server)

\\%SystemDrive%:\DAGFileShareWitnesses\<DAGFQDN>

 

Hub Transport Server Role

File-Level

Log Files:  Message Tracking, Connectivity logs,…

Default path:   %ExchangeInstallPath%\TransportRoles\Logs

Command to Retrieve the location: 

Get-TransportServer <serverName> | Format-List *logpath*,*tracingpath*

%ExchangeInstallPath%\TransportRoles\

 

 

Pickup and Replay directories

Default Path:  %ExchangeInstallPath%\TransportRoles

Command to Retrieve the location:

Get-TransportServer <serverName> fl *dir*path*

 

 

 

Queue database, checkpoint and log files

Default path:  %ExchangeInstallPath%\TransportRoles\Data\Queue

 

 

 

Sender Reputation database, checkpoint, log files

Default Path:  %ExchangeInstallPath%\TransportRoles\Data\SenderReputation

 

 

 

IP filter Database, Checkpoint, log files

Default Path:  %ExchangeInstallPath%\TransportRoles\Data\IpFilter

 

 

 

Temporary Folders

Exchange Servere Temp folder:  TMP  

 

 

 

 

OLE Conversions:    %ExchangeInstallPath%\Working\OleConvertor

 

 

 

Any Exchange aware Anti-Virus Folders

 

 

Edge Transport Server Role

File-Level

AD LDS log files

Default:  %ExchangeInstallpath%\TransportRoles\Data\ADAM

 

 

 

Pickup and Replay directories

Default Path:  %ExchangeInstallPath%\TransportRoles

Command to Retrieve the location:

Get-TransportServer <serverName> fl *dir*path*

%ExchangeInstallPath%\TransportRoles\

 

 

Queue database, checkpoint and log files

Default path:  %ExchangeInstallPath%\TransportRoles\Data\Queue

 

 

 

Sender Reputation database, checkpoint, log files

Default Path:  %ExchangeInstallPath%\TransportRoles\Data\SenderReputation

 

 

 

IP filter Database, Checkpoint, log files

Default Path:  %ExchangeInstallPath%\TransportRoles\Data\IpFilter

 

 

 

Temporary Folders

Exchange Servere Temp folder:  TMP  

 

 

 

 

OLE Conversions:    %ExchangeInstallPath%\Working\OleConvertor

 

 

 

Any Exchange aware Anti-Virus Folders

 

 

Client Access Server Role

File-Level

Servers using IIS 7.0:    Temporary files

"%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files"

 

 

 

Servers using IIS 6.0:  Temporary files

"%SystemRoot%\IIS Temporary Compressed Files"

 

 

 

IIS System Files

%SystemRoot%\System32\Inetsrv

 

 

 

 

InetPub\logs\logfiles\w3svc

 

 

 

Internet Related Sub Folders

%ExchangeInstallPath%\ClientAccess

 

 

 

Servers with POP3:  

%ExchangeInstallPath%\Logging\POP3

 

 

 

Servers with IMAP4:

%ExchangeInstallPath%\Logging\IMAP4

 

 

 

Temporary Folders for Conversions:

Exchange Servers Temp Folder:   TMP

 

 

 

 

%ExchangeInstallPath%\Working\OleConvertor

 

Unified Messaging Server Role

File-Level

Grammer Files for different locales

%ExchangeInstallPath%\UnifiedMessaging\grammars

 

 

 

Voice Prompts

%ExchangeInstallPath%\UnifiedMessaging\Prompts

 

 

 

VoiceMail Files

%ExchangeInstallPath%\UnifiedMessaging\Voicemail

 

 

 

Temporary Files

%ExchangeInstallPath%\UnifiedMessaging\temp

 

Forefront Protection for Exchange

File-Level

Forefront install folder

Default: "%Program Files%\Microsoft Forefront Security\Exchange Server"

%Program Files%\Microsoft Forefront Security\Exchange Server

 

 

Archived Messages

Default:  "%Program Files%\Microsoft Forefront Security\Exchange Server\Data\Archive"

 

 

 

Quarantined files

Default:  "%Program Files%\Microsoft Forefront Security\Exchange Server\Data\Quarantine"

 

 

 

Antivirus Engine files

Default:  "%Program Files%\Microsoft Forefront Security\Exchange Server\Data\Engines\x86"

 

 

 

Configuration Files

Default:  %Program Files%\Microsoft Forefront Security\Exchange Server\Data

 

Process Exclusions

 

 

 

 

Server role

Exclusion Type

Process exclusions

 

 

Set these for all Server Roles

Process-Exclusion

Cdb.exe

Microsoft.Exchange.Search.Exsearch.exe

 

 

 

Cidaemon.exe

Microsoft.Exchange.Servicehost.exe

 

 

 

Cluster.exe

MSExchangeASTopologyService.exe

 

 

 

Dsamain.exe

MSExchangeFDS.exe

 

 

 

EdgeCredentialSvc.exe

MSExchangeMailboxAssistants.exe

 

 

 

EdgeTransport.exe

MSExchangeMailboxReplication.exe

 

 

 

ExFBA.exe

MSExchangeMailSubmission.exe

 

 

 

GalGrammarGenerator.exe

MSExchangeRepl.exe

 

 

 

Inetinfo.exe

MSExchangeTransport.exe

 

 

 

Mad.exe

MSExchangeTransportLogSearch.exe

 

 

 

Microsoft.Exchange.AddressBook.Service.exe

MSExchangeThrottling.exe

 

 

 

Microsoft.Exchange.AntispamUpdateSvc.exe

Msftefd.exe

 

 

 

Microsoft.Exchange.ContentFilter.Wrapper.exe

Msftesql.exe

 

 

 

Microsoft.Exchange.EdgeSyncSvc.exe

OleConverter.exe

 

 

 

Microsoft.Exchange.Imap4.exe

Powershell.exe

 

 

 

Microsoft.Exchange.Imap4service.exe

SESWorker.exe

 

 

 

Microsoft.Exchange.Infoworker.Assistants.exe

SpeechService.exe

 

 

 

Microsoft.Exchange.Monitoring.exe

Store.exe

 

 

 

Microsoft.Exchange.Pop3.exe

TranscodingService.exe

 

 

 

Microsoft.Exchange.Pop3service.exe

UmService.exe

 

 

 

Microsoft.Exchange.ProtectedServiceHost.exe

UmWorkerProcess.exe

 

 

 

Microsoft.Exchange.RPCClientAccess.Service.exe

W3wp.exe

 

Forefront Protection for Exchange Server

Process-Exclusion

Adonavsvc.exe

FscStatsServ.exe

 

 

 

FscController.exe

FscTransportScanner.exe

 

 

 

FscDiag.exe

FscUtility.exe

 

 

 

FscExec.exe

FsEmailPickup.exe

 

 

 

FscImc.exe

FssaClient.exe

 

 

 

FscManualScanner.exe

GetEngineFiles.exe

 

 

 

FscMonitor.exe

PerfmonitorSetup.exe

 

 

 

FscRealtimeScanner.exe

ScanEngineTest.exe

 

 

 

FscStarter.exe

SemSetup.exe

 

1 comment: