YeOldeStonecat
Well-Known Member
- Reaction score
- 6,685
- Location
- Englewood Florida
Due to a few posts around the boards here regarding servers and accounting software on them, server performance, issues with servers....I've frequently mentioned having proper antivirus exclusion settings.
So I thought I'd make a post about them. A lot of people just install antivirus on a server...perhaps adjust some scheduled scan settings, update settings..and walk away.
I'll make a list of specific antivirus exclusions I do. Probably won't be cut 'n paste usable...as one cannot assume drive letters will be the same across the board.
This list is not a "one size fits all" either...there are certainly more directories and file types than I can cover here..but I'm just posting some basics to get started.
ALSO...don't forget, most antivirus clients assume to "Scan all file types"...which puts a heavier load on the system. I change the file extension types to scan from the default "All"....so "Only the file extensions below"..which usually has a list of *.fileextensiontype which may contain viruses. This setting itself greatly reduces much of the load. In addition to excluding certain file types. Don't forget...servers aren't used like a workstation (well...they shouldn't be), no surfing the web, no opening e-mail, etc. So you can afford to lower settings, without increasing risk.
On domain controllers, there are certain directories related to active directory, which should be excluded.
When Exchange is involved...there are directories to be excluded, because hopefully you're using a proper Exchange antivirus engine which hugs the infostore directly.
When SQL is involved, certain directories
Web Servers/IIS
Windows Update directory (WSUS)
And of course, line of business software..and their database engines. Following the guides of the software vendors support for that product. But even something as simple as Quickbooks on the server....I'll exclude the directory that is shared that houses all the company data files. Or at accounting offices, if you have a WinCSA folder shared for CSA Accounting...I'll exclude that share.
From the workstations...accordingly I disable scanning of network drives that contain those shared apps. These are often the cause of "client lock" files being hung...after someone logs out.
"But...what if a virus gets in those folders?" you ask? The answer is "scheduled scans". After hours, at night. Do a once a week scan or something like that. Servers are quite static..no need for real time protection to constantly be burdening all their folders...they're not being used as a desktop.
I"ll follow with some examples of directories/files to exclude on servers.
So I thought I'd make a post about them. A lot of people just install antivirus on a server...perhaps adjust some scheduled scan settings, update settings..and walk away.
I'll make a list of specific antivirus exclusions I do. Probably won't be cut 'n paste usable...as one cannot assume drive letters will be the same across the board.
This list is not a "one size fits all" either...there are certainly more directories and file types than I can cover here..but I'm just posting some basics to get started.
ALSO...don't forget, most antivirus clients assume to "Scan all file types"...which puts a heavier load on the system. I change the file extension types to scan from the default "All"....so "Only the file extensions below"..which usually has a list of *.fileextensiontype which may contain viruses. This setting itself greatly reduces much of the load. In addition to excluding certain file types. Don't forget...servers aren't used like a workstation (well...they shouldn't be), no surfing the web, no opening e-mail, etc. So you can afford to lower settings, without increasing risk.
On domain controllers, there are certain directories related to active directory, which should be excluded.
When Exchange is involved...there are directories to be excluded, because hopefully you're using a proper Exchange antivirus engine which hugs the infostore directly.
When SQL is involved, certain directories
Web Servers/IIS
Windows Update directory (WSUS)
And of course, line of business software..and their database engines. Following the guides of the software vendors support for that product. But even something as simple as Quickbooks on the server....I'll exclude the directory that is shared that houses all the company data files. Or at accounting offices, if you have a WinCSA folder shared for CSA Accounting...I'll exclude that share.
From the workstations...accordingly I disable scanning of network drives that contain those shared apps. These are often the cause of "client lock" files being hung...after someone logs out.
"But...what if a virus gets in those folders?" you ask? The answer is "scheduled scans". After hours, at night. Do a once a week scan or something like that. Servers are quite static..no need for real time protection to constantly be burdening all their folders...they're not being used as a desktop.
I"ll follow with some examples of directories/files to exclude on servers.
