[KB3078] Automatic file exclusions for ESET server products

Issue

  • See a list of file scanning exclusions on your system
  • See examples of common file scanning exclusions for ESET server products

 

Details

This information is an example of what files are usually being excluded. It cannot be thought of as an absolute and exact match for every system. Each system has its own specifics, and the paths and files shown below do not necessarily correspond to every system.

Solution

See a list of file scanning exclusions in ESET File Security for Microsoft Windows Server

  1. Open Advanced setup windows by pressing the F5 key.
     
  2. Navigate to Antivirus or Computer (depending on ESET server product you are using) and click Edit next to Paths to be excluded from scanning.

Navigate to Antivirus or Computer and click Edit.

Figure 1-1
Click the image to enlarge


 

See examples of common file scanning exclusions:

Windows Server

Exchange Server

IBM Lotus Domino Server

Kerio Connect

Kerio Control

Microsoft ISA Server 2006 a ForeFront TMG 2010

Microsoft Lync / Skype for Business Server

Microsoft SQL Server

Microsoft SharePoint Server

IIS (Internet Information Services)

ESET Remote Administrator Server

Microsoft Hyper-V

Windows Server

Windows Update:

%windir%\SoftwareDistribution\Datastore\ Datastore.edb
%windir%\SoftwareDistribution\Datastore\Logs Res*.log
Res*.jrs
Edb.chk
Tmp.edb


Windows Security:

%windir%\Security\Database\ *.edb
*.sdb
*.log
*.chk
*.jrs


Active Directory:

%windir%\Ntds\ Ntds.dit
Ntds.pat
EDB*.log
Res*.log
Res*.jrs
Ntds.pat
Temp.edb
Edb.chk


SYSVOL:

%windir%\Ntfrs\ jetsysedb.chk
jetNtfrs.jdb
jetlog*.log
jetLogEdb*.jrs
*.log
%systemroot%\Sysvol\Staging areas\ Nntfrs_cmp*.*
Replica_Root\DO_NOT_REMOVE_NtFrs_PreInstall_Directory\ Ntfrs*.*
%systemroot%\Sysvol\Sysvol\ *.adm
*.admx
*.adml
Registry.pol
*.aas
*.inf
Fdeploy.inf
Scripts.ini
*.ins
Oscfilter.ini


FRS (File Replication Service):

%systemdrive%\System Volume Information\DFSR\ $db_normal$
FileIDTable_2
SimilarityTable_2
*.xml
$db_dirty$
Dfsr.db
Fsr.chk
*.frx
*.log
Fsr*.jrs
Tmp.edb


DHCP:

%systemroot%\System32\DHCP\ *.mdb
*.pat
*.log
*.chk
*.edb


DNS:

%systemroot%\System32\Dns\ *.log
*.dns
BOOT


WINS:

%systemroot%\System32\Wins\ *.chk
*.log
*.mdb


Certificate Services:

%systemroot%\system32\CertLog\ *.edb
*.edb.chk
*.log


MSMQ:

%SystemRoot%\system32\MSMQ\ *.*
%SystemRoot%\system32\MSMQ\storage\ *.*


Terminal Server Licensing Service:

%systemroot%\system32\LServer\ *.edb
*.log
*.tmp
*.chk


Print Service:

%systemroot%\system32\spool\PRINTERS\ *.spl
*.shd


Pagefile:

C:\Pagefile.sys


Windows Update Services:

C:\WSUS\UpdateServicesDbFiles\ SUSDB.mdf
SUSDB_log.ldf


Failover cluster:

\Device\CSVVolume?\*
\Device\CSVVolume??\*
\Device\CSVVolume???\*


Back to top

Microsoft Exchange Server

The Automatic exclusions for Exchange Servers are based on Microsoft's recommendations. ESET Mail Security for Microsoft Exchange Server applies "Directory/Folder exclusions" only ("Process exclusions" and "File name extension exclusions" are not applied). See the following Microsoft Knowledge Base articles for details:

IBM Lotus Domino Server
Exclusions based on: https://www-304.ibm.com/support/docview.wss?uid=swg21417504
 

Kerio Connect
Excluded is Kerio Connect's store folder (for example C:Program FilesKerioMailServerstore*.*). Location of the Kerio store folder is read from the configuration file mailserver.cfg (tag ).
 

Kerio Control
Installation folder is excluded (for example C:Program Files (x86)KerioWinRoute Firewall*.*).
 

Microsoft ISA Server 2006 and ForeFront TMG 2010

ISA server:

%ProgramFiles%\Microsoft ISA Server\ *.*
%ProgramFiles%\Microsoft ISA Server\Logs\ *.*
%ProgramFiles%\Microsoft SQL Server\ *.*


Forefront TMG:

%ProgramFiles%\Microsoft Forefront Thread Management Gateway\ *.*
%ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS\ *.*
%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSFW\ *.*
%SystemRoot%\Temp\ScanStorage\ *.*
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\Logs\ *.*


Back to top

Microsoft Lync / Skype for Business Server

C:\WSUS\UpdateServicesDbFiles\ SUSDB.mdf
SUSDB_log.ldf

Microsoft SQL Server

C:\Program Files\Microsoft SQL ServerMSSQL.X[1]\MSSQL\Data\ *.mdf
*.ldf
*.ndf
C:\Program Files\Microsoft SQL ServerMSSQL.X[1]\MSSQL\Backup\ *.bak
*.trn
C:\Program Files\Microsoft SQL ServerMSSQL.X[1]\MSSQL\FTData\ *.*
C:\Program Files\Microsoft SQL ServerMSSQL.X[1]\OLAP\Data\ *.*
C:\Program Files\Microsoft SQL ServerMSSQL.X[1]\OLAP\Backup\ *.*
C:\Program Files\Microsoft SQL ServerMSSQL.X[1]\OLAP\Backup\ *.*

[1] - MSSQL.X represents an ID of SQL Server Instance or an installation ID of SQL Server Analysis Services

Microsoft SharePoint Server

Common:

C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\XX[2]\Logs\ *.log
***.log[3]
*.usage[2]
data*.dat[4]
***usage[4]
**Usa*.tmp[4]
%WINDIR%\Syswow64\LogFiles\SharePoint\[5] *.log
%WINDIR%\System32\LogFiles\SharePoint\[6] *.log

[2] - XX represents a version of Microsoft SharePoint Server
[3] - SharePoint 2007, SharePoint 2010
[4] - SharePoint 2013
[5] - 64-bit Microsoft SharePoint Server
[6] - 32-bit Microsoft SharePoint Server


SharePoint 2007, SharePoint 2010:

C:\Users\search_account[7]\AppData\Local\Temp\gthrsvc_SPSearch4\[8] *.*
C:\Documents and Settings\search_account[7]\Local Settings\Temp\gthrsvc_SPSearch4\[9] *.*

[7] - Name of an account that SharePoint search service is running as
[8] - 64-bit Microsoft SharePoint Server

[9] - 32-bit Microsoft SharePoint Server


SharePoint 2013:

C:\Program Files\Microsoft Office Servers\15.0\Data\Office Server\Applications\gthrsvc\ *.*


Back to top

IIS (Internet Information Services)

%systemroot%\IIS Temporary Compressed Files\ *.*
%systemroot%\System32\LogFiles\ **.log (IIS 5, IIS 6)
%systemdrive%\inetpub\logs\logfiles\ **.log (IIS 7, IIS 8)
%systemroot%\system32\inetsrv\ metabase.bin (IIS 5)
MetaBase.xml (IIS 6)
MBschema.xml (IIS 6)
%systemroot%\system32\inetsrv\config\ *.config (IIS 7, IIS8)

 

ESET Remote Administrator Server

%APPDATA%\ESET\ESET Remote Administrator\Server\ *.*


Windows Server 2003:

C:\Documents and Settings\All Users\Application Data\ESET\ESET Remote Administrator\Server\ *.*


Windows Server 2008:

C:\ProgramData\ESET\ESET Remote Administrator\Server\ *.*

 

Microsoft Hyper-V

File exclusions in folders where virtual machine configuration is stored:

Virtual Machines\\*.xml
Virtual Machines Cache\\*.xml
Virtual Machines Cache\\*\\*.bin
Virtual Machines Cache\\*\\*.vsv
Snapshots\\*.xml
Snapshots\\*\\*.bin
Snapshots\\*\\*.vsv
Snapshots Cache\\*.xml


File exclusions of virtual drives:

*.vhd
*.avhd
*.vhdx (Windows Server 2012 and newer)
*.avhdx (Windows Server 2012 and newer)

 

NOTE:

Hyper-V installed in a cluster is not specificaly supported by automatic exclusions.


Back to top