[KB3078] Automatic exclusions in ESET server applications for Windows

Issue

Enable or disable automatic exclusions in ESET server applications for Windows
Detailed list of automatic exclusions

Solution

System-specific exclusions

ESET server applications automatically generate exclusions for paths and files based on your system settings.

Enable or disable automatic exclusions in ESET server applications for Windows

Automatic exclusions

Automatic exclusions are all enabled by default. The availability of specific automatic exclusions may differ depending on the ESET server application installed.

Open the main program window of your ESET Windows application.
Press the F5 key to open Advanced setup.
Click Scans, expand Exclusions → Automatic Exclusions, and click the toggle next to automatic exclusions to enable or disable them. Click OK to save the changes.

Detailed list of automatic exclusions

ESET PROTECT On-Prem
Microsoft Windows Server
Microsoft SQL Server
Microsoft Exchange Server
Microsoft SharePoint
Microsoft Internet Information Services (IIS)
Microsoft Hyper-V
Microsoft Lync/Skype for Business Server
Microsoft Lync/Skype for Business Server file share
Microsoft Configuration Manager
Kerio Connect
Kerio Control
Microsoft ISA Server
Microsoft Forefront Threat Management Gateway

ESET PROTECT On-Prem

%APPDATA%\ESET\ESET Remote Administrator\Server\*.*

Microsoft Windows Server

Windows Update:

`%windir%\SoftwareDistribution\Datastore\`	`Datastore.edb`
`%windir%\SoftwareDistribution\Datastore\Logs\`	`Edb*.jrs Edb.chk Tmp.edb`

Windows Security:

%windir%\Security\Database\ *.edb *.sdb *.log *.chk *.jrs *.csv *.cmtx

Group Policy:

`%allusersprofile%\`	`NTUser.pol`
`%SystemRoot%\System32\GroupPolicy\Machine\` `%SystemRoot%\System32\GroupPolicy\User\`	`Registry.pol Registry.tmp`

Active Directory:

%windir%\Ntds\ Ntds.dit Ntds.pat EDB*.log Res*.log Res*.jrs Temp.edb Edb.chk

SYSVOL:

`%windir%\Ntfrs\`	`jetsysedb.chk jetNtfrs.jdb jetlog.log jetLogEdb.jrs *.log`
`%systemroot%\Sysvol\Staging areas\`	`Nntfrs_cmp.`
`Replica_Root\DO_NOT_REMOVE_NtFrs_PreInstall_Directory\`	`Ntfrs.`
`%systemroot%\Sysvol\Sysvol\`	`.adm .admx .adml Registry.pol .aas .inf Fdeploy.inf Scripts.ini .ins Oscfilter.ini`

FRS (File Replication Service) and DFSR (Distributed File System Replication):

%systemdrive%\System Volume Information\DFSR\ $db_normal$ FileIDTable_2 SimilarityTable_2 *.xml $db_dirty$ Dfsr.db Fsr.chk *.frx *.log Fsr*.jrs Tmp.edb

DHCP:

%systemroot%\System32\DHCP\ *.mdb *.pat *.log *.chk *.edb

DNS:

%systemroot%\System32\Dns\ *.log *.dns BOOT

WINS:

%systemroot%\System32\Wins\ *.chk *.log *.mdb

Certificate Services:

%systemroot%\system32\CertLog\ *.edb *.edb.chk *.log

MSMQ:

%SystemRoot%\system32\MSMQ\storage\ *.mq lqs\*.???????? QMLog *.lq1 *.lq2

Terminal Server Licensing Service:

%systemroot%\system32\LServer\ *.edb *.log *.tmp *.chk

Print Service:

%systemroot%\system32\spool\PRINTERS\ *.spl *.shd

Pagefile:

C:\Pagefile.sys

Windows Update Services:

C:\WSUS\UpdateServicesDbFiles\ SUSDB.mdf SUSDB_log.ldf

Failover cluster:

\Device\CSVVolume?\*

						\Device\CSVVolume??\*

						\Device\CSVVolume???\*

Windows Server backup:

\Device\HarddiskVolume*\EFI\Microsoft\Boot\ \Device\HarddiskVolumeShadowCopy???\ BCD BCD.LOG bootmgfw.efi

Windows Data Deduplication feature:

\\?\Volume{GUID}\System Volume Information\Dedup \ChunkStore\* \Logs\*.etl \Logs\*.log \State\*

Microsoft SQL Server

`C:\<PROGRAM_FILES>^[1]\Microsoft SQL Server\<INSTANCE_ID>^[2]\MSSQL\Data\`	`.mdf .ldf *.ndf`
`C:\<PROGRAM_FILES>^[1]\Microsoft SQL Server\MSSQL.X\MSSQL\Backup\`	`.bak` `.trn`
`C:\<PROGRAM_FILES>^[1]\Microsoft SQL Server\MSSQL.X\MSSQL\FTData\`	`.`
`C:\<PROGRAM_FILES>^[1]\Microsoft SQL Server\<INSTANCE_ID>^[2]\OLAP\Data\`	`.`
`C:\<PROGRAM_FILES>^[1]\Microsoft SQL Server\<INSTANCE_ID>^[2]\OLAP\Temp\`	`.`
`C:\<PROGRAM_FILES>^[1]\Microsoft SQL Server\<INSTANCE_ID>^[2]\OLAP\Backup\`	`.`
`C:\<PROGRAM_FILES>^[1]\Microsoft SQL Server\<INSTANCE_ID>^[2]\OLAP\Log\`	`.`

[1] – PROGRAM_FILES changes based on 32-bit or 64-bit SQL installation.

[2] – INSTANCE_ID is the SQL instance ID.

Microsoft Exchange Server

The Automatic exclusions for Exchange Servers are based on Microsoft's recommendations. ESET Mail Security for Microsoft Exchange Server applies Directory/Folder exclusions only (Process exclusions and File name extension exclusions are not applied). See the following Microsoft Knowledgebase articles for details:

Microsoft SharePoint

Certain folders may have to be excluded from antivirus scanning when you use file-level antivirus software in SharePoint.

Exclusions:

`C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\XX^[1]\Logs\`	`.log \.log^[2] .usage^[1] data.dat^[3] *\usage^[3] *\Usa.tmp^[3]`
`%WINDIR%\Syswow64\LogFiles\SharePoint\`^[4]	`*.log`
`%WINDIR%\System32\LogFiles\SharePoint\`^[5]	`*.log`

SharePoint 2010:

`C:\Users\search_account^[6]\AppData\Local\Temp\gthrsvc_SPSearch4\`^[4]	`.`
`C:\Documents and Settings\search_account^[6]\Local Settings\Temp\gthrsvc_SPSearch4\`^[5]	`.`

[1] –XX represents a version of Microsoft SharePoint Server

[2] –SharePoint 2010

[3] –SharePoint 2013

[4] –64-bit Microsoft SharePoint Server

[5] –32-bit Microsoft SharePoint Server

[6] –Name of an account that the SharePoint search service is running as

SharePoint 2013:

C:\Program Files\Microsoft Office Servers\15.0\Data\Office Server\Applications\gthrsvc\ *.*

Microsoft Internet Information Services (IIS)

`%systemroot%\IIS Temporary Compressed Files\`	`.` (IIS 5, IIS 6)
`%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files\`	`.` (IIS 7+)
`%SystemDrive%\inetpub\temp\ASP Compiled Templates\`	`.` (IIS 7+)
`%systemroot%\System32\LogFiles\`	`\.log` (IIS 5, IIS 6)
`%systemdrive%\inetpub\logs\logfiles\`	`\.log` (IIS 7, IIS 8)
`%systemroot%\system32\inetsrv\`	`metabase.bin` (IIS 5) `MetaBase.xml` (IIS 6) `MBschema.xml` (IIS 6)
`%systemroot%\system32\inetsrv\config\`	`*.config` (IIS 7+)

Microsoft Hyper-V

Cluster installation

Hyper-V installed in a cluster is not supported by automatic exclusions.

Exclusions in folders where virtual machine configuration is stored:

Virtual Machines\*.xml
Virtual Machines Cache\*.xml
Virtual Machines Cache\*\*.bin
Virtual Machines Cache\*\*.vsv
Snapshots\*.xml
Snapshots\*\*.bin
Snapshots\*\*.vsv
Snapshots Cache\*.xml

Exclusions for virtual drive files:

*.vhd
*.avhd
*.vhdx
*.avhdx

Microsoft Lync/Skype for Business Server

%SystemDrive%\RtcReplicaRoot\*.*

Microsoft Lync/Skype for Business Server file share

File share exclusions are generated automatically from the database.

Microsoft Configuration Manager

Server

`%ProgramFiles%\Microsoft Configuration Manager\inboxes`	`"\\\\.CIV"` `"\\\\.MIF"` `"\\\\.PKN"` `"\\\\.POL"` `"\\\\.SID"` `"\\\\.SMX"` `"\\\\.XML"` `"\\\\.ZIP"`
`%ProgramFiles%\Microsoft Configuration Manager\Logs`	`\\.LO_` `\\.LOG`
`%ProgramFiles%\Microsoft Configuration Manager\EasySetupPayload`	`\\.CONFIG` `\\.CSV` `\\.INI` `\\.JSON` `\\.XML` `\\.XSD` `\\.XSL` `\\.XSLT` `\\.ZIP`
`%ProgramFiles%\Microsoft Configuration Manager\MP\OUTBOXES`	`\\.POL`
`%ProgramFiles%\SMS_CCM\ServiceData`	`\\.MSG \\.QUE`
`%Windir%\CCM\ServiceData`	`\\.DAT` `\\.POL` `\\.SDF`

Excluded units based on the MCM scheme.

`SCCMContentLib`	`\\.INI` `\\.SIG`
`SMS_DP$`	`\\.LO_` `\\.LOG`
`SMSPKG`	`\\.7Z` `\\.CSV` `\\.JSON` `\\.SDB` `\\.SDF` `\\.WIM` `\\.XML` `\\.XSD` `\\.XSL` `\\.ZIP`
`SMSPKGSIG`	`\\.CFG` `\\.CIP` `\\.CONFIG` `\\.CONFIGURATION` `\\.DB` `\\.EVS` `\\.INI` `\\.JSON` `\\.LDF` `\\.LOG` `\\.MUI` `\\.SDB` `\\.SDP` `\\.SER` `\\.SMS` `\\.TCF` `\\.WSF` `\\.XML` `\\.XSD` `\\.XSL` `\\.XSLT` `\\.ZIP`
`SMSSIG$`	`\\.TAR`

Excluded units based on location (for example, D:\\SMSPKGD$, G:\\SMSPKGG$).

\*\*.7Z

\*\*.CSV

\*\*.JSON

\*\*.SDB

\*\*.SDF

\*\*.WIM

\*\*.XML

\*\*.XSD

\*\*.XSL

\*\*.ZIP

Client

`%Windir%\CCM`	`\\.SDF`
`C:\Windows\CCMCache`	`\\.CAB` `\\.SDF`
`C:\Windows\CCMSetup`	`\\.LOG`
`%Windir%\CCM\Logs`	`\\.LOG` `\\.XML`
`C:\Program Files\Microsoft Policy Platform\authorityDb`	`\\.SDF`
`%Windir%\CCM\temp`	`\\.LOG` `\\.XML`

Kerio Connect

Kerio Connect's store folder is excluded (for example, C:\Program Files\Kerio\MailServer\store).

Kerio Control

The installation folder is excluded (for example, C:\Program Files\Kerio\MailServer).

Microsoft ISA Server

Exclusions:

%ProgramFiles%\Microsoft ISA Server\*.*
%ProgramFiles%\Microsoft ISA Server\Logs\*.*
%ProgramFiles%\Microsoft SQL Server\*.*

Microsoft Forefront Threat Management Gateway

Exclusions:

%ProgramFiles%\Microsoft Forefront Thread Management Gateway\*.*
%ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS\*.*
%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSFW\*.*
%SystemRoot%\Temp\ScanStorage\*.*
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\Logs\*.*

Directories for web cache and text logs are also excluded.

Last Updated: Jun 1, 2026

[KB3078] Automatic exclusions in ESET server applications for Windows

Issue

Solution

System-specific exclusions

Enable or disable automatic exclusions in ESET server applications for Windows

Automatic exclusions

Detailed list of automatic exclusions

ESET PROTECT On-Prem

Microsoft Windows Server

Microsoft SQL Server

Microsoft Exchange Server

Microsoft SharePoint

Microsoft Internet Information Services (IIS)

Microsoft Hyper-V

Cluster installation

Microsoft Lync/Skype for Business Server

Microsoft Lync/Skype for Business Server file share

Microsoft Configuration Manager

Kerio Connect

Kerio Control

Microsoft ISA Server

Microsoft Forefront Threat Management Gateway

Additional resources

User guides

ESET Forum

YouTube videos

Existing customer?