Issue
Details
Click to expand
The information below is an example of typically excluded files. It is not an exact match for every system. Each system has its specific files and setup. The paths and files shown below may not correspond to every system.
Solution
View a list of file scanning exclusions in ESET File Security for Microsoft Windows Server
-
Press the F5 key to open Advanced setup.
-
Click Detection Engine, expand Exclusions (depending on ESET server product you are using) and click Edit next to Performance exclusions.
Figure 1-1
View examples of common file scanning exclusions
- Windows Server
- Microsoft Exchange Server
- Kerio Connect
- Kerio Control
- Microsoft ISA Server 2006 a ForeFront TMG 2010
- Microsoft Lync / Skype for Business Server
- Microsoft SQL Server
- Microsoft SharePoint Server
- IIS (Internet Information Services)
- ESET PROTECT Server
- Microsoft Hyper-V
Windows Server
Windows Update:
%windir%\SoftwareDistribution\Datastore\ |
Datastore.edb |
|
Res*.log |
Windows Security:
%windir%\Security\Database\ |
*.edb |
Active Directory:
%windir%\Ntds\ |
Ntds.dit |
SYSVOL:
%windir%\Ntfrs\ |
jetsysedb.chk |
%systemroot%\Sysvol\Staging areas\ |
Nntfrs_cmp*.* |
Replica_Root\DO_NOT_REMOVE_NtFrs_PreInstall_Directory\ |
Ntfrs*.* |
%systemroot%\Sysvol\Sysvol\ |
*.adm |
FRS (File Replication Service):
%systemdrive%\System Volume Information\DFSR\ |
$db_normal$ |
DHCP:
%systemroot%\System32\DHCP\ |
*.mdb |
DNS:
%systemroot%\System32\Dns\ |
*.log |
WINS:
%systemroot%\System32\Wins\ |
*.chk |
Certificate Services:
%systemroot%\system32\CertLog\ |
*.edb |
MSMQ:
%SystemRoot%\system32\MSMQ\ |
*.* |
%SystemRoot%\system32\MSMQ\storage\ |
*.* |
Terminal Server Licensing Service:
%systemroot%\system32\LServer\ |
*.edb |
Print Service:
%systemroot%\system32\spool\PRINTERS\ |
*.spl |
Pagefile:
C:\Pagefile.sys |
Windows Update Services:
C:\WSUS\UpdateServicesDbFiles\ |
SUSDB.mdf |
Failover cluster:
\Device\CSVVolume?\* |
Microsoft Exchange Server
The Automatic exclusions for Exchange Servers are based on Microsoft's recommendations. ESET Mail Security for Microsoft Exchange Server applies Directory/Folder exclusions only (Process exclusions and File name extension exclusions are not applied). See the following Microsoft Knowledgebase articles for details:
- Update on the Exchange Server Antivirus Exclusions
- Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows
- File-Level Antivirus Scanning on Exchange 2007
- File-Level Antivirus Scanning on Exchange 2010
- Anti-Virus Software in the Operating System on Exchange Servers (Exchange 2013)
- Running Windows antivirus software on Exchange 2016 servers
Kerio Connect
Excluded is Kerio Connect's store folder (for example C:Program FilesKerioMailServerstore*.*). The location of the Kerio store folder is read from the configuration file mailserver.cfg (tag).
Kerio Control
The installation folder is excluded (for example C:Program Files (x86)KerioWinRoute Firewall*.*).
Microsoft ISA Server 2006 and ForeFront TMG 2010
ISA server:
%ProgramFiles%\Microsoft ISA Server\ |
*.* |
%ProgramFiles%\Microsoft ISA Server\Logs\ |
*.* |
%ProgramFiles%\Microsoft SQL Server\ |
*.* |
Forefront TMG:
%ProgramFiles%\Microsoft Forefront Thread Management Gateway\ |
*.* |
%ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS\ |
*.* |
%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSFW\ |
*.* |
%SystemRoot%\Temp\ScanStorage\ |
*.* |
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\Logs\ |
*.* |
Microsoft Lync / Skype for Business Server
%SystemDrive%\RtcReplicaRoot |
*.* |
Microsoft SQL Server
C:\Program Files\Microsoft SQL ServerMSSQL.X[1]\MSSQL\Backup\*.bak
*.trnC:\Program Files\Microsoft SQL ServerMSSQL.X[1]\MSSQL\Data\ |
*.mdf |
C:\Program Files\Microsoft SQL ServerMSSQL.X |
*.* |
C:\Program Files\Microsoft SQL ServerMSSQL.X[1]\OLAP\Data\ |
*.* |
C:\Program Files\Microsoft SQL ServerMSSQL.X[1]\OLAP\Backup\ |
*.* |
C:\Program Files\Microsoft SQL ServerMSSQL.X[1]\OLAP\Backup\ |
*.* |
[1] – MSSQL.X represents an ID of SQL Server Instance or an installation ID of SQL Server Analysis Services
Microsoft SharePoint Server
Common:
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\XX[2]\Logs\ |
*.log |
%WINDIR%\Syswow64\LogFiles\SharePoint\[5] |
*.log |
%WINDIR%\System32\LogFiles\SharePoint\[6] |
*.log |
[2] – XX represents a version of Microsoft SharePoint Server
[3] – SharePoint 2010
[4] – SharePoint 2013
[5] – 64-bit Microsoft SharePoint Server
[6] – 32-bit Microsoft SharePoint Server
SharePoint 2010:
C:\Users\search_account[7]\AppData\Local\Temp\gthrsvc_SPSearch4\[8] |
*.* |
C:\Documents and Settings\search_account[7]\Local Settings\Temp\gthrsvc_SPSearch4\[9] |
*.* |
[7] – Name of an account that SharePoint search service is running as
[8] – 64-bit Microsoft SharePoint Server
[9] – 32-bit Microsoft SharePoint Server
SharePoint 2013:
C:\Program Files\Microsoft Office Servers\15.0\Data\Office Server\Applications\gthrsvc\ |
*.* |
IIS (Internet Information Services)
%systemroot%\IIS Temporary Compressed Files\ |
*.* |
%systemroot%\System32\LogFiles\ |
**.log (IIS 5, IIS 6) |
%systemdrive%\inetpub\logs\logfiles\ |
**.log (IIS 7, IIS 8) |
%systemroot%\system32\inetsrv\ |
metabase.bin (IIS 5) |
%systemroot%\system32\inetsrv\config\ |
*.config (IIS 7, IIS8) |
ESET PROTECT Server
Windows Server 2016
%APPDATA%\ESET\RemoteAdministrator\Server\ |
*.* |
Windows Server 2008:
C:\ProgramData\ESET\RemoteAdministrator\Server\ |
*.* |
Windows Server 2003 (for ESET Remote Administrator):
C:\Documents and Settings\All Users\Application Data\ESET\ESET Remote Administrator\Server\ |
*.* |
Microsoft Hyper-V
File exclusions in folders where virtual machine configuration is stored:
Virtual Machines\\*.xml |
Virtual Machines Cache\\*.xml |
Virtual Machines Cache\\*\\*.bin |
Virtual Machines Cache\\*\\*.vsv |
Snapshots\\*.xml |
Snapshots\\*\\*.bin |
Snapshots\\*\\*.vsv |
Snapshots Cache\\*.xml |
File exclusions of virtual drives:
*.vhd |
*.avhd |
*.vhdx (Windows Server 2012 and newer) |
*.avhdx (Windows Server 2012 and newer) |
