[KB3078] Automatic file exclusions for ESET server products

Issue

Details


Click to expand

This information is an example of what files are usually being excluded. It cannot be thought of as an absolute and exact match for every system. Each system has its own specifics, and the paths and files shown below do not necessarily correspond to every system.


Solution

View a list of file scanning exclusions in ESET File Security for Microsoft Windows Server

  1. Open the main program window of your ESET Windows product.

  2. Press the F5 key to open Advanced setup.

  3. Click Detection Engine, expand Exclusions (depending on ESET server product you are using) and click Edit next to Performance exclusions.

Figure 1-1

View examples of common file scanning exclusions

Windows Server

Windows Update:

%windir%\SoftwareDistribution\Datastore\ Datastore.edb
%windir%\SoftwareDistribution\Datastore\Logs Res*.log
Res*.jrs
Edb.chk
Tmp.edb


Windows Security:

%windir%\Security\Database\ *.edb
*.sdb
*.log
*.chk
*.jrs


Active Directory:

%windir%\Ntds\ Ntds.dit
Ntds.pat
EDB*.log
Res*.log
Res*.jrs
Ntds.pat
Temp.edb
Edb.chk

SYSVOL:

%windir%\Ntfrs\ jetsysedb.chk
jetNtfrs.jdb
jetlog*.log
jetLogEdb*.jrs
*.log
%systemroot%\Sysvol\Staging areas\ Nntfrs_cmp*.*
Replica_Root\DO_NOT_REMOVE_NtFrs_PreInstall_Directory\ Ntfrs*.*
%systemroot%\Sysvol\Sysvol\ *.adm
*.admx
*.adml
Registry.pol
*.aas
*.inf
Fdeploy.inf
Scripts.ini
*.ins
Oscfilter.ini


FRS (File Replication Service):

%systemdrive%\System Volume Information\DFSR\ $db_normal$
FileIDTable_2
SimilarityTable_2
*.xml
$db_dirty$
Dfsr.db
Fsr.chk
*.frx
*.log
Fsr*.jrs
Tmp.edb


DHCP:

%systemroot%\System32\DHCP\ *.mdb
*.pat
*.log
*.chk
*.edb


DNS:

%systemroot%\System32\Dns\ *.log
*.dns
BOOT


WINS:

%systemroot%\System32\Wins\ *.chk
*.log
*.mdb


Certificate Services:

%systemroot%\system32\CertLog\ *.edb
*.edb.chk
*.log


MSMQ:

%SystemRoot%\system32\MSMQ\ *.*
%SystemRoot%\system32\MSMQ\storage\ *.*


Terminal Server Licensing Service:

%systemroot%\system32\LServer\ *.edb
*.log
*.tmp
*.chk


Print Service:

%systemroot%\system32\spool\PRINTERS\ *.spl
*.shd


Pagefile:

C:\Pagefile.sys


Windows Update Services:

C:\WSUS\UpdateServicesDbFiles\ SUSDB.mdf
SUSDB_log.ldf


Failover cluster:

\Device\CSVVolume?\*
\Device\CSVVolume??\*
\Device\CSVVolume???\*


Back to top


Microsoft Exchange Server

The Automatic exclusions for Exchange Servers are based on Microsoft's recommendations. ESET Mail Security for Microsoft Exchange Server applies "Directory/Folder exclusions" only ("Process exclusions" and "File name extension exclusions" are not applied). See the following Microsoft Knowledgebase articles for details:

IBM Lotus Domino Server

Exclusions based on: https://www-304.ibm.com/support/docview.wss?uid=swg21417504

Kerio Connect

Excluded is Kerio Connect's store folder (for example C:Program FilesKerioMailServerstore*.*). The location of the Kerio store folder is read from the configuration file mailserver.cfg (tag).

Kerio Control

The installation folder is excluded (for example C:Program Files (x86)KerioWinRoute Firewall*.*).

Microsoft ISA Server 2006 and ForeFront TMG 2010

ISA server:

%ProgramFiles%\Microsoft ISA Server\ *.*
%ProgramFiles%\Microsoft ISA Server\Logs\ *.*
%ProgramFiles%\Microsoft SQL Server\ *.*


Forefront TMG:

%ProgramFiles%\Microsoft Forefront Thread Management Gateway\ *.*
%ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS\ *.*
%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSFW\ *.*
%SystemRoot%\Temp\ScanStorage\ *.*
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\Logs\ *.*


Back to top

Microsoft Lync / Skype for Business Server
%SystemDrive%\RtcReplicaRoot
*.*

 

Microsoft SQL Server
C:\Program Files\Microsoft SQL ServerMSSQL.X[1]\MSSQL\Data\ *.mdf
*.ldf
*.ndf
C:\Program Files\Microsoft SQL ServerMSSQL.X[1]\MSSQL\Backup\ *.bak
*.trn
C:\Program Files\Microsoft SQL ServerMSSQL.X[1]\MSSQL\FTData\ *.*
C:\Program Files\Microsoft SQL ServerMSSQL.X[1]\OLAP\Data\ *.*
C:\Program Files\Microsoft SQL ServerMSSQL.X[1]\OLAP\Backup\ *.*
C:\Program Files\Microsoft SQL ServerMSSQL.X[1]\OLAP\Backup\ *.*

[1] - MSSQL.X represents an ID of SQL Server Instance or an installation ID of SQL Server Analysis Services

Microsoft SharePoint Server

Common:

C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\XX[2]\Logs\ *.log
***.log[3]
*.usage[2]
data*.dat[4]
***usage[4]
**Usa*.tmp[4]
%WINDIR%\Syswow64\LogFiles\SharePoint\[5] *.log
%WINDIR%\System32\LogFiles\SharePoint\[6] *.log

[2] - XX represents a version of Microsoft SharePoint Server
[3] - SharePoint 2007, SharePoint 2010
[4] - SharePoint 2013
[5] - 64-bit Microsoft SharePoint Server
[6] - 32-bit Microsoft SharePoint Server


SharePoint 2007, SharePoint 2010:

C:\Users\search_account[7]\AppData\Local\Temp\gthrsvc_SPSearch4\[8] *.*
C:\Documents and Settings\search_account[7]\Local Settings\Temp\gthrsvc_SPSearch4\[9] *.*

[7] - Name of an account that SharePoint search service is running as
[8] - 64-bit Microsoft SharePoint Server

[9] - 32-bit Microsoft SharePoint Server


SharePoint 2013:

C:\Program Files\Microsoft Office Servers\15.0\Data\Office Server\Applications\gthrsvc\ *.*


Back to top

IIS (Internet Information Services)
%systemroot%\IIS Temporary Compressed Files\ *.*
%systemroot%\System32\LogFiles\ **.log (IIS 5, IIS 6)
%systemdrive%\inetpub\logs\logfiles\ **.log (IIS 7, IIS 8)
%systemroot%\system32\inetsrv\ metabase.bin (IIS 5)
MetaBase.xml (IIS 6)
MBschema.xml (IIS 6)
%systemroot%\system32\inetsrv\config\ *.config (IIS 7, IIS8)

 

ESET Remote Administrator (ERA) Server
%APPDATA%\ESET\ESET Remote Administrator\Server\ *.*


Windows Server 2003:

C:\Documents and Settings\All Users\Application Data\ESET\ESET Remote Administrator\Server\ *.*


Windows Server 2008:

C:\ProgramData\ESET\ESET Remote Administrator\Server\ *.*

 

Microsoft Hyper-V

File exclusions in folders where virtual machine configuration is stored:

Virtual Machines\\*.xml
Virtual Machines Cache\\*.xml
Virtual Machines Cache\\*\\*.bin
Virtual Machines Cache\\*\\*.vsv
Snapshots\\*.xml
Snapshots\\*\\*.bin
Snapshots\\*\\*.vsv
Snapshots Cache\\*.xml


File exclusions of virtual drives:

*.vhd
*.avhd
*.vhdx (Windows Server 2012 and newer)
*.avhdx (Windows Server 2012 and newer)
Hyper-V

Hyper-V installed in a cluster is not specifically supported by automatic exclusions.

Back to top