[KB3078] Automatic file exclusions for ESET server products

Issue

Details


Click to expand

The information below is an example of typically excluded files. It is not an exact match for every system. Each system has its specific files and setup. The paths and files shown below may not correspond to every system.


Solution

View a list of file scanning exclusions in ESET File Security for Microsoft Windows Server

  1. Open the main program window of your ESET Windows product.

  2. Press the F5 key to open Advanced setup.

  3. Click Detection Engine, expand Exclusions (depending on ESET server product you are using) and click Edit next to Performance exclusions.

    Figure 1-1

View examples of common file scanning exclusions

Windows Server

Windows Update:

%windir%\SoftwareDistribution\Datastore\ Datastore.edb
%windir%\SoftwareDistribution\Datastore\Logs Res*.log
Res*.jrs
Edb.chk
Tmp.edb


Windows Security:

%windir%\Security\Database\ *.edb
*.sdb
*.log
*.chk
*.jrs


Active Directory:

%windir%\Ntds\ Ntds.dit
Ntds.pat
EDB*.log
Res*.log
Res*.jrs
Ntds.pat
Temp.edb
Edb.chk


SYSVOL:

%windir%\Ntfrs\ jetsysedb.chk
jetNtfrs.jdb
jetlog*.log
jetLogEdb*.jrs
*.log
%systemroot%\Sysvol\Staging areas\ Nntfrs_cmp*.*
Replica_Root\DO_NOT_REMOVE_NtFrs_PreInstall_Directory\ Ntfrs*.*
%systemroot%\Sysvol\Sysvol\ *.adm
*.admx
*.adml
Registry.pol
*.aas
*.inf
Fdeploy.inf
Scripts.ini
*.ins
Oscfilter.ini


FRS (File Replication Service):

%systemdrive%\System Volume Information\DFSR\ $db_normal$
FileIDTable_2
SimilarityTable_2
*.xml
$db_dirty$
Dfsr.db
Fsr.chk
*.frx
*.log
Fsr*.jrs
Tmp.edb


DHCP:

%systemroot%\System32\DHCP\ *.mdb
*.pat
*.log
*.chk
*.edb


DNS:

%systemroot%\System32\Dns\ *.log
*.dns
BOOT


WINS:

%systemroot%\System32\Wins\ *.chk
*.log
*.mdb


Certificate Services:

%systemroot%\system32\CertLog\ *.edb
*.edb.chk
*.log


MSMQ:

%SystemRoot%\system32\MSMQ\ *.*
%SystemRoot%\system32\MSMQ\storage\ *.*


Terminal Server Licensing Service:

%systemroot%\system32\LServer\ *.edb
*.log
*.tmp
*.chk


Print Service:

%systemroot%\system32\spool\PRINTERS\ *.spl
*.shd


Pagefile:

C:\Pagefile.sys


Windows Update Services:

C:\WSUS\UpdateServicesDbFiles\ SUSDB.mdf
SUSDB_log.ldf


Failover cluster:

\Device\CSVVolume?\*
\Device\CSVVolume??\*
\Device\CSVVolume???\*


Back to top


Microsoft Exchange Server

The Automatic exclusions for Exchange Servers are based on Microsoft's recommendations. ESET Mail Security for Microsoft Exchange Server applies Directory/Folder exclusions only (Process exclusions and File name extension exclusions are not applied). See the following Microsoft Knowledgebase articles for details:


Kerio Connect

Excluded is Kerio Connect's store folder (for example C:Program FilesKerioMailServerstore*.*). The location of the Kerio store folder is read from the configuration file mailserver.cfg (tag).


Kerio Control

The installation folder is excluded (for example C:Program Files (x86)KerioWinRoute Firewall*.*).


Microsoft ISA Server 2006 and ForeFront TMG 2010

ISA server:

%ProgramFiles%\Microsoft ISA Server\ *.*
%ProgramFiles%\Microsoft ISA Server\Logs\ *.*
%ProgramFiles%\Microsoft SQL Server\ *.*


Forefront TMG:

%ProgramFiles%\Microsoft Forefront Thread Management Gateway\ *.*
%ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS\ *.*
%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSFW\ *.*
%SystemRoot%\Temp\ScanStorage\ *.*
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\Logs\ *.*


Back to top


Microsoft Lync / Skype for Business Server
%SystemDrive%\RtcReplicaRoot
*.*

Microsoft SQL Server
C:\Program Files\Microsoft SQL ServerMSSQL.X[1]\MSSQL\Backup\*.bak
*.trn
C:\Program Files\Microsoft SQL ServerMSSQL.X[1]\MSSQL\Data\ *.mdf
*.ldf
*.ndf
C:\Program Files\Microsoft SQL ServerMSSQL.X[1]\MSSQL\FTData\ *.*
C:\Program Files\Microsoft SQL ServerMSSQL.X[1]\OLAP\Data\ *.*
C:\Program Files\Microsoft SQL ServerMSSQL.X[1]\OLAP\Backup\ *.*
C:\Program Files\Microsoft SQL ServerMSSQL.X[1]\OLAP\Backup\ *.*

[1] MSSQL.X represents an ID of SQL Server Instance or an installation ID of SQL Server Analysis Services

Back to top


Microsoft SharePoint Server

Certain folders may have to be excluded from antivirus scanning when you use file-level antivirus software in SharePoint.

Common:

C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\XX[2]\Logs\ *.log
***.log[3]
*.usage
data*.dat[4]
***usage[4]
**Usa*.tmp[4]
%WINDIR%\Syswow64\LogFiles\SharePoint\[5] *.log
%WINDIR%\System32\LogFiles\SharePoint\[6] *.log

[2]  XX represents a version of Microsoft SharePoint Server

[3]  SharePoint 2010

[4]  SharePoint 2013

[5]  64-bit Microsoft SharePoint Server

[6]  32-bit Microsoft SharePoint Server


SharePoint 2010:

C:\Users\search_account[7]\AppData\Local\Temp\gthrsvc_SPSearch4\[8] *.*
C:\Documents and Settings\search_account[7]\Local Settings\Temp\gthrsvc_SPSearch4\[9] *.*

[7]  Name of an account that SharePoint search service is running as

[8] 64-bit Microsoft SharePoint Server

[9] – 32-bit Microsoft SharePoint Server


SharePoint 2013:

C:\Program Files\Microsoft Office Servers\15.0\Data\Office Server\Applications\gthrsvc\ *.*


Back to top


IIS (Internet Information Services)
%systemroot%\IIS Temporary Compressed Files\ *.*
%systemroot%\System32\LogFiles\ **.log (IIS 5, IIS 6)
%systemdrive%\inetpub\logs\logfiles\ **.log (IIS 7, IIS 8)
%systemroot%\system32\inetsrv\ metabase.bin (IIS 5)
MetaBase.xml (IIS 6)
MBschema.xml (IIS 6)
%systemroot%\system32\inetsrv\config\ *.config (IIS 7, IIS8)

ESET PROTECT Server


Windows Server 2016

%APPDATA%\ESET\RemoteAdministrator\Server\ *.*


Windows Server 2008:

C:\ProgramData\ESET\RemoteAdministrator\Server\ *.*


Windows Server 2003 (for ESET Remote Administrator):

C:\Documents and Settings\All Users\Application Data\ESET\ESET Remote Administrator\Server\ *.*

Microsoft Hyper-V

File exclusions in folders where virtual machine configuration is stored:

Virtual Machines\\*.xml
Virtual Machines Cache\\*.xml
Virtual Machines Cache\\*\\*.bin
Virtual Machines Cache\\*\\*.vsv
Snapshots\\*.xml
Snapshots\\*\\*.bin
Snapshots\\*\\*.vsv
Snapshots Cache\\*.xml


File exclusions of virtual drives:

*.vhd
*.avhd
*.vhdx (Windows Server 2012 and newer)
*.avhdx (Windows Server 2012 and newer)
Hyper-V

Hyper-V installed in a cluster is not specifically supported by automatic exclusions.

Back to top