When planning a Configuration Manager 2012 environment it is wise to also plan the anti-virus scan exclusions for the servers. Adding exclusions to your anti-virus solution will give you a better performance, since the online access scanner will not scan every logfile or file in the Configuration Manager inbox folders. Based on the Configuration Manager 2007 blog of the ConfigMgr Team with the knowledge of Configuration Manager 2012 I created the exclusion list below, feel free to supply information if you are missing something.
I did not include the standard Windows and SQL Server exclusions. You can find these here at the Technet Wiki.
ConfigMgrInstallDir = <driveletter>:Program FilesMicrosoft Configuration Manager
| Location | File(s) |
| ConfigMgrInstallDir | Install.map |
| ConfigMgrInstallDirInboxes | *.adc, *.box, *.ccr, *.cfg, *.cmn, *.ct0, *.ct1, *.ct2, *.dat, *.dc, *.ddr, *.i*, *.ins, *.ist, *.job, *.lkp, *.lo_, *.log, *.mif, *.mof, *.nal, *.ncf, *.nhm, *.ofn, *.ofr, *.p*, *.pcf, *.pck, *.pdf, *.pkg, *.pkn, *.rpl, *.rpt, *.sca, *.scd, *.scu, *.sha, *.sic, *.sid, *.srq, *.srs, *.ssu, *.svf, *.tmp, *.udc |
| ConfigMgrInstallDirLogs | *.log |
| <driveletter>:SMSPKG | *.* |
| <driveletter>:SMSPKG?$ (?=driveletter) | *.* |
| <driveletter>:SMSPKGSIG | *.* |
| <driveletter>:SMSSIG$ | *.* |
| <driveletter>:SCCMContentLib | *.* |
| <driveletter>:Program FilesSMS_CCMServiceData | *.msg, *.que, *.xml |
| <driveletter>:Program FilesSMS_CCMLogs | *.log |
Configuration Manager 2012 processes that can be excluded are:
- Smsexec.exe
- Ccmexec.exe
- CmRcService.exe
- Sitecomp.exe
- Smswriter.exe
- Smssqlbbkup.exe
For the configuration manager clients the following exclusion can be added:
- %windir%ccmcache
Please leave a message if you think something is missing or needs to be changed!
Update 7-7-2012: When using System Center Endpoint Protection you can use the out of the box template (SCEP12_Default_CfgMgr2012.xml) located <drive>Program FilesMicrosoft Configuration ManagerAdminConsoleXmlStorageEPTemplates.
In the template the following folders and filetypes are excluded:
- %allusersprofile%NTUser.pol
- %systemroot%system32GroupPolicyregistry.pol
- %windir%Securitydatabase*.chk
- %windir%Securitydatabase*.edb
- %windir%Securitydatabase*.jrs
- %windir%Securitydatabase*.log
- %windir%Securitydatabase*.sdb
- %windir%SoftwareDistributionDatastoreDatastore.edb
- %windir%SoftwareDistributionDatastoreLogsedb.chk
- %windir%SoftwareDistributionDatastoreLogsedb*.log
- %windir%SoftwareDistributionDatastoreLogsEdbres00001.jrs
- %windir%SoftwareDistributionDatastoreLogsEdbres00002.jrs
- %windir%SoftwareDistributionDatastoreLogsRes1.log
- %windir%SoftwareDistributionDatastoreLogsRes2.log
- %windir%SoftwareDistributionDatastoreLogstmp.edb
for the next folders both “Program Files” and “Program Files x86″ paths are listed:
- %programfiles%Microsoft Configuration ManagerInboxesadsrv.box
- %programfiles%Microsoft Configuration ManagerInboxesAIKbMgr.box
- %programfiles%Microsoft Configuration ManagerInboxesamtproxymgr.box
- %programfiles%Microsoft Configuration ManagerInboxesauth.box
- %programfiles%Microsoft Configuration ManagerInboxesccr.box
- %programfiles%Microsoft Configuration ManagerInboxesccrretry.box
- %programfiles%Microsoft Configuration ManagerInboxescertmgr.box
- %programfiles%Microsoft Configuration ManagerInboxesclifiles.src
- %programfiles%Microsoft Configuration ManagerInboxescolfile.box
- %programfiles%Microsoft Configuration ManagerInboxescoll_out.box
- %programfiles%Microsoft Configuration ManagerInboxesCOLLEVAL.box
- %programfiles%Microsoft Configuration ManagerInboxesCompSumm.Box
- %programfiles%Microsoft Configuration ManagerInboxesdataldr.box
- %programfiles%Microsoft Configuration ManagerInboxesddm.box
- %programfiles%Microsoft Configuration ManagerInboxesddmnotif.box
- %programfiles%Microsoft Configuration ManagerInboxesdespoolr.box
- %programfiles%Microsoft Configuration ManagerInboxesdistmgr.box
- %programfiles%Microsoft Configuration ManagerInboxesepmgr.box
- %programfiles%Microsoft Configuration ManagerInboxeshman.box
- %programfiles%Microsoft Configuration ManagerInboxesinventry.box
- %programfiles%Microsoft Configuration ManagerInboxesinvproc.box
- %programfiles%Microsoft Configuration ManagerInboxesmmctrl.box
- %programfiles%Microsoft Configuration ManagerInboxesnotictrl.box
- %programfiles%Microsoft Configuration ManagerInboxesobjmgr.box
- %programfiles%Microsoft Configuration ManagerInboxesoffermgr.box
- %programfiles%Microsoft Configuration ManagerInboxesOfferSum.Box
- %programfiles%Microsoft Configuration ManagerInboxespkginfo.box
- %programfiles%Microsoft Configuration ManagerInboxesPkgTransferMgr.box
- %programfiles%Microsoft Configuration ManagerInboxespolicypv.box
- %programfiles%Microsoft Configuration ManagerInboxespolreq.box
- %programfiles%Microsoft Configuration ManagerInboxesrcm.box
- %programfiles%Microsoft Configuration ManagerInboxesreplmgr.box
- %programfiles%Microsoft Configuration ManagerInboxesRuleEngine.box
- %programfiles%Microsoft Configuration ManagerInboxesschedule.box
- %programfiles%Microsoft Configuration ManagerInboxessinv.box
- %programfiles%Microsoft Configuration ManagerInboxessitecomp.box
- %programfiles%Microsoft Configuration ManagerInboxessitectrl.box
- %programfiles%Microsoft Configuration ManagerInboxesSiteStat.Box
- %programfiles%Microsoft Configuration ManagerInboxessmsbkup.box
- %programfiles%Microsoft Configuration ManagerInboxesstatmgr.box
- %programfiles%Microsoft Configuration ManagerInboxesswmproc.box
- %programfiles%Microsoft Configuration ManagerInboxesWSUSMgr.box
- %programfiles%Microsoft Configuration ManagerInboxeswsyncmgr.box
Thanks mate, nice article!