Recommended Virus Scanning Exclusions

[DC187]

Incase some of you are not aware Microsoft have a recommended list files/folders that should be excluded from On-Access Anti Virus scanning.

You can find the article here: Virus scanning recommendations for computers that are running Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows 2000, Windows XP, Windows Vista, or Windows 7

Here's their recommendations for Windows 2000, XP, Vista, 7, Server 2003 and Server 2008 and 2008 R2:

Microsoft Windows Update or Automatic Update related files

• The Windows Update or Automatic Update database file. This file is located in the following folder: %windir%\SoftwareDistribution\Datastore
  Exclude the Datastore.edb file.
• The transaction log files. These files are located in the following folder:%windir%\SoftwareDistribution\Datastore\Logs
  Exclude the following files:
  • Edb*.log
    
    Note The wildcard character indicates that there may be several files.
  • Res1.log. The file is named Edbres00001.jrs for Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2.
  • Res2.log. The file is named Edbres00002.jrs for Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2.
  • Edb.chk
  • Tmp.edb
  • The following files in the %windir%\security path should be added to the exclusions list:
    • *.edb
    • *.sdb
    • *.log
    • *.chk
    Note If these files are not excluded, security databases are typically corrupted, and Group Policy cannot be applied when you scan the folder. The wildcard character indicates that there may be several files. Specifically, you must exclude the following files:
    • Edb.chk
    • Edb.log
    • *.log
    • Security.sdb in the <drive>:\windows\security\database folder

Group Policy related files

• Group Policy user registry information. These files are located in the following folder: %allusersprofile%\
  Exclude the following file: NTUser.pol
• Group Policy client settings file. These files are located in the following folder:%Systemroot%\system32\GroupPolicy\
  Exclude the following file: registry.pol

Hope this info is helpful to some people

 

[Airbot]

Nice find DC187, thanks.

 

[whs]

This is nice. But has anybody figured out how to do that in a convenient way - e.g. with Norton or SuperAntiSpyware.

 

[DC187]

I'm unfamiliar with those products, I use McAfee VirusScan Enterprise myself and it's just a simple case of adding them in on an Exclusions tab.
Considering this is an article published by Microsoft I would have thought it would make sense for AntiVirus products to automatically detect the version of Windows running and apply the exclusions by default.
By adding these exclusions you reduce the chance of corrupting some of the above databases, I wonder if it due to Virus Scanning that causes some of the Windows Update errors some people suffer?

Maybe this thread should be stickied, not enough people are aware of these recommendations!

 

[whs]

Yeah, I know. All those programs have exclusion tabs. But you have to scout one by one for all those files and put them into the list - and that is the cumbersome part.

 

[harpua]

True it is cumbersome but with Eset AV and SS, and probably some others, once you have it set up, there is a setting that allows one to export one's customized settings (including the exclusion list) to an .xml file and reapply (i.e., import) them with a click or two when upgrading or reinstalling. So at least if that option is available, one only has to go through this pain once.