Anti-Virus vs Active directory Exclude List


Hi all,

The information below was taken from this http://support.microsoft.com/kb/822158/en-us, and refers only to Active directory.

Turn off scanning of Active Directory and Active Directory-related files

  • Exclude the Main NTDS database files. The location of these files is specified in the following registry key:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\DSA Database File

    The default location is %windir%\Ntds. Specifically, exclude the following files:

    Ntds.dit
    Ntds.pat
  • Exclude the Active Directory transaction log files. The location of these files is specified in the following registry key:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\Database Log Files Path

    The default location is %windir%\Ntds. Specifically, exclude the following files:

    • EDB*.log
    • Res*.log
    • Res*.jrs
    • Ntds.pat

    Note Windows Server 2003 no longer uses the Ntds.pat file.

  • Exclude the files in the NTDS Working folder that is specified in the following registry key:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\DSA Working Directory

    Specifically, exclude the following files:

    • Temp.edb
    • Edb.chk

Turn off scanning of SYSVOL files

  • Turn off scanning of files in the File Replication Service (FRS) Working folder that is specified in the following registry key:
    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Working Directory

    The default location is %windir%\Ntfrs. Exclude the following files that exist in the folder:

    • edb.chk
    • Ntfrs.jdb
    • *.log
  • Turn off scanning of files in the FRS Database Log files that are specified in the following registry key:
    HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\Ntfrs\Parameters\DB Log File Directory

    The default location is %windir%\Ntfrs. Exclude the following files:

    • Eedb*.log (if the registry key is not set).
    • FRS Working Dir\Jet\Log\Edb*.jrs (Windows Server 2008 and Windows Server 2008 R2).
    • Edb*.jrs (Windows Server 2008 and Windows Server 2008 R2).

    Note Settings for specific file exclusions is documented here for completeness. By default, these folders allow access only to System and Administrators. Please verify that the correct protections are in place. These folders contain only component working files for FRS and DFSR.

  • Turn off scanning of the Staging file as specified in the following registry key.
    HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\NtFrs\Parameters\Replica Sets\GUID\Replica Set Stage

    By default, staging uses the following location:

    %systemroot%\Sysvol\Staging areas

    Exclude the following files:

    • Nntfrs_cmp*.*
  • Turn off scanning of files in the Sysvol\Sysvol folder.The current location of the Sysvol\Sysvol folder and all its subfolders is the file system reparse target of the replica set root. The Sysvol\Sysvol folder uses the following location:
    %systemroot%\Sysvol\Sysvol

    Exclude the following files from this folder and all its subfolders:

    • *.adm
    • *.admx
    • *.adml
    • Registry.pol
    • *.aas
    • *.inf
    • Fdeploy.inf
    • Scripts.ini
    • *.ins
    • Oscfilter.ini
  • Turn off scanning of files in the FRS Preinstall folder that is in the following location:
    Replica_root\DO_NOT_REMOVE_NtFrs_PreInstall_Directory

    The Preinstall folder is always open when FRS is running.

    Exclude the following files from this folder and all its subfolders:

    • Ntfrs*.*
  • Turn off scanning of files in the DFSR database and working folders. The location is specified by the following registry key:
    HKEY_LOCAL_MACHINE\System\Currentcontrolset\Services\DFSR\Parameters\Replication Groups\GUID\Replica Set Configuration File=Path >

    In this registry key, “Path” is the path of an XML file that states the name of the Replication Group. In this example, the path would contain “Domain System Volume.”

    The default location is the following hidden folder:

    %systemdrive%\System Volume Information\DFSR

    Exclude the following files from this folder and all its subfolders:

    • $db_normal$
    • FileIDTable_2
    • SimilarityTable_2
    • *.xml
    • $db_dirty$
    • Dfsr.db
    • Fsr.chk
    • *.frx
    • *.log
    • Fsr*.jrs
    • Tmp.edb

    If any one of these folders or files is moved or is put in a different location, scan or exclude the equivalent element.”

Hope that this information be useful.

Advertisements

About rodvars
Been working in IT Services/Consulting for the past 15 years. My main areas of work are planning, development, managing and administration System infrastructures focusing on optimizing user processes, enforcing business security, performance enhancements, high availabilty and infrastucture scalability.

One Response to Anti-Virus vs Active directory Exclude List

  1. Pingback: How To Fix Edb Chk Virus Errors - Windows Vista, Windows 7 & 8

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: