Article ID: 943556 - Last Review: April 6, 2012 - Revision: 3.0

Recommended file and folder exclusions for Microsoft Forefront Client Security, Forefront Endpoint Protection 2010 or Microsoft System Center 2012 Endpoint Protection

View products that this article applies to.
System TipThis article applies to a different operating system than the one you are using. Article content that may not be relevant to you is disabled.

On This Page

Expand all | Collapse all

INTRODUCTION

Microsoft Forefront Client Security, Forefront Endpoint Protection 2010 and Microsoft System Center 2012 Endpoint Protection scan the files and folders on your computer for malicious programs that are known as malware. By default, all files and folders are included when the programs scan your computer. However, you can configure Forefront Client Security, Forefront Endpoint Protection 2010 and System Center 2012 Endpoint Protection to skip certain files or folders when it scans the computer. It is best not to perform a malware scan on the files for certain programs or for operating system roles. This is to help prevent the following issues: 
  • An anti-malware program could incorrectly determine that a program file is malware. This is known as a false positive.
  • The anti-malware scan operation could decrease performance for a particular program when that program tries to access its program files.
This article contains links to articles and to Web sites that identify files and folders for certain Microsoft products. We recommend that you exclude these files and folders from Forefront Security and System Center 2012 Endpoint Protection scan operations. 

Note The information in this article also applies to other antivirus or anti-malware programs that you may use. Also, if you run an antivirus or anti-malware program on a computer that is running a third-party program or service, we recommend that you contact the program vendor. The program vendor can help determine whether certain files or folders should be excluded from antivirus or anti-malware scan operations.
Back to the top

MORE INFORMATION

The following sections contain information about the files and folders that we recommend be excluded from scanning by anti-malware programs. The information is categorized by the operating system role or by program name.
Back to the top

Domain controllers

815263  (http://support.microsoft.com/kb/815263/ ) Antivirus, backup, and disk optimization programs that are compatible with the File Replication Service
837932  (http://support.microsoft.com/kb/837932/ ) Event ID 2108 and Event ID 1084 occur during inbound replication of Active Directory in Windows 2000 Server and in Windows Server 2003

For more information, visit the following Microsoft Web sites:
Managing Domain Controllers
http://technet2.microsoft.com/windowsserver/en/library/7e56fd5d-a6a2-44eb-8915-4a47bae41fda1033.mspx (http://technet2.microsoft.com/windowsserver/en/library/7e56fd5d-a6a2-44eb-8915-4a47bae41fda1033.mspx)
Managing Antivirus Software on Domain Controllers
http://www.microsoft.com/downloads/details.aspx?familyid=84dfe61e-fb7b-4673-89b8-55bcc801b431&displaylang=en (http://www.microsoft.com/downloads/details.aspx?familyid=84dfe61e-fb7b-4673-89b8-55bcc801b431&displaylang=en)
Back to the top

Microsoft Exchange Server

328841  (http://support.microsoft.com/kb/328841/ ) Exchange and antivirus software
245822  (http://support.microsoft.com/kb/245822/ ) Recommendations for troubleshooting an Exchange Server computer with antivirus software installed
For more information, visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/9fb755f5-5f0b-4817-a584-70c76a62eae2.aspx (http://technet.microsoft.com/en-us/library/9fb755f5-5f0b-4817-a584-70c76a62eae2.aspx)
Back to the top

Forefront Endpoint Protection

For more information, visit the following Microsoft Web site:

http://technet.microsoft.com/en-us/forefront/ee822838 (http://technet.microsoft.com/en-us/forefront/ee822838)
Back to the top

Internet Information Server (IIS)

817442  (http://support.microsoft.com/kb/817442/ ) IIS 6.0: Antivirus scanning of IIS compression directory may result in 0-byte file
Back to the top

Microsoft Internet Security and Acceleration (ISA) Server

For more information, visit the following Microsoft Web site:
http://technet.microsoft.com/en-us/library/cc707727.aspx (http://technet.microsoft.com/en-us/library/cc707727.aspx)
Back to the top

Microsoft SharePoint Portal Server

320111  (http://support.microsoft.com/kb/320111/ ) Random errors may occur when antivirus software scans Microsoft Web Storage System in SharePoint Portal Server 2001 and in SharePoint Portal Server 2003
322941  (http://support.microsoft.com/kb/322941/ ) Microsoft's position on antivirus solutions for Microsoft SharePoint Portal Server
Back to the top

Microsoft SQL Server

309422  (http://support.microsoft.com/kb/309422/ ) Guidelines for choosing antivirus software to run on the computers that are running SQL Server
Back to the top

Microsoft Systems Management Server (SMS)

327453  (http://support.microsoft.com/kb/327453/ ) Antivirus programs may contribute to file backlogs in SMS 2.0 and in SMS 2003
Back to the top

Microsoft Virtual Server 2005 or Microsoft Virtual PC 2004

840193  (http://support.microsoft.com/kb/840193/ ) Virtual machines run very slowly in Virtual PC 2004 or in Virtual Server 2005
Back to the top

Windows operating systems

822158  (http://support.microsoft.com/kb/822158/ ) Virus scanning recommendations for computers that are running Windows Server 2003, Windows 2000, or Windows XP
Back to the top

General information

900638  (http://support.microsoft.com/kb/900638/ ) Multiple symptoms occur if an antivirus scan occurs while the Wsusscan.cab file or the Wsusscn2.cab file is copied
Back to the top

REFERENCES

For more information about Forefront Client Security policy-based exclusions, visit the following Microsoft Web site:
Planning your policies
http://technet.microsoft.com/en-us/library/bb418804.aspx (http://technet.microsoft.com/en-us/library/bb418804.aspx)
For more information about how to use Forefront Client Security, see the Forefront Client Security product documentation. This documentation contains the following guides:
  • Microsoft Forefront Client Security Getting Started Guide
  • Microsoft Forefront Client Security Planning and Architecture Guide
  • Microsoft Forefront Client Security Deployment Guide
  • Microsoft Forefront Client Security Administrator's Guide
  • Microsoft Forefront Client Security Performance and Scalability Guide
  • Microsoft Forefront Client Security Disaster Recovery Guide
  • Microsoft Forefront Client Security Security Guide
  • Microsoft Forefront Client Security Troubleshooting Guide
  • Microsoft Forefront Client Security Technical Reference Guide
To obtain this documentation, visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details.aspx?FamilyId=90044D88-299B-49FB-B762-EAE17A1F01F4 (http://www.microsoft.com/downloads/details.aspx?FamilyId=90044D88-299B-49FB-B762-EAE17A1F01F4)
Back to the top
APPLIES TO
  • Microsoft Forefront Client Security
  • Microsoft System Center 2012 Endpoint Protection
Back to the top
Keywords: 
kbexpertiseadvanced kbinfo kbhowto KB943556
Back to the top