Recommended antivirus exclusions for Configuration Manager 2012 and current branch site servers, site systems, and clients

Taikoma: System Center Configuration ManagerMicrosoft System Center 2012 Configuration ManagerMicrosoft System Center 2012 R2 Configuration Manager


This article contains recommendations that may help an administrator determine the cause of potential instability on a computer that is running a supported version of Configuration Manager site servers, site systems, and clients when it is used together with antivirus software.

Note We recommend that you temporarily apply these procedures to evaluate a system. If your system performance or stability is improved by the recommendations that are made in this article, contact your antivirus software vendor for instructions or for an updated version of the antivirus software.

Important This article contains information that shows how to help lower security settings or how to temporarily turn off security features on a computer. You can make these changes to understand the nature of a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment.


Antivirus real-time protection can cause many problems on Configuration Manager site servers, site systems, and clients.

The following is a non-comprehensive list of possible symptoms:

  • Remote site system components are not installed. SiteComp.log, Distmgr.log, hman.log or other Configuration Manager log files may contain errors such as error 80070005.
  • The Configuration Manager client cannot be installed through Client Push.
  • Client inventory information is inaccurate, missing, or out-of-date.
  • Backlogs occur in the Install_Directory\Program Files\Microsoft Configuration Manager\Inboxes folders.
  • Software Center is not populated by deployed software on client systems, or does not start. Also, the CCMRepair.log file may contain errors that resemble the following:
    Database verification failed with result: 0x80004005 but DB: C:\Windows\CCM\filename.sdf could be opened, skipping DB repair.
  • Software that is deployed to clients cannot be installed.
  • Compliance data for software deployments is inaccurate.


We recommend that you add the following real-time protection exclusions to prevent these problems.
Folder exclusions for site servers
  • Installation_Drive\Program Files\Microsoft Configuration Manager\Inboxes
  • Installation_Drive\Program Files\Microsoft Configuration Manager\Logs
  • Installation_Drive\Program Files\Microsoft Configuration Manager\EasySetupPayload

Folder exclusions for site systems
  • Management Points
    • Either of the following:
      • Installation_Drive\Program Files\SMS_CCM\ServiceData
      • C:\Windows\CCM\ServiceData
    • Either of the following:
      • Installation_Drive\Program Files\Microsoft Configuration Manager\MP\OUTBOXES
      • Installation_Drive\SMS\MP\OUTBOXES
  • Distribution Points
    • Either of the following:
      • Installation_Drive\Program Files\SMS_CCM\ServiceData
      • C:\Windows\CCM\ServiceData (if Pull DP-enable or MCS-enabled)
    • ContentLib_Drive\SMS_DP$
    • ContentLib_Drive\SMSPKGDrive_Letter$
    • ContentLib_Drive \SMSPKG
    • ContentLib_Drive \SMSPKGSIG
    • ContentLib_Drive \SMSSIG$
  • Site Database Servers
Folder exclusions for clients
  • All SDF files that are located under C:\Windows\CCM
  • C:\Windows\CCM\ServiceData
  • C:\Windows\CCMCache
  • C:\Windows\CCMSetup
  • C:\Windows\CCM\Logs

Process exclusions

Process Exclusions are necessary only if aggressive antivirus programs consider System Center Configuration Manager executables (.exe) to be high-risk processes.

  • Installation_folder\bin\64\Smsexec.exe
  • Either of the following:
    • %windir%\CCM\Ccmexec.exe (client-side or MP)
    • %windir%\installation_folder\SMS_CCM\Ccmexec.exe
  • %windir%\CCM\CmRcService.exe (client-side)
  • Installation_folder\bin\64\Sitecomp.exe
  • Installation_folder\bin\64\Smswriter.exe
  • Installation_folder\bin\64\Smssqlbkup.exe, or SMS_SQLFQDN\bin\x64\Smssqlbkup.exe
  • Installation_folder\bin\64\Cmupdate.exe
  • %windir%\CCM\Ccmrepair.exe (client-side)
  • %windir%\CCMSetup\Ccmsetup.exe (client-side)