Based on all of the resources linked on Microsoft Technet article, this is a complete list of AV exceptions that should be in place on servers running AD, DHCP, Hyper-V, SQL and Exchange. There are more exceptions listed in the article but these were the ones that applied to my server configurations at the time.
*.mdf
*.ldf
*.ndf
*.bak
*.trn
*.trc
*.sqlaudit
*.sql
%ProgramFiles%\Microsoft SQL Server\MSSQL.X\OLAP\Backup\*.*
%ProgramFiles%\Microsoft SQL Server\MSSQL.X\OLAP\Log\*.*
%ProgramFiles%\Microsoft SQL Server\MSSQL10_50.BACKUPEXEC\MSSQL\Binn\SQLServr.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL10_50.BACKUPEXEC\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL10_50.BACKUPEXEC\OLAP\Bin\MSMDSrv.exe
%windir%\SoftwareDistribution\Datastore\*.*
%windir%\SoftwareDistribution\Datastore\Logs\*.*
Edb*.jrs
Edb.chk
Tmp.edb
*.edb
*.sdb
*.log
*.chk
*.jrs
%allusersprofile%\NTUser.pol
%SystemRoot%\GroupPolicy\Machine\Registry.pol
%SystemRoot%\GroupPolicy\User\Registry.pol
%windir%\Ntds\*.*
%windir%\Ntfrs\*.*
%systemroot%\Sysvol\Staging areas\*.*
%systemroot%\Sysvol\Domain\*.*
%systemdrive%\System Volume Information\DFSR\*.*
%systemroot%\System32\DHCP\*.*
%systemroot%\System32\Dns\*.*
%allusersprofile%\Microsoft\Windows\Hyper-V\*.*
C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks\*.*
%systemroot%\System32\vmms.exe
%systemroot%\System32\vmwp.exe
%ExchangeInstallPath%\*.*
%SystemRoot%\System32\Inetsrv\*.*
%Winnt%\Cluster\*.*
%Windir%\Cluster\*.*
%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files\*.*
%SystemRoot%\System32\Inetsrv\*.*
C:\Inetpub\logs\logfiles\w3svc\*.*
Cdb.exe
Microsoft.Exchange.Search.Exsearch.exe
Cidaemon.exe
Microsoft.Exchange.Servicehost.exe
Clussvc.exe
MSExchangeADTopologyService.exe
Dsamain.exe
MSExchangeFDS.exe
Microsoft.Exchange.EdgeCredentialSvc.exe
No comments:
Post a Comment