Antivirus Exclusions for MOM and OpsMgr


Antivirus Exclusions in MOM 2005 and OpsMgr 2007: 


 


Processes:


 


Excluding by process executable is very dangerous, in that it limits the control of scanning potentially dangerous files handled by the process, because it excludes any and all files involved.  For this reason, unless absolutely necessary, we will not exclude any process executables in AV configurations for MOM servers.  If you do want to exclude the processes – they are documented below:


 


MOM 2005 – momhost.exe


OpsMgr 2007 – monitoringhost.exe


 


Exclusion by Directories:


 


Real-time, scheduled scanner and local scanner file extension specific exclusions for Operations Manager:  The directories listed here are default application directories.  You may need to modify these paths based on your client specific designs.  Only the following MOM\OpsMgr related directories should be excluded. 


Important Note: When a directory to be excluded is greater than 8 characters in length, add both the short and long file names of the directory into the exclusion list. To traverse the sub-directories, this is required by some AV programs.


 


SQL Database Servers:


These include the SQL Server database files used by Operations Manager components as well as system database files for the master database and tempdb.  To exclude these by directory, exclude the directory for the LDF and MDF files:


 


Examples:


C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data


D:\MSSQL\DATA


E:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Log


 


 


 


 


 


MOM 2005 (management servers and agents):


These include the queue and log files used by Operations Manager.


 


Example:


C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Operations Manager\


 


 


OpsMgr 2007 (management servers and agents):


These include the queue and log files used by Operations Manager.


 


Example:


C:\Program Files\System Center Operations Manager 2007\Health Service State\Health Service Store


 


 


Exclusion of File Type by Extensions:


Real-time, scheduled scanner and local scanner file extension specific exclusions for Operations Manager: 


SQL Database Servers:


These include the SQL Server database files used by Operations Manager components as well as system database files for the master database and tempdb. 


 


Examples:


MDF, LDF


 


MOM 2005 (management servers and agents):


These include the queue and log files used by Operations Manager.


 


Example:


WKF, PQF, PQF0, PQF1


 


OpsMgr 2007 (management servers and agents):


These include the queue and log files used by Operations Manager.


 


Example:


EDB, CHK, LOG.


 


Notes:


Page files should also be excluded from any real time scanning.

Comments (8)

  1. Anonymous says:

    Hi All, We had some customers ask what they should exclude in terms antivirus for Operations Manager

  2. Anonymous says:

    See this blog post for more details. For those of you who did not get a chance to deal with anti-virus

  3. cellodom says:

    Hi there

    We have the problem that our antivirus-team doesn’t want to exclude the MonitoringHost.exe (security risk) Can someone please tell me, what the consequences may be a result? As shown, the error image if this Exclusion is not done.

    Thx a lot!

    cheers cellodom

  4. Kevin Holman says:

    I do not recommend excluding the processes – as I documented above.  So I am not sure why you are wanting to do this???

    By the way – this apparenyl solved enough issues – they made this blog post a KB article:

    http://support.microsoft.com/kb/975931

  5. @Jarrad – the following KB article lists the recommended exclusions for OM2012: support.microsoft.com/…/975931

  6. Dominique says:

    Hello,

    I put in place these exclusions by creating a Policy in the FCS Console for each of these groups:

    SQL Database Servers:

    These include the SQL Server database files used by Operations Manager components as well as system database files for the master database and tempdb.  To exclude these by directory, exclude the directory for the LDF and MDF files:

    MOM 2005 (management servers and agents):

    These include the queue and log files used by Operations Manager.

    OpsMgr 2007 (management servers and agents):

    These include the queue and log files used by Operations Manager.

    Exclusion of File Type by Extensions:

    Real-time, scheduled scanner and local scanner file extension specific exclusions for Operations Manager:  

    SQL Database Servers:

    These include the SQL Server database files used by Operations Manager components as well as system database files for the master database and tempdb.  

    MOM 2005 (management servers and agents):

    These include the queue and log files used by Operations Manager.

    OpsMgr 2007 (management servers and agents):

    These include the queue and log files used by Operations Manager.

    but it seems Forefront Client Security can apply only one policy per group…

    Which means for the DW which has Application and SQL Application overwrite the SQL Polciy and I had only one applied… any tricks?

    Thanks,

    Dom

  7. Dominique says:

    It seems I need to create a group for each server, one by one, RMS, MS, DW, etc… to be able to deploy a unique exclusion policy to each of them.

    I tried a group per function Management Server, Console, Data Warehouse, etc… but the mixage of the servers will not work ,,,

    Still in process…

  8. Jarrad says:

    What about 2012 ;)…

    Thanks Kev.

    Cheers Jarrad