SYSTEM CENTER 2016 Operations Manager - Anti-Virus Exclusions

  • Article

NOTE: Process name exclusions could potentially prevent some dangerous programs from being detected. Therefore exclusions based on processes might expose to security issues and should be avoided.

 

As we are all aware, antivirus exclusions can affect monitoring data generated, and affect system performance.

 

Best practice is to implement specific exclusions.

Hopefully this table is helpful (my thanks to the PFE UK team blog & Kevin Holman blog )

 

Please consult your Security Team for approval, as the 3 of the 4 Management server processes are NOT part of KB975931.

These 3 MS processes NOT part of KB975931 are: CSHost.exe, HealthService.exe, and Microsoft.Mom.Sdk.ServiceHost.exe

 

Exclusions\Role MS DB GW RS Web Agent
Folder
Management Server installation folder Default: "C:\Program Files\Microsoft System Center 2016\Operations Manager\Server\" *
Agent installation folder Default: "C:\Program Files\Microsoft Monitoring Agent" * *
Gateway installation folder Default: "C:\Program Files\Microsoft System Center 2016\Operations Manager\Gateway\" *
Reporting installation folder Default: "C:\Program Files\Microsoft System Center 2016\Operations Manager\Reporting" *
WebConsole installation folder Default: "C:\Program Files\Microsoft System Center 2016\Operations Manager\WebConsole" *
SQL Data installation folder Default: "C:\Program Files\Microsoft SQL Server\MSSQL.1x<INSTANCENAME>\MSSQL\Data" *
SQL Log installation folder Default: "C:\Program Files\Microsoft SQL Server\MSSQL.1x<INSTANCENAME>\MSSQL\Log" *
SQL Reporting installation folder Default: "C:\Program Files\Microsoft SQL Server\MSRS.1x<INSTANCENAME> *
File Types
EDB * * * * *
CHK * * * * *
LOG * * * * *
LDF * *
MDF * *
NDF * *
Processes
CShost.exe *
HealthService.exe * * * * * *
Microsoft.Mom.Sdk.ServiceHost.exe *
MonitoringHost.exe * * * * * *
SQL Server Default: "C:\Program Files\Microsoft SQL Server\MSSQL1x.<Instance Name>\MSSQL\Binn\SQLServr.exe" *
SQL Reporting Services Default: "C:\Program Files\Microsoft SQL Server\MSRS1x.<Instance Name>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe" * *

 

Useful information for decoding the matrix

Platform https://support.microsoft.com/en-us/help/822158/virus-scanning-recommendations-for-enterprise-computers-that-are-running-currently-supported-versions-of-windows

SCOM 2012/2012R2 KB975931 https://support.microsoft.com/en-us/help/975931/recommendations-for-antivirus-exclusions-that-relate-to-operations-manager
PFE UK team blog https://blogs.technet.microsoft.com/manageabilityguys/2013/11/26/system-center-2012-r2-operations-manager-anti-virus-exclusions/

SQL https://blogs.technet.microsoft.com/raymond_ris/2014/01/16/windows-antivirus-exclusion-recommendations-servers-clients-and-role-specific/

Version mapping by folder (my thanks to StackOverFlow https://stackoverflow.com/questions/18753886/sql-server-file-names-vs-versions )
100 = SQL Server 2008    = 10.00.xxxx
105 = SQL Server 2008 R2 = 10.50.xxxx
110 = SQL Server 2012    = 11.00.xxxx
120 = SQL Server 2014    = 12.00.xxxx
130 = SQL Server 2016    = 13.00.xxxx