SYSTEM CENTER 2016 Operations Manager – Anti-Virus Exclusions


NOTE: Process name exclusions could potentially prevent some dangerous programs from being detected. Therefore exclusions based on processes might expose to security issues and should be avoided.

 

As we are all aware, antivirus exclusions can affect monitoring data generated, and affect system performance.

 

Best practice is to implement specific exclusions.

Hopefully this table is helpful (my thanks to the PFE UK team blog)

Please consult your Security Team for approval.

 

Exclusions\Role MS DB GW RS Web Agent
Folder
Management Server installation folder
Default: “C:\Program Files\Microsoft System Center 2016\Operations Manager\Server\”
*
Agent installation folder
Default: “C:\Program Files\Microsoft Monitoring Agent”
* *
Gateway installation folder
Default: “C:\Program Files\Microsoft System Center 2016\Operations Manager\Gateway\”
*
Reporting installation folder
Default: “C:\Program Files\Microsoft System Center 2016\Operations Manager\Reporting”
*
WebConsole installation folder
Default: “C:\Program Files\Microsoft System Center 2016\Operations Manager\WebConsole”
*
SQL Data installation folder
Default: “C:\Program Files\Microsoft SQL Server\MSSQL.1x<INSTANCENAME>\MSSQL\Data”
*
SQL Log installation folder
Default: “C:\Program Files\Microsoft SQL Server\MSSQL.1x<INSTANCENAME>\MSSQL\Log”
*
SQL Reporting installation folder
Default: “C:\Program Files\Microsoft SQL Server\MSRS.1x<INSTANCENAME>
*
File Types
EDB * * * * *
CHK * * * * *
LOG * * * * *
LDF * *
MDF * *
NDF * *
Processes
CShost.exe *
HealthService.exe * * * * * *
Microsoft.Mom.Sdk.ServiceHost.exe *
MonitoringHost.exe * * * * * *
SQL Server
Default: “C:\Program Files\Microsoft SQL Server\MSSQL1x.<Instance Name>\MSSQL\Binn\SQLServr.exe”
*
SQL Reporting Services
Default: “C:\Program Files\Microsoft SQL Server\MSRS1x.<Instance Name>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe”
* *

 

Useful information for decoding the matrix

Platform https://support.microsoft.com/en-us/help/822158/virus-scanning-recommendations-for-enterprise-computers-that-are-running-currently-supported-versions-of-windows

SCOM 2012/2012R2 KB975931 https://support.microsoft.com/en-us/help/975931/recommendations-for-antivirus-exclusions-that-relate-to-operations-manager
PFE UK team blog https://blogs.technet.microsoft.com/manageabilityguys/2013/11/26/system-center-2012-r2-operations-manager-anti-virus-exclusions/

SQL https://blogs.technet.microsoft.com/raymond_ris/2014/01/16/windows-antivirus-exclusion-recommendations-servers-clients-and-role-specific/

Version mapping by folder (my thanks to StackOverFlow https://stackoverflow.com/questions/18753886/sql-server-file-names-vs-versions )
100 = SQL Server 2008    = 10.00.xxxx
105 = SQL Server 2008 R2 = 10.50.xxxx
110 = SQL Server 2012    = 11.00.xxxx
120 = SQL Server 2014    = 12.00.xxxx
130 = SQL Server 2016    = 13.00.xxxx

Comments (0)

Skip to main content