Hello all,

 

We have just purchased the Trend Micro Worry Free Business Security solution for our SBS 2003 server.

 

Can someone please recommend any files/folders that I should exclude from real-time scanning as I have noticed that one of the servers we have installed on has slowed down quite considerably - the other 2 sites seem fine.  We have SBS Premium so also running SQL & ISA.

 

Thanks so much in advance!

Tammy

This is a comprehensive list produced by Larry Struckmeyer, gleaned from a number of sources...

 

All (most?) locations are SBS defaults.

* Exchange*
Exchange Server Database = C:\Program Files\Exchsrvr\Mdbdata (check location)
Exchange MTA files = C:\Program Files\Exchsrvr\Mtadata
Exchange Message tracking log files = C:\Program Files\Exchsrvr\server_name.log
Exchange SMTP Mailroot = C:\Program Files\Exchsrvr\Mailroot
Exchange working files = C:\Program Files\Exchsrvr\Mdbdata
C:\Program Files\Exchsrvr\Conndata
Site Replication Service (not normally used in SBS but should be excluded anyway) = C:\Program Files\Exchsrvr\srsdata

*IIS related Exclusions*
IIS System Files = C:\WINDOWS\system32\inetsrv
IIS Compression Folder = C:\WINDOWS\IIS Temporary Compressed Files

*Domain Controller related exclusions*
Active Directory database files = C:\WINDOWS\NTDS
SYSVOL C:\WINDOWS\SYSVOL
NTFRS Database Files = C:\WINDOWS\ntfrs

*Windows SharePoint Services*
Temporary SharePoint space = C:\windows\temp\Frontpagetempdir

*Service Related Data Bases*
DHCP Database Store = C:\WINDOWS\system32\dhcp
WINS Database Store = C:\WINDOWS\system32\wins
X:\Program Files\Microsoft SQL Server\MSSQL$SBSMONITORING\Data
X:\Program Files\Microsoft SQL Server\MSSQL$SHAREPOINT\Data
X:\Program Files\Microsoft SQL Server\MSSQL\Data

*Additional Exclusions*
Removable Storage Database (used by SBS Backup) = C:\Windows\System32\ntmsdata
SBS POP3 connector Failed Mail = C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Failed Mail
SBS POP3 connector Incoming Mail = C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Incoming Mail
Windows Update Store = C:\WINDOWS\SoftwareDistribution\DataStore
X:\urlcache
X:\pagefile.sys

*AV Progam Exclusions*
x:\Folder where AV puts quarentined files
X:\

*Desktop Folder Exclusions*
These folders need to be excluded in the desktops and notebooks clients.
Windows Update Store = C:\WINDOWS\SoftwareDistribution\DataStore

*SBS Licensing Exclusions*
File - %windir%\system32\licstr.cpa
Folder - %windir%\windows\system32\lls
NOTE: Run the License Wiz and backup the licenses to a secure folder.

*Terminal Services Licensing Exclusions*
C:\WINDOWS\System32\LServer
(folder should contain the following TS related stuff):
edb.log
edb.chk
res1.log
res2.log
TLSLic.edb
temp.edb

*Also, Refer to the MS KB Articles*
815623
822158
245822
284947

*Per 822158*
The Windows Update or Automatic Update database file %windir%\SoftwareDistribution\Datastore\datastore.edb

The transaction log files. These files are located in the following folder %windir%\SoftwareDistribution\Datastore\Logs\edb*.log
Note The wildcard character indicates that there may be several files.
. Res1.log
. Res2.log
. Edb.chk
. Tmp.edb

*Per 815623*
In summary, the targeted and excluded list of folders for a SYSVOL tree that is placed in its default location would look similar to the following:
1. %systemroot%\sysvol Exclude
2. %systemroot%\sysvol\domain Scan
3. %systemroot%\sysvol\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory Exclude
4. %systemroot%\sysvol\domain\Policies Scan
5. %systemroot%\sysvol\domain\Scripts Scan
6. %systemroot%\sysvol\staging Exclude
7. %systemroot%\sysvol\staging areas Exclude
8. %systemroot%\sysvol\sysvol Exclude

If any one of these folder or files have been moved or placed in a different location, scan or exclude the equivalent element.

DFS
The same resources that are excluded for a SYSVOL replica set must also be excluded when FRS is used to replicate shares that are mapped to the DFS root and link targets on Windows 2000 or Windows Server 2003-based member computers or domain controllers.