Anti-Virus - Raccomandazioni su quali exclusioni implementare per i vari prodotti Microsoft

Spesso capita di fare attività su sistemi Microsoft, che sia Windows, GPO, DFS-N ed R, cluster, etc etc.

Molte volte, direi molto spesso, capita che i problemi alla fine sono dovuti al software Antivirus installato sul Server che non viene aggiornato o non configurato correttamente.

La prima cosa da fare quando si installa un AV è quella di andare a configurare la lista delle esclusioni. Questa serve per fare in modo che il motore AV non effettui lo scan di quella cartella o file in particolare. Spesso questi vengono trattati come virus o attività malevole, invece potrebbero essere semplicemente dei file di Transaction Log che vengono acceduti spessissimo, ovviamente dall'applicazione specifica, e non hanno nulla a che fare con malware, trojan, virus etc.

Di seguito sono elencati i software Microsoft e relativa KB con lista esclusioni.

Questo è il link al famoso articolo dove ci sono le raccomandazioni generiche per sistemi Windows e Domain Controller (verso centro pagina)

Enterprise Configuration Recommendations: http://support.microsoft.com/kb/822158

 

Per gli altri software fare riferimento a quanto segue:

App-V: http://support.microsoft.com/kb/2576031

BizTalk Server:

http://msdn.microsoft.com/en-us/library/cc558617(BTS.10).aspx

http://msdn.microsoft.com/en-us/library/ee377064(BTS.70).aspx

Eseguibili inclusi con BizTalk sono EntSSO.exe, MSDTC.exe, BTSNTSvc.exe, BTSNTSvc64.exe, SQLServr.exe, ed anhe IIS, servizi WCF del cliente MSMQ, Rule Engine, SQL Agent, SSIS, SSNS ed altre applicazioni parte di integrazioni con altri servizi.

Cluster: http://support.microsoft.com/kb/250255

DHCP: http://support.microsoft.com/kb/927059

Dynamics CRM:   http://msdynamicswiki.com/2012/03/26/antivirus-exclusion-considerations-for-microsoft-dynamics-crm/

Dynamics AX 2009:

Versioni fino a AX 2009 escludere:

• Tutti i file AOD, AOI, ADD, ADI, KHD & KHI , e
• in alternativa, l'intera cartella dell'applicazione

Dynamics AX 2012

During AOS startup XPPIL (CIL) files are generated to by default: C:\Program Files\Microsoft Dynamics AX\60\Server\MicrosoftDynamicsAX\bin\XppIL>

• Exclude XppIL and all subfolders
• alternatively, you may want to exclude C:\Program Files\Microsoft Dynamics AX\60\Server\MicrosoftDynamicsAX\bin\Application\Appl>, which is the local AOS store of the label files.

Exchange:

• Exchange 2016: https://technet.microsoft.com/EN-US/library/bb332342(v=exchg.160).aspx
• Exchange 2013: http://technet.microsoft.com/en-us/library/bb332342%28v=exchg.150%29.aspx
• Exchange 2010: http://technet.microsoft.com/en-us/library/bb332342%28v=exchg.141%29.aspx
• Exchange 2007: http://technet.microsoft.com/en-us/library/bb332342%28EXCHG.80%29.aspx
• http://support.microsoft.com/kb/328841
• http://support.microsoft.com/kb/823166
• http://support.microsoft.com/kb/245822
• http://technet.microsoft.com/en-us/library/bb332342%28EXCHG.80%29.aspx
• http://technet.microsoft.com/en-us/library/bb332342.aspx

Forefront: Considerations when using antivirus software on FF Edge Products

• http://support.microsoft.com/kb/943620
• http://technet.microsoft.com/en-us/library/cc707727.aspx

FRS: http://support.microsoft.com/kb/815263

Hyper-V, System Center Virtual Machine Manager (SCVMM):

• http://social.technet.microsoft.com/wiki/contents/articles/2179.aspx
• http://support.microsoft.com/kb/961804/
• http://support.microsoft.com/kb/2628135
• Hardening the Hyper-V host (2012 / 2012 R2)

IIS:

• http://support.microsoft.com/kb/821749
• http://support.microsoft.com/kb/817442

ISA:

• http://support.microsoft.com/kb/887311

Lync 2010

• http://technet.microsoft.com/en-us/library/gg195736.aspx

Lync 2013

• http://technet.microsoft.com/en-us/library/dn440138.aspx

MED-V

• Recommended Anti-Virus exclusions for MED-V client and workspace installations

Orchestrator:

• http://social.technet.microsoft.com/wiki/contents/articles/26665.system-center-orchestrator-antivirus-exclusions.aspx

SBS:

• http://support.microsoft.com/kb/885685

SCCM 2007:

• http://blogs.technet.com/b/configurationmgr/archive/2010/11/30/configmgr-2007-antivirus-scan-and-exclusion-recommendations.aspx

SCCM 2012:

• http://www.systemcenterblog.nl/2012/05/09/anti-virus-scan-exclusions-for-configuration-manager-2012/
• http://blogs.technet.com/b/systemcenterpfe/archive/2013/01/11/updated-system-center-2012-configuration-manager-antivirus-exclusions-with-more-details.aspx

SCOM / MOM:

• Recommendations for antivirus exclusions that relate to Operations Manager
• Recommendations for antivirus exclusions in MOM 2005 and Operations Manager 2007
• System Center 2012 R2 Operations Manager - Anti-Virus Exclusions

SCDPM:

• Running Antivirus Software on the DPM Server

SharePoint:

• http://support.microsoft.com/kb/952167
• http://support.microsoft.com/kb/320111
• http://support.microsoft.com/kb/322941
• FAST Search Server 2010 for SharePoint

Skype for Business 2015: https://technet.microsoft.com/EN-US/library/mt629173.aspx

SMS: http://support.microsoft.com/kb/327453

SQL: http://support.microsoft.com/kb/309422

Team Foundation Server 2010/2012/2013: http://support.microsoft.com/kb/2636507

Virtual PC / Virtual Server:

• http://blogs.msdn.com/b/virtual\_pc\_guy/archive/2005/09/14/466291.aspx
• http://support.microsoft.com/kb/840193

Windows:  KB822158

Windows / Active Directory:

• http://support.microsoft.com/kb/822158
• http://support.microsoft.com/kb/837932
• http://support.microsoft.com/kb/943556

Windows Update:

• http://support.microsoft.com/kb/900638

WSUS (Windows Server Update Services):

• http://technet.microsoft.com/en-us/library/dd939908(WS.10).aspx\#av