Configuring antivirus exclusions for agent and components

Important

This version of Operations Manager has reached the end of support, we recommend you to upgrade to Operations Manager 2019.

This article outlines antivirus exclusions as they pertain to System Center - Operations Manager. For earlier versions of Operations Manager, see Recommendations for antivirus exclusions.

For specific exclusion recommendations for supported versions of SQL Server, see KB309422.

Exclusions by process executable

If exclusions are configured based on process executable, exclude the following processes:

Component Process
Management servers MonitoringHost.exe
HealthService.exe
Microsoft.Mom.Sdk.ServiceHost.exe
cshost.exe
Gateway server HealthService.exe
MonitoringHost.exe
Windows agent HealthService.exe
MonitoringHost.exe
Web Console server HealthService.exe
MonitoringHost.exe
SQL Server1 HealthService.exe
MonitoringHost.exe

1 For SQL Server servers hosting the Operations Manager databases (Operational, Data Warehouse, ACS) and Reporting server role.

Note

You must be careful when you add exclusions that are based on executables. Incorrectly configured exclusions may prevent some potentially dangerous programs from being detected. Therefore, we do not recommend relying on exclusions that are based on any process executables for Operations Manager servers.

Exclusions by directories

The following directory-specific exclusions for Operations Manager include real-time scans, scheduled scans, and local scans. The directories that are listed here are default application directories so you may have to modify these paths based on your specific environment. Only the following Operations Manager related directories should be excluded.

Note

When a directory that is to be excluded has a directory name greater than 8 characters long, add both the short and long directory names of the directory to the exclusion list. These names are required by some antivirus programs to traverse sub-directories.

Component Directory Exclusion
SQL Server database server Exclude the directory containing the .ldf and .mdf files for all Operations Manager databases,
Report server databases, and the master and tempdb databases.
Management server %ProgramFiles%\Microsoft System Center 2016\Operations Manager\Server\Health Service State for Operations Manager 2016
%ProgramFiles%\Microsoft System Center\Operations Manager\Server\Health Service State for Operations Manager 1801 and higher.
Gateway server %ProgramFiles%\System Center Operations Manager\Gateway\Health Service State
Windows agent %ProgramFiles%\Microsoft Monitoring Agent\Agent\Health Service State
Reporting server %ProgramFiles%\Microsoft System Center 2016\Operations Manager\Reporting for Operations Manager 2016
%ProgramFiles%\Microsoft System Center\Operations Manager\Reporting for Operations Manager 1801 and higher.
Web Console server %ProgramFiles%\Microsoft System Center 2016\Operations Manager\WebConsole for Operations Manager 2016
%ProgramFiles%\Microsoft System Center \Operations Manager\WebConsole for Operations Manager 1801 and higher.

Exclusion of file type by extension

The following file name extension-specific exclusions for Operations Manager include real-time scans, scheduled scans, and local scans.

Component File Type Extension Exclusion
SQL Server database server Exclude file type extension .ldf and .mdf.
These exclusions include SQL Server database files for all Operations Manager databases, Report Server databases, and the system database files for master and tempdb.
Management server
Gateway server
Agents
Exclude file type extensions .edb, .chk, and .log. These exclusions includes the queue and log files used by Operations Manager.

Next steps

For a complete listing of ports used, the direction of the communication, and if the ports can be configured, see Configuring a Firewall for Operations Manager.