Configuring antivirus exclusions for agent and components
This version of Operations Manager has reached the end of support, we recommend you to upgrade to Operations Manager 2019.
This article outlines antivirus exclusions as they pertain to System Center - Operations Manager. For earlier versions of Operations Manager, see Recommendations for antivirus exclusions.
For specific exclusion recommendations for supported versions of SQL Server, see KB309422.
Exclusions by process executable
If exclusions are configured based on process executable, exclude the following processes:
|Web Console server||HealthService.exe
1 For SQL Server servers hosting the Operations Manager databases (Operational, Data Warehouse, ACS) and Reporting server role.
You must be careful when you add exclusions that are based on executables. Incorrectly configured exclusions may prevent some potentially dangerous programs from being detected. Therefore, we do not recommend relying on exclusions that are based on any process executables for Operations Manager servers.
Exclusions by directories
The following directory-specific exclusions for Operations Manager include real-time scans, scheduled scans, and local scans. The directories that are listed here are default application directories so you may have to modify these paths based on your specific environment. Only the following Operations Manager related directories should be excluded.
When a directory that is to be excluded has a directory name greater than 8 characters long, add both the short and long directory names of the directory to the exclusion list. These names are required by some antivirus programs to traverse sub-directories.
|SQL Server database server||Exclude the directory containing the .ldf and .mdf files for all Operations Manager databases,
Report server databases, and the master and tempdb databases.
|Management server||%ProgramFiles%\Microsoft System Center 2016\Operations Manager\Server\Health Service State for Operations Manager 2016
%ProgramFiles%\Microsoft System Center\Operations Manager\Server\Health Service State for Operations Manager 1801 and higher.
|Gateway server||%ProgramFiles%\System Center Operations Manager\Gateway\Health Service State|
|Windows agent||%ProgramFiles%\Microsoft Monitoring Agent\Agent\Health Service State|
|Reporting server||%ProgramFiles%\Microsoft System Center 2016\Operations Manager\Reporting for Operations Manager 2016
%ProgramFiles%\Microsoft System Center\Operations Manager\Reporting for Operations Manager 1801 and higher.
|Web Console server||%ProgramFiles%\Microsoft System Center 2016\Operations Manager\WebConsole for Operations Manager 2016
%ProgramFiles%\Microsoft System Center \Operations Manager\WebConsole for Operations Manager 1801 and higher.
Exclusion of file type by extension
The following file name extension-specific exclusions for Operations Manager include real-time scans, scheduled scans, and local scans.
|Component||File Type Extension Exclusion|
|SQL Server database server||Exclude file type extension .ldf and .mdf.
These exclusions include SQL Server database files for all Operations Manager databases, Report Server databases, and the system database files for master and tempdb.
|Exclude file type extensions .edb, .chk, and .log. These exclusions includes the queue and log files used by Operations Manager.|
For a complete listing of ports used, the direction of the communication, and if the ports can be configured, see Configuring a Firewall for Operations Manager.