Kevin Holman's System Center Blog

Posts in this blog are provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified in the Terms of UseAre you interested in having a dedicated engineer that will be your Mic

Antivirus Exclusions for MOM and OpsMgr

Antivirus Exclusions for MOM and OpsMgr

  • Comments 8
  • Likes

Antivirus Exclusions in MOM 2005 and OpsMgr 2007: 

 

Processes:

 

Excluding by process executable is very dangerous, in that it limits the control of scanning potentially dangerous files handled by the process, because it excludes any and all files involved.  For this reason, unless absolutely necessary, we will not exclude any process executables in AV configurations for MOM servers.  If you do want to exclude the processes – they are documented below:

 

MOM 2005 – momhost.exe

OpsMgr 2007 – monitoringhost.exe

 

Exclusion by Directories:

 

Real-time, scheduled scanner and local scanner file extension specific exclusions for Operations Manager:  The directories listed here are default application directories.  You may need to modify these paths based on your client specific designs.  Only the following MOM\OpsMgr related directories should be excluded. 

Important Note: When a directory to be excluded is greater than 8 characters in length, add both the short and long file names of the directory into the exclusion list. To traverse the sub-directories, this is required by some AV programs.

 

SQL Database Servers:

These include the SQL Server database files used by Operations Manager components as well as system database files for the master database and tempdb.  To exclude these by directory, exclude the directory for the LDF and MDF files:

 

Examples:

C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data

D:\MSSQL\DATA

E:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Log

 

 

 

 

 

MOM 2005 (management servers and agents):

These include the queue and log files used by Operations Manager.

 

Example:

C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Operations Manager\

 

 

OpsMgr 2007 (management servers and agents):

These include the queue and log files used by Operations Manager.

 

Example:

C:\Program Files\System Center Operations Manager 2007\Health Service State\Health Service Store

 

 

Exclusion of File Type by Extensions:

Real-time, scheduled scanner and local scanner file extension specific exclusions for Operations Manager: 

SQL Database Servers:

These include the SQL Server database files used by Operations Manager components as well as system database files for the master database and tempdb. 

 

Examples:

MDF, LDF

 

MOM 2005 (management servers and agents):

These include the queue and log files used by Operations Manager.

 

Example:

WKF, PQF, PQF0, PQF1

 

OpsMgr 2007 (management servers and agents):

These include the queue and log files used by Operations Manager.

 

Example:

EDB, CHK, LOG.

 

Notes:

Page files should also be excluded from any real time scanning.

Comments
  • Hi All, We had some customers ask what they should exclude in terms antivirus for Operations Manager

  • See this blog post for more details. For those of you who did not get a chance to deal with anti-virus

  • Hi there

    We have the problem that our antivirus-team doesn't want to exclude the MonitoringHost.exe (security risk) Can someone please tell me, what the consequences may be a result? As shown, the error image if this Exclusion is not done.

    Thx a lot!

    cheers cellodom

  • I do not recommend excluding the processes - as I documented above.  So I am not sure why you are wanting to do this???

    By the way - this apparenyl solved enough issues - they made this blog post a KB article:

    http://support.microsoft.com/kb/975931

  • Hello,

    I put in place these exclusions by creating a Policy in the FCS Console for each of these groups:

    SQL Database Servers:

    These include the SQL Server database files used by Operations Manager components as well as system database files for the master database and tempdb.  To exclude these by directory, exclude the directory for the LDF and MDF files:

    MOM 2005 (management servers and agents):

    These include the queue and log files used by Operations Manager.

    OpsMgr 2007 (management servers and agents):

    These include the queue and log files used by Operations Manager.

    Exclusion of File Type by Extensions:

    Real-time, scheduled scanner and local scanner file extension specific exclusions for Operations Manager:  

    SQL Database Servers:

    These include the SQL Server database files used by Operations Manager components as well as system database files for the master database and tempdb.  

    MOM 2005 (management servers and agents):

    These include the queue and log files used by Operations Manager.

    OpsMgr 2007 (management servers and agents):

    These include the queue and log files used by Operations Manager.

    but it seems Forefront Client Security can apply only one policy per group...

    Which means for the DW which has Application and SQL Application overwrite the SQL Polciy and I had only one applied... any tricks?

    Thanks,

    Dom

  • It seems I need to create a group for each server, one by one, RMS, MS, DW, etc... to be able to deploy a unique exclusion policy to each of them.

    I tried a group per function Management Server, Console, Data Warehouse, etc... but the mixage of the servers will not work ,,,

    Still in process...

  • What about 2012 ;)…

    Thanks Kev.

    Cheers Jarrad

  • @Jarrad - the following KB article lists the recommended exclusions for OM2012: support.microsoft.com/.../975931

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
Search Blogs