Antivirus Exclusions for SharePoint 2010 and SQL Server 2008 R2

This comes up all of the time for me and it is high time that I created a single place for me to see every antivirus exclusion that is necessary for production SharePoint 2010 and SQL 2008 R2 servers to run efficiently. If you don’t configure antivirus exclusions on your servers you can expect to see performance problems and mysterious errors at some point, especially when load starts getting high.

After the break, there’s a full table that lists out all of the necessary antivirus exclusions that should be configured for Windows servers that are running SharePoint 2010 and/or SQL 2008 R2:

(I’m sorry in advance for how unreadable this may be with the CSS I have right now. I don’t have time to fix it…)

Product

Description

Exclusion Type

Location

Comments

Windows Server 2008 R2

Windows Update Datastore

Folder

%windir%\SoftwareDistribution\
Datastore

Windows Update Logs

File

The following files located in %windir%\SoftwareDistribution\Datastore\Logs:

Res*.log, Res*.jrs, Edb.chk, Tmp.edb

For the files with the wildcared * character, there may be several files in that folder that fit the criteria.

Windows Security Files

File

The following files located in %windir%\Security\Database:

*.edb, *.sdb, *.log, *.chk, *.jrs

From Microsoft: "If these files are not excluded, antivirus software may prevent proper access to these files, and security databases can become corrupted. Scanning these files can prevent the files from being used or may prevent a security policy from being applied to the files. These files should not be scanned because antivirus software may not correctly treat them as proprietary database files."

Windows Group Policy Files

File

%allusersprofile%\NTUser.pol

And

%Systemroot%\System32\GroupPolicy\Registry.pol

Domain Controllers

Files and Folders

See Comments

SharePoint and SQL Server should not be installed on a domain controller but this is sometimes necessary to build development environments. If your SharePoint server is a domain controller, additional AD related antivirus exclusion are listed here: MS Support KB822158

SharePoint Foundation 2010

Core Files

Folder

Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions

Can optionally just do ".\14\Logs" and ".\14\Data\Applications"

.NET Temp

Folder

Drive:\Windows\Microsoft.NET\
Framework64\v2.0.50727\Temporary ASP.NET Files

WebTemp

Folder

Drive: \Users\service account\AppData\Local\
Temp\WebTempDir

Folder

Drive:\ProgramData\
Microsoft\SharePoint\

Folder

Drive:\Users\the account that the search service is running as\AppData\Local\Temp

The search account creates a folder in the "gthrsvc_spsearch4 Temp" folder to which it periodically needs to write.

Log Files

Folder

Drive:\WINDOWS\system32\LogFiles

And/Or

Drive:\Windows\Syswow64\LogFiles

On 64 Bit Windows 2008 Server with 64 Bit Product, the location is Drive:\Windows\ Syswow64\LogFiles

Service Account Temp Files

Folder

Drive:\Users\Each App Pool Service Account\AppData\Local\Temp

And

Drive:\Users\Default\AppData\
Local\Temp

SharePoint Server 2010 (in addition to the above)

Index and Query Files

Folder

Drive:\Program Files\Microsoft Office Servers\14.0\Data

This folder is used for the indexing and/or query process. If the Index files are configured to reside in a different folder, you also have to exclude that location.

Enterprise Services Logs

Folder

Drive:\Program Files\Microsoft Office Servers\14.0\Logs

Enterprise Services Binaries

Folder

Drive:\Program Files\Microsoft Office Servers\14.0\Bin

FIM for User Profile Service

Folder

Drive:\Program Files\Microsoft Office Servers\14.0\Synchronization Service

RBS BLOB Store

Folder

Any location where BLOB data is stored

See this TechNet link for more info: MS Office Library on SharePoint BLOB storage

SQL 2008 R2

Data Files

Extension

.mdf, .ldf, .ndf

Backup Files

Extension

.bak, .trn

Full-Text Catalog Files

Folder

Default instance: Drive:\Program Files\Microsoft SQL Server\MSSQL\FTDATA

Or…

Named instance: Drive:\Program Files\Microsoft SQL Server\
MSSQL$instancename\FTDATA

Trace Files

Extension

.trc

SQL Audit Files

Extension

.sqlaudit

For more info see: MSDN SQLAudit Info

SQL Query Files

Extension

.sql

SSAS Data and Temp Folder

Folder

Default: Drive:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Data

This could be different and in separate places based on the configuration.

SSAS Backup Folder

Folder

Default: Drive:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Backup

This could be different based on the configuration.

SSAS Log Folder

Folder

Default: Drive:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Log

This could be different based on the configuration.

SSAS additional folders

Folder

Any extra folders added for SSAS in addition to what’s above.

SQL Server Database Engine

Process

%ProgramFiles%\Microsoft SQL Server\MSSQL10_50.<Instance Name>\MSSQL\Binn\SQLServr.exe

SQL Server Reporting Services

Process

%ProgramFiles%\Microsoft SQL Server\MSSQL10_50.<Instance Name>\Reporting Services\ReportServer\
Bin\ReportingServicesService.exe

SQL Server Analysis Services

Process

%ProgramFiles%\Microsoft SQL Server\MSSQL10_50.<Instance Name>\OLAP\Bin\MSMDSrv.exe

SQL Clustering

Folder

Q:\ (Your Quorum Drive)

C:\Windows\Cluster

If you’re running antivirus on a SQL cluster, make sure the Antivirus product and version is cluster-aware.

References:

Technorati Tags: , , ,

This entry was posted in Microsoft Admin, SharePoint and tagged , , , . Bookmark the permalink.

3 Responses to Antivirus Exclusions for SharePoint 2010 and SQL Server 2008 R2

  1. Scott says:

    Another great resource is the TechNet wiki at http://social.technet.microsoft.com/wiki/contents/articles/953.windows-anti-virus-exclusion-list-en-us.aspx. Someone was kind enough to put together a page that links to all of the relevant KBs for a number of MS products.

  2. PlateSpinner says:

    Thanks, Scott. That link is definitely bookmarkable.

  3. Pingback: Antivirus Exclusions for SharePoint 2010 and SQL Server 2012 | SharePoint MMMan

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>