Best Practices for Anti-Virus Configuration and Exclusions in a Windows Environment

If you are here, it means you already know that configuring an anti-virus is not as simple as « next, next, next, ok ». Especially, deploying an antivirus to hundreds of clients… You’ve got to make sure that your clients are not suffering from intrusive antivirus processes, setup exclusions properly so that you don’t scan gigabytes of ISO files, make sure that the clients get the most recent and proper updates even if they are not connected to your network… Do you now get what I mean? J

I went through this process recently. We’re using Trend-Micro Worry-Free Advanced Business security software for a couple of years now. Recently Trend-Micro had an update and the most recent version of the program is version 8 as of writing this article. The process of upgrading didn’t go very well so I had to reinstall it from scratch! Here are my notes regarding this project;

I am not an antivirus expert but I guess every antivirus product has their own installing and “best practices” guide. I recommend you highly that these documents are worth reading, even if they are thousands of pages. Generally speaking, there are some folders & processes you can exclude from your real-time & scheduled scans…

Recommended folder exclusions for Windows 7 & Server 2008 R2 systems;

Windows Search & Indexing
Group Policy

This is really a general list. It all depends the software, services and roles that are installed in your systems that will determine what you should exclude from your scans. Let’s say you have a couple of custom applications that are programmed by your trusted developers, feel free to exclude these internal programs. For a complete list of suggested exclusions from Microsoft, please see the following article;

During my researches, I’ve also find this useful document from Kaspersky;

I guess there is not much left to say after giving away these documents. But I’ll give you a general list of all the processes that I’ve excluded from our systems too;

Windows Search & Indexing
Windows Search & Indexing
Windows Search & Indexing

 All the files that can be excluded from your antivirus agents;
Group Policy

 Here is a list of all the extensions that should be excluded;
Exchange Offline Cache File
Outlook Archiving File
Print Spooler File
Print Spooler File
Microsoft Virtual Machine Disk File
Microsoft Virtual Machine Disk File
VMware Virtual Machine Disk File
VMware Virtual Machine Memory File
Archive File
Windows Image File
Windows & 3rd party Log Files
Configuration File

Here is one last useful link that I found during my researches;
I hope this was useful to you and please feel free to send me your suggestions / corrections to make this document better. Best way to contact me is by email.


Popular posts from this blog

Find GUID (Globally Unique Identifier) of installed programs

Server 2016 - PerfNet Application Error Event ID 2006

Windows Image Backup Server Error 0X807800C5