Juil 05

Configure antivirus exceptions for SCCM

Configure antivirus exceptions for SCCM

Configure antivirus exceptions for SCCM

I installed recently a SCCM 1702. With the agent, the anti-virus was installed on the different servers and workstations. SCCM now uses the Windows servicing model. It is therefore necessary to configure the exceptions to the levels of the anti-virus scans if you want to avoid certain problems

What are the exceptions to configure?

Exceptions anti-virus software on ConfigMgr site server

  • %allusersprofile%\NTUser.pol
  • %systemroot%\system32\GroupPolicy\registry.pol
  • %windir%\Security\database\*.chk
  • %windir%\Security\database\*.edb
  • %windir%\Security\database\*.jrs
  • %windir%\Security\database\*.log
  • %windir%\Security\database\*.sdb
  • %windir%\SoftwareDistribution\Datastore\Datastore.edb
  • %windir%\SoftwareDistribution\Datastore\Logs\edb.chk
  • %windir%\SoftwareDistribution\Datastore\Logs\edb*.log
  • %windir%\SoftwareDistribution\Datastore\Logs\Edbres00001.jrs
  • %windir%\SoftwareDistribution\Datastore\Logs\Edbres00002.jrs
  • %windir%\SoftwareDistribution\Datastore\Logs\Res1.log
  • %windir%\SoftwareDistribution\Datastore\Logs\Res2.log
  • %windir%\SoftwareDistribution\Datastore\Logs\tmp.edb
  • Path : \Microsoft Configuration Manager\Inboxes\*.*
  • C:\Windows\TEMP\BootImages
  • C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Bin\sqlservr.exe
  • C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe

File exclusions

  • .mdf
  • .ldf
  • .ndf
  • .bak
  • .trn
  • .trc
  • .sqlaudit
  • .sql

How to configure SCCM

In the SCCM console, click Assets and compliance, and then in endpoint protection, click Antimalware Policies.

Configure antivirus exceptions for SCCM

Open the default rule or other. In the menu click Exclude Settings and then click Set on Excluded files and folders.

Configure antivirus exceptions for SCCM

Add the exception and click Add. Perform the same operation for the other exceptions. File extensions will be processed later.

Configure antivirus exceptions for SCCM
Configure antivirus exceptions for SCCM

Click OK and then click Set in excluded file type.

Configure antivirus exceptions for SCCM

Add the different exclusions listed above and then click OK.

Configure antivirus exceptions for SCCM

Exceptions are now configured. The policy can now be deployed without a problem.

Laisser un commentaire

Your email address will not be published.