Tuesday, November 22, 2011

OM12: Antivirus exclusions

With SCOM one had to exclude certain files, folders and sometimes even extensions (be careful here!) in order to keep your SCOM environment in a smooth condition without being frustrated in its workings by antivirus software.

As far as I have seen this isn’t any different with Microsoft System Center 2012 – Operations Manager (OM12). However, with this version some folder locations are changed and when one is running SQL Server 2008 R2 the same issue is happening as well. Therefore this posting contains the updated folder locations, based on OM12 RC.

My personal guess is the folder locations won’t change in OM12 RTM but NEVER assume ALWAYS check and double check!

This posting is based on another posting, to be found here.

Processes
Before excluding any process from being scanned by your antivirus software know what you’re doing. As Kevin stated it on his blog (adjusted it to OM12 servers):

“…Excluding by process executable is very dangerous, in that it limits the control of scanning potentially dangerous files handled by the process, because it excludes any and all files involved. For this reason, unless absolutely necessary, we will not exclude any process executables in AV configurations for OM12 servers…”

For OM12 it’s still the same process: monitoringhost.exe. However, the location differs, per functionality:

  1. OM12 Agent: ~:\Program Files\System Center Operations Manager\Agent;
  2. OM12 Management Server: ~:\Program Files\System Center Operations Manager 2012\Server.

Folders
These folders are advised to be excluded from scanning by your antivirus software:

  1. OM12 Agent: ~:\Program Files\System Center Operations Manager\Agent\Health Service State\Health Service Store;
  2. OM12 Management Server: ~:\Program Files\System Center Operations Manager 2012\Server\Health Service State\Health Service Store;
  3. SQL Server databases: ~:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\DATA;
  4. SQL Server log files: ~:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Log.

Extensions
These extensions are advised to be excluded from scanning by your antivirus software:

  1. OM12 MS servers and Agents: EDB, CHK, LOG. These are the queue and log files of OM12;
  2. SQL: MDF, LDF. These are the database and log files of SQL server.

No comments: