Preventing Symantec AntiVirus Corporate Edition 9.x from scanning the Microsoft Exchange directory structure

Article:TECH100685  |  Created: 2004-01-24  |  Updated: 2006-01-02  |  Article URL http://www.symantec.com/docs/TECH100685
Article Type
Technical Solution


Environment

Issue



This document discusses how to prevent Symantec AntiVirus Corporate Edition 9.x from scanning the Microsoft Exchange directory structure to prevent problems with the Internet Mail Connector (IMC) or Information Store (IS).


Solution



Symantec AntiVirus protects only the file system on an Exchange server and not Exchange server itself.

The protection of the Exchange server is the role of a product such as Symantec Mail Security for Microsoft Exchange. Certain folders must be excluded from scanning by Symantec AntiVirus. If Auto-Protect scans the Exchange directory structure or the Symantec Mail Security processing folder, it can cause false-positive virus detections, unexpected behavior on the Exchange server, or damage to the Exchange databases. This is true of all antivirus programs that run on Exchange servers. For more information, see the Microsoft Knowledge Base article XGEN: Recommendations for Troubleshooting an Exchange Computer with Antivirus Software Installed - ID Q245822.

The details in the following sections cover the folders that can be safely scanned or that need to be excluded when Symantec AntiVirus or other Symantec products are installed.

Folders that file-system antivirus software can safely scan
  • Exchsrvr\Address
  • Exchsrvr\Bin
  • Exchsrvr\Conndata
  • Exchsrvr\Exchweb
  • Exchsrvr\Res
  • Exchsrvr\Schema
  • Any additional directories that are not a part of a standard Exchange installation, and which are not included in the list of directories (shown below) that are unsafe to scan

Folders to exclude when using file-system antivirus software
The following folders should be excluded from Auto-Protect, scheduled scans, and manual scans.


WARNING:
A common mistake is to configure exclusions for Auto-Protect, but to forget to exclude scheduled scans and manual scans. All types of scans that run on the on the server must be excluded, or there is a risk of data loss on the server.

Another common mistake is to omit the paths to the folders that you need to exclude. For example, to exclude the Exchsrvr\Mdbdata folder, you would most likely exclude C:\Program Files\Exchsrvr\Mdbdata. Because Exchange folder locations can be configured differently, the paths here are given starting from the Exchsrvr folder.




Notes:
The Tmp.edb file may be found in more than one location. Search for the file, and exclude it in any of the locations where it is found.

You can exclude single files from within Symantec AntiVirus, but not from within Symantec System Center. This means that, with all versions, you must exclude Tmp.edb from within Symantec AntiVirus on the Exchange server.



Exchange 5.5
  • Exchange databases (default location: Exchsrvr\Mdbdata)
  • Exchange MTA files (default location: Exchsrvr\Mtadata)
  • Exchange temporary files: Tmp.edb
  • Additional log files (default location/name: Exchsrvr\server_name.log)
  • Site Replication Service (SRS) files (default location: Exchsrvr\Srsdata)
  • Inbox and Outbox for Internet Mail Connector (Exchsrvr\IMCDATA folder)
  • Internet Information Service (IIS) system files (:\Winnt\System32\Inetsrv)
  • All of the appropriate folders listed in the next section, "When the following Symantec products are installed, exclude the following folders"

Exchange 2000
  • The Installable File System (IFS) (default location: drive M)
  • Exchange databases (default location: Exchsrvr\Mdbdata)
  • Exchange MTA files (default location: Exchsrvr\Mtadata)
  • Exchange temporary files: Tmp.edb
  • Additional log files (default location: Exchsrvr\server_name .log)
  • Virtual server folder (default location: Exchsrvr\Mailroot)
  • Site Replication Service (SRS) files (default location: Exchsrvr\Srsdata)
  • Internet Information Service (IIS) system files (:\Winnt\System32\Inetsrv)
  • Site Server Gatherer temporary directory (:\Winnt\Temp\Gthrsvc), if it exists.
  • All of the appropriate folders listed in the next section, "When the following Symantec products are installed, exclude the following folders"

Exchange 2003
  • Exchange databases (default location: Exchsrvr\Mdbdata)
  • Exchange MTA files (default location: Exchsrvr\Mtadata)
  • Exchange temporary files: Tmp.edb
  • Additional log files (default location: Exchsrvr\server_name .log)
  • Virtual server folder (default location: Exchsrvr\Mailroot)
  • Site Replication Service (SRS) files (default location: Exchsrvr\Srsdata)
  • Internet Information Service (IIS) system files (:\Winnt\System32\Inetsrv or :\Windows\System32\Inetsrv)
  • Working folder for message conversion .tmp files. (default location: Exchsrvr\Mdbdata)
    The location of this folder is configurable. For additional information, read the Microsoft Knowledge Base article 822936 - Message Flow to the Local Delivery Queue Is Very Slow.
  • The temporary folder that is used in conjunction with offline maintenance utilities such as Eeseutil.exe.
    By default, this folder is the location from which you run the executable, but you can configure where you run the file from when you run the utility.
  • The folder that contains the checkpoint (.chk) file.
    For information on the location of this file, read the Microsoft Knowledge Base article Overview of Exchange Server 2003 and Antivirus Software.
  • Site Server Gatherer temporary directory (:\Windows\Temp\Gthrsvc), if it exists.
  • All of the appropriate folders listed in the next section, "When the following Symantec products are installed, exclude the following folders"


When the following Symantec products are installed, exclude the following folders
The following folders should be excluded from Auto-Protect, scheduled scans, and manual scans:


WARNING: The exclusion of these folders is critical to the operation of the products. Each product uses its temp folder as a processing folder. If the temp folders are not excluded from file system scanning, the antivirus programs may conflict and cause unexpected behavior, including potential data loss.


  • Symantec Mail Security 5.0 for Microsoft Exchange
    :\Program Files\Symantec\SMSMSE\5.0\Server\Temp
    :\Program Files\Symantec\SMSMSE\5.0\Server\Quarantine
  • Symantec Mail Security 4.6 for Microsoft Exchange
    :\Program Files\Symantec\SMSMSE\4.6\Server\Temp
    :\Program Files\Symantec\SMSMSE\4.6\Server\Quarantine
  • Symantec Mail Security 4.5 for Microsoft Exchange
    :\Program Files\Symantec\SMSMSE\4.5\Server\Temp\
    :\Program Files\Symantec\SMSMSE\4.5\Server\Quarantine
  • Symantec Mail Security 4.0 for Microsoft Exchange
    :\Program Files\Symantec\SMSMSE\4.0\Server\Temp\
  • Symantec AntiVirus/Filtering 3.0 for Microsoft Exchange
    :\Program Files\Symantec\SAVFMSE\Temp
  • Norton AntiVirus 2.x for Microsoft Exchange
    :\Program Files\NAVMSE\Temp

Creating the exclusions
The procedure for creating the exclusions depends on whether your Exchange servers are configured as servers, unmanaged clients, or managed clients. Click the icon to either expand ( ) or collapse ( ) the appropriate section:
    Hide details for Servers
Servers
When Symantec AntiVirus 9.x is on a Microsoft Exchange server, configure exclusions for Auto-Protect through the Symantec System Center. Manual scans should still be run from within Symantec AntiVirus, so that the exclusions can be created.

To configure exclusions for Auto-Protect from the Symantec System Center
  1. Start the Symantec System Center, and unlock the server group.
  2. Right-click the Exchange server, and then click All Tasks > Symantec AntiVirus > Server Auto-Protect Options.
  3. check Exclude selected files and folders.
  4. Click Exclusions.
  5. Click Files/Folders to create the exclusions.
  6. Exclude all necessary Exchange folders by clicking once in the empty box to the left of each directory.
    If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.
  7. If a Symantec antivirus product for Exchange is installed, exclude the correct folders for the version that you are using.
    For details, read the "Exclude the following folders when the following Symantec products are installed" section of this document.

To configure exclusions for a scheduled scan from the Symantec System Center
  1. Start Symantec System Center, and unlock the server group.
  2. Right-click the server group, and then click All Tasks > Symantec AntiVirus > Scheduled Scans.
  3. Create a scheduled scan, or edit an existing one.
  4. Click Scan Settings.
  5. Select the drives, folders, or files to scan.
  6. Click Options.
  7. Check Exclude files and folders, and then click Exclusions.
  8. Click Files/Folders to create the exclusions.
  9. Exclude all necessary Exchange folders by clicking once in the empty box to the left of each directory.
    If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.
  10. If a Symantec antivirus product for Exchange is installed, exclude the correct folders for the version that you are using.
    For details, read the "Exclude the following folders when the following Symantec products are installed" section of this document.

To start a manual scan with the appropriate exclusions from within Symantec AntiVirus
  1. Start Symantec AntiVirus.
  2. Click Scan, and then click Scan Computer.
  3. Select the drives, folders, or files to scan.
  4. In the lower-right corner, click Options.
  5. Check Exclude files and folders.
  6. Click Exclusions.
  7. Click Files/Folders to create the exclusions.
  8. Exclude all necessary Exchange folders by clicking once in the empty box to the left of each directory.
    If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.
  9. If a Symantec antivirus product for Exchange is installed, exclude the correct folders for the version that you are using.
    For details, read the "Exclude the following folders when the following Symantec products are installed" section of this document.

    Hide details for Unmanaged clients
Unmanaged clients
If the Exchange server is configured as an unmanaged client, you must configure all exclusions from within Symantec AntiVirus, and you must not install the Email Tools.

To configure exclusions for Auto-Protect from within Symantec AntiVirus
  1. Start Symantec AntiVirus.
  2. Click Configure, and then click File System Auto-Protect.
  3. Click Exclude selected files and folders.
  4. Click Exclusions.
  5. Click Files/Folders to create the exclusions.
  6. Exclude all necessary Exchange folders by clicking once in the empty box to the left of each directory.
    If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.
  7. If a Symantec antivirus product for Exchange is installed, exclude the correct folders for the version that you are using.
    For details, read the "Exclude the following folders when the following Symantec products are installed" section of this document.

To configure exclusions for a scheduled scan from within Symantec AntiVirus
  1. Start Symantec AntiVirus.
  2. Click Scheduled Scans.
  3. Create a new scan, or select the scan you wish to configure, and click Next twice.
  4. Select the drives, folders, or files to scan.
  5. In the lower-right corner, click Options.
  6. Click Exclude files and folders.
  7. Click Exclusions.
  8. Click Files/Folders to create the exclusions.
  9. Exclude all necessary Exchange folders by clicking once in the empty box to the left of each directory.
    If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.
  10. If a Symantec antivirus product for Exchange is installed, exclude the correct folders for the version that you are using.
    For details, read the "Exclude the following folders when the following Symantec products are installed" section of this document.

To start a manual scan with the appropriate exclusions from within Symantec AntiVirus
  1. Start Symantec AntiVirus.
  2. Click Scan, and then click Scan Computer.
  3. Select the drives, folders, or files to scan.
  4. In the lower-right corner, click Options.
  5. Click Exclude files and folders.
  6. Click Exclusions.
  7. Click Files/Folders to create the exclusions.
  8. Exclude all necessary Exchange folders by clicking once in the empty box to the left of each directory.
    If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.
  9. If a Symantec antivirus product for Exchange is installed, exclude the correct folders for the version that you are using.
    For details, read the "Exclude the following folders when the following Symantec products are installed" section of this document.

    Hide details for Managed clients
Managed clients
If the Exchange server is configured as a managed client in a client group that you have created specifically for Exchange servers, configure the exclusions through the Symantec System Center. Manual scans should be run from within Symantec AntiVirus, and should be configured there.


Notes:
The Exchange server should not be configured as a managed client unless it is in a client group specifically for Exchange servers. For more information, read the document Best practice for Symantec AntiVirus Corporate Edition realtime protection running on the Microsoft Exchange Server.

If Symantec AntiVirus is installed as a client, you must not install the Email Tools.


To configure exclusions for Auto-Protect from the Symantec System Center
  1. Start the Symantec System Center, and unlock the server group.
  2. Under Groups, right-click the client group, and then click All Tasks > Symantec AntiVirus > Client Auto-Protect Options.
  3. Check Exclude selected files and folders, and click the lock icon so that it appears as locked.
  4. Click Exclusions.
  5. Click Files/Folders to create the exclusions.
  6. Exclude all necessary Exchange folders by entering the full paths of each folder, one on each line.
    If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.
  7. If a Symantec antivirus product for Exchange is installed, exclude the correct folders for the version that you are using.
    For details, read the "Exclude the following folders when the following Symantec products are installed" section of this document.

To configure exclusions for a scheduled scan from the Symantec System Center
  1. Start the Symantec System Center, and unlock the server group.
  2. Under Groups, right-click the client group, and then click All Tasks > Symantec AntiVirus > Scheduled Scans.
  3. Create a scheduled scan, or edit an existing one.
  4. Click Scan Settings.
  5. Click Options.
  6. Check Exclude files and folders, and then click Exclusions.
  7. Click Folders to create the exclusions.
  8. Exclude all necessary Exchange folders by entering the full paths of each folder, one on each line.
    If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.
  9. If a Symantec antivirus product for Exchange is installed, exclude the correct folders for the version that you are using.
    For details, read the "Exclude the following folders when the following Symantec products are installed" section of this document.

To start a manual scan with the appropriate exclusions from within Symantec AntiVirus
  1. Start Symantec AntiVirus.
  2. Click Scan, and then click Scan Computer.
  3. Select the drives, folders, or files to scan.
  4. In the lower-right corner, click Options.
  5. Click Exclude files and folders.
  6. Click Exclusions.
  7. Click Files/Folders to create the exclusions.
  8. Exclude all necessary Exchange folders by clicking once in the empty box to the left of each directory.
    If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.
  9. If a Symantec antivirus product for Exchange is installed, exclude the correct folders for the version that you are using.
    For details, read the "Exclude the following folders when the following Symantec products are installed" section of this document.





References
For additional information, read the document Best practices for Symantec AntiVirus Corporate Edition 9.x Auto-Protect on a Microsoft Exchange server.





Legacy ID



2004052416452048


Article URL http://www.symantec.com/docs/TECH100685


Terms of use for this information are found in Legal Notices