Preventing Symantec AntiVirus 10.0 from scanning the Microsoft Exchange directory structure

Article:TECH101192  |  Created: 2005-01-05  |  Updated: 2010-08-13  |  Article URL http://www.symantec.com/docs/TECH101192
Article Type
Technical Solution


Issue



This document discusses how to prevent Symantec Client Security 3.0 and Symantec AntiVirus Corporate Edition 10.0 from scanning the Microsoft Exchange directory structure to prevent problems with the Internet Mail Connector (IMC) or Information Store (IS).

Symptoms
Preventing Symantec AntiVirus 10.0 from scanning the Microsoft Exchange directory structure This document discusses how to prevent Symantec Client Security 3.0 and Symantec AntiVirus Corporate Edition 10.0 from scanning the Microsoft Exchange directory structure to prevent problems with the Internet Mail Connector (IMC) or Information Store (IS).


 


Solution




Note: This article applies to Symantec AntiVirus 10.0. If the version installed on your server is SAV 10.1 or above, please see About automatic exclusions of Microsoft Exchange server files and folders in Symantec AntiVirus 10.1 and Symantec Client Security 3.1
 



Symantec AntiVirus protects only the file system on an Exchange server and not the Exchange server itself.

Protection of the Exchange server is the role of a product like Symantec Mail Security for Microsoft Exchange. Certain folders must be excluded from scanning by Symantec AntiVirus. If Auto-Protect scans the Exchange directory structure or the Symantec Mail Security processing folder, it can cause false-positive virus detections, unexpected behavior on the Exchange server, or damage to the Exchange databases. This is true of all antivirus programs that run on Exchange servers. For more information, see the Microsoft Knowledge Base article XGEN: Recommendations for Troubleshooting an Exchange Computer with Antivirus Software Installed - ID Q245822.

The details in the following sections cover the folders that can be safely scanned or that need to be excluded when Symantec AntiVirus or other Symantec products are installed.

Folders that file-system antivirus software can safely scan

  • Exchsrvr\Address
  • Exchsrvr\Bin
  • Exchsrvr\Conndata
  • Exchsrvr\Exchweb
  • Exchsrvr\Res
  • Exchsrvr\Schema
  • Any additional folders that are not a part of a standard Exchange installation, and which are not included in the list of directories (shown below) that are unsafe to scan


Folders to exclude when using file-system antivirus software
The following folders should be excluded from scanning by Auto-Protect, scheduled scans, and manual scans.

 


WARNING:

  • A common mistake is to configure exclusions for Auto-Protect, but to forget to exclude scheduled scans and manual scans. All types of scans that run on the on the server must be excluded, or there is a risk of data loss on the server.
  • Another common mistake is to omit the paths to the folders that you want to exclude. For example, to exclude the Exchsrvr\Mdbdata folder, you would most likely exclude C:\Program Files\Exchsrvr\Mdbdata. Because Exchange folder locations can be configured differently, the paths here are given starting from the Exchsrvr folder.



Exchange 5.5

  • Exchange databases (default location: Exchsrvr\Mdbdata)
  • Exchange MTA files (default location: Exchsrvr\Mtadata)
  • Exchange temporary files: Tmp.edb
  • Additional log files (default location/name: Exchsrvr\server_name.log)
  • Site Replication Service (SRS) files (default location: Exchsrvr\Srsdata)
  • Inbox and Outbox for Internet Mail Connector (Exchsrvr\IMCDATA folder)
  • Internet Information Service (IIS) system files (<drive>:\Winnt\System32\Inetsrv)
  • All of the appropriate folders listed in the next section, "When the following Symantec products are installed, exclude the following folders"


Exchange 2000

  • The Installable File System (IFS) (default location: drive M)
  • Exchange databases (default location: Exchsrvr\Mdbdata)
  • Exchange MTA files (default location: Exchsrvr\Mtadata)
  • Exchange temporary files: Tmp.edb
  • Additional log files (default location: Exchsrvr\server_name .log)
  • Virtual server folder (default location: Exchsrvr\Mailroot)
  • Site Replication Service (SRS) files (default location: Exchsrvr\Srsdata)
  • Internet Information Service (IIS) system files (<drive>:\Winnt\System32\Inetsrv)
  • Site Server Gatherer temporary directory (<drive>:\Winnt\Temp\Gthrsvc), if it exists.
  • All of the appropriate folders listed in the next section, "When the following Symantec products are installed, exclude the following folders"


Exchange 2003

  • Exchange databases (default location: Exchsrvr\Mdbdata)
  • Exchange MTA files (default location: Exchsrvr\Mtadata)
  • Exchange temporary files: Tmp.edb
  • Additional log files (default location: Exchsrvr\server_name .log)
  • Virtual server folder (default location: Exchsrvr\Mailroot)
  • Site Replication Service (SRS) files (default location: Exchsrvr\Srsdata)
  • Internet Information Service (IIS) system files (<drive>:\Winnt\System32\Inetsrv or :\Windows\System32\Inetsrv)
  • Working folder for message conversion .tmp files. (default location: Exchsrvr\Mdbdata)
    The location of this folder is configurable. For additional information, read the Microsoft Knowledge Base article 822936 - Message Flow to the Local Delivery Queue Is Very Slow.
  • The temporary folder that is used in conjunction with offline maintenance utilities such as Eeseutil.exe.
    By default, this folder is the location from which you run the executable, but you can configure where you run the file from when you run the utility.
  • The folder that contains the checkpoint (.chk) file.
    For information on the location of this file, read the Microsoft Knowledge Base article Overview of Exchange Server 2003 and Antivirus Software.
  • Site Server Gatherer temporary directory (<drive>:\Windows\Temp\Gthrsvc), if it exists.
  • All of the appropriate folders listed in the next section, "When the following Symantec products are installed, exclude the following folders"


Exchange 2007

Exchange 2007 can be installed with several different roles. As each role should have different exclusions, exclusions should be based on the
roles you have installed.
For a list of recommended exclusions for Exchange 2007, read the Microsoft TechNet article File-Level Antivirus Scanning on Exchange 2007.

 


Notes:

  • The Tmp.edb file may be found in more than one location. Search for the file, and exclude it in any of the locations where it is found.
  • You can exclude single files from within Symantec AntiVirus, but not from within the Symantec System Center. This means that you must exclude Tmp.edb from within Symantec AntiVirus on the Exchange server.



When the following Symantec products are installed, exclude the following folders
The following folders should be excluded from Auto-Protect, scheduled scans, and manual scans.

 


WARNING: The exclusion of these folders is critical to the operation of the products. Each product uses its temp folder as a processing folder. If the temp folders are not excluded from file system scanning, the antivirus programs may conflict and cause unexpected behavior, including potential data loss.
 



 

  • Symantec Mail Security Information Foundation 6.0 for Microsoft Exchange
    <drive>:\Program Files\Symantec\SMSMSE\6.0\Server\Temp
    <drive>:\Program Files\Symantec\SMSMSE\6.0\Server\Quarantine
  • Symantec Mail Security 5.0 for Microsoft Exchange
    <drive>:\Program Files\Symantec\SMSMSE\5.0\Server\Temp
    <drive>:\Program Files\Symantec\SMSMSE\5.0\Server\Quarantine
  • Symantec Mail Security 4.6 for Microsoft Exchange
    <drive>:\Program Files\Symantec\SMSMSE\4.6\Server\Temp
    <drive>:\Program Files\Symantec\SMSMSE\4.6\Server\Quarantine
  • Symantec Mail Security 4.5 for Microsoft Exchange
    <drive>:\Program Files\Symantec\SMSMSE\4.5\Server\Temp\
    <drive>:\Program Files\Symantec\SMSMSE\4.5\Server\Quarantine
  • Symantec Mail Security 4.0 for Microsoft Exchange
    <drive>:\Program Files\Symantec\SMSMSE\4.0\Server\Temp\
  • Symantec AntiVirus/Filtering 3.0 for Microsoft Exchange
    <drive>:\Program Files\Symantec\SAVFMSE\Temp
  • Norton AntiVirus 2.x for Microsoft Exchange
    <drive>:\Program Files\NAVMSE\Temp



Creating the exclusions
The procedure for creating the exclusions depends on whether your Exchange servers are configured as servers, unmanaged clients, or managed clients. Go to the section that represents your installation.

Servers
When Symantec AntiVirus 10.0 is on a Microsoft Exchange server, configure exclusions for Auto-Protect through the Symantec System Center. Manual scans should still be run from within Symantec AntiVirus, so that the exclusions can be created.

To configure exclusions for Auto-Protect from Symantec System Center

  1. Start Symantec System Center, and unlock the server group.
  2. Right-click the Exchange server, and then click All Tasks > Symantec AntiVirus > Server Auto-Protect Options.
  3. check Exclude selected files and folders.
  4. Click Exclusions.
  5. Click Files/Folders to create the exclusions.
  6. Exclude all necessary Exchange folders by clicking once in the empty box to the left of each directory.
    If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.
  7. If a Symantec antivirus product for Exchange is installed, exclude the correct folders for the version that you are using.
    For details, read the "When the following Symantec products are installed, exclude the following folders" section of this document.


To configure exclusions for a scheduled scan from Symantec System Center

  1. Start Symantec System Center, and unlock the server group.
  2. Right-click the server group, and then click All Tasks > Symantec AntiVirus > Scheduled Scans.
  3. Create a scheduled scan, or edit an existing one.
  4. Click Scan Settings.
  5. Select the drives, folders, or files to scan.
  6. Click Options.
  7. Check Exclude files and folders, and then click Exclusions.
  8. Click Files/Folders to create the exclusions.
  9. Exclude all necessary Exchange folders by clicking once in the empty box to the left of each directory.
    If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.
  10. If a Symantec antivirus product for Exchange is installed, exclude the correct folders for the version that you are using.
    For details, read the "When the following Symantec products are installed, exclude the following folders" section of this document.


To start a manual scan with the appropriate exclusions from within Symantec AntiVirus

  1. Start Symantec AntiVirus.
  2. Click Scan, and then click Scan Computer.
  3. Select the drives, folders, or files to scan.
  4. In the lower-right corner, click Options.
  5. Check Exclude files and folders.
  6. Click Exclusions.
  7. Click Files/Folders to create the exclusions.
  8. Exclude all necessary Exchange folders by clicking once in the empty box to the left of each directory.
    If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.
  9. If a Symantec antivirus product for Exchange is installed, exclude the correct folders for the version that you are using.
    For details, read the "When the following Symantec products are installed, exclude the following folders" section of this document.



Unmanaged clients
If the Exchange server is configured as an unmanaged client, you must configure all exclusions from within Symantec AntiVirus, and you must not install the Email Tools.

Interactive tutorial

To configure exclusions for Auto-Protect from within Symantec AntiVirus

  1. Start Symantec AntiVirus.
  2. Click Configure, and then click File System Auto-Protect.
  3. Click Exclude selected files and folders.
  4. Click Exclusions.
  5. Click Files/Folders to create the exclusions.
  6. Exclude all necessary Exchange folders by clicking once in the empty box to the left of each directory.
    If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.
  7. If a Symantec antivirus product for Exchange is installed, exclude the correct folders for the version that you are using.
    For details, read the "When the following Symantec products are installed, exclude the following folders" section of this document.


To configure exclusions for a scheduled scan from within Symantec AntiVirus

  1. Start Symantec AntiVirus.
  2. Click Scheduled Scans.
  3. Create a new scan, or select the scan you wish to configure, and click Next twice.
  4. Select the drives, folders, or files to scan.
  5. In the lower-right corner, click Options.
  6. Click Exclude files and folders.
  7. Click Exclusions.
  8. Click Files/Folders to create the exclusions.
  9. Exclude all necessary Exchange folders by clicking once in the empty box to the left of each directory.
    If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.
  10. If a Symantec antivirus product for Exchange is installed, exclude the correct folders for the version that you are using.
    For details, read the "When the following Symantec products are installed, exclude the following folders" section of this document.


To start a manual scan with the appropriate exclusions from within Symantec AntiVirus

  1. Start Symantec AntiVirus.
  2. Click Scan, and then click Scan Computer.
  3. Select the drives, folders, or files to scan.
  4. In the lower-right corner, click Options.
  5. Click Exclude files and folders.
  6. Click Exclusions.
  7. Click Files/Folders to create the exclusions.
  8. Exclude all necessary Exchange folders by clicking once in the empty box to the left of each directory.
    If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.
  9. If a Symantec antivirus product for Exchange is installed, exclude the correct folders for the version that you are using.
    For details, read the "When the following Symantec products are installed, exclude the following folders" section of this document.



Managed clients
If the Exchange server is configured as a managed client in a client group that you have created specifically for Exchange servers, configure the exclusions through the Symantec System Center. Manual scans should be run from within Symantec AntiVirus, and should be configured there.

 


Notes:



To configure exclusions for Auto-Protect from Symantec System Center

  1. Start Symantec System Center, and unlock the server group.
  2. Under Groups, right-click the client group, and then click All Tasks > Symantec AntiVirus > Client Auto-Protect Options.
  3. Check Exclude selected files and folders, and click the lock icon so that it appears as locked.
  4. Click Exclusions.
  5. Click Files/Folders to create the exclusions.
  6. Exclude all necessary Exchange folders by entering the full paths of each folder, one on each line.
    If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.
  7. If a Symantec antivirus product for Exchange is installed, exclude the correct folders for the version that you are using.
    For details, read the "When the following Symantec products are installed, exclude the following folders" section of this document.


To configure exclusions for a scheduled scan from Symantec System Center

  1. Start Symantec System Center, and unlock the server group.
  2. Under Groups, right-click the client group, and then click All Tasks > Symantec AntiVirus > Scheduled Scans.
  3. Create a scheduled scan, or edit an existing one.
  4. Click Scan Settings.
  5. Click Options.
  6. Check Exclude files and folders, and then click Exclusions.
  7. Click Folders to create the exclusions.
  8. Exclude all necessary Exchange folders by entering the full paths of each folder, one on each line.
    If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.
  9. If a Symantec antivirus product for Exchange is installed, exclude the correct folders for the version that you are using.
    For details, read the "When the following Symantec products are installed, exclude the following folders" section of this document.


To start a manual scan with the appropriate exclusions from within Symantec AntiVirus

  1. Start Symantec AntiVirus.
  2. Click Scan, and then click Scan Computer.
  3. Select the drives, folders, or files to scan.
  4. In the lower-right corner, click Options.
  5. Click Exclude files and folders.
  6. Click Exclusions.
  7. Click Files/Folders to create the exclusions.
  8. Exclude all necessary Exchange folders by clicking once in the empty box to the left of each directory.
    If Exchange is installed on more than one drive, then be sure to exclude Exchange on the other drives.
  9. If a Symantec antivirus product for Exchange is installed, exclude the correct folders for the version that you are using.
    For details, read the "When the following Symantec products are installed, exclude the following folders" section of this document.







 



Legacy ID



2005040513412648


Article URL http://www.symantec.com/docs/TECH101192


Terms of use for this information are found in Legal Notices