What scan exclusions could be applied in Symantec Antivirus or Symantec Endpoint Protection on a server running SAP?

Article:TECH134382  |  Created: 2010-01-28  |  Updated: 2010-08-11  |  Article URL http://www.symantec.com/docs/TECH134382
Article Type
Technical Solution


Issue



You want to know what exclusions should be applied to a server running SAP.


Solution



  • Customers should contact SAP Support for a full list of files and extensions that should be excluded from scans.
  • One MSDN blog recommended that the following exclusions be set:

\usr\sap\
\SAPDB\
\SAPDATA1\
\SAP_DB\
NODE0000\*.???????????????
NODE0001\*.???????????????
SAPSprint.exe
lsagent.exe
*.container??????
*.dmp
*.errlog
*.flg
*.INI
*.JAR
*.log
*.lrg
*.node??????

 

Note:  Wildcard variables such as * and ? are not supported by Symantec Antivirus or Endpoint Protection so you cannot use the exclusions as they are above, you will need to edit them removing the * and ? when creating your exclusions.

 

IMPORTANT : Symantec does not advise excluding entire directories (such as the SAP database directory and subdirectories) from scanning as these pose a potential high security risk. Additionally you should not exclude any temp files or folders as these can be a target for security risks.

 

References:

 

MSDN blog: SAP on Windows and Anti Virus Scan

SAP Services: Software maintenance and support

SAP help

 



Legacy ID



2010062815415648


Article URL http://www.symantec.com/docs/TECH134382


Terms of use for this information are found in Legal Notices