Verifying SEP Exceptions for Windows Server 2008 and Windows Server 2003 Domain Controllers
| Article:TECH96048 | | | Created: 2009-01-09 | | | Updated: 2010-01-17 | | | Article URL http://www.symantec.com/docs/TECH96048 |
Problem
Microsoft Windows 2008 or Microsoft Windows 2003 servers are acting as Domain Controllers in an Active Directory environment. What files and folders need to be excluded from Symantec Endpoint Protection's AV scanning so that SEP won’t impact the Domain Controller performance?
Solution
The Symantec Endpoint Protection client software automatically detects the presence of certain third-party applications: Active Directory Domain Controller is one such application. After the SEP client detects that it is running on a Domain Controller (DC), it automatically creates the necessary exclusions for sensitive files and folders. These files and folders are excluded from all antivirus and antispyware scans.
- Start Run
- Type Regedit
- Browse to the registry key:
- HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Exclusions\Domain Controller
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Exclusions\Domain Controller
Steps to verify the exclusions for Domain Controllers:
Windows 2003 32bit
Windows 2008 64bit
Symantec recommends that you examine the Microsoft article below for additional exclusions.
Virus scanning recommendations for computers that are running Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows 2000, Windows XP, or Windows Vista
http://support.microsoft.com/kb/822158
References
How to Create Scanning Exceptions for both Managed and Unmanaged Symantec Endpoint Protection Clients
How to Verify if an Endpoint Client has Automatically Excluded an Application or Directory
|
|
Legacy ID
2009090907562348
Article URL http://www.symantec.com/docs/TECH96048
Terms of use for this information are found in Legal Notices
Thank you.