How to Exclude Files for AD, Exchange.
Dear Partner,
Assuming the symantec endpoint has been push down to several serves including AD, Exchange, SQL Server....etc
How do I configure on the EndPoint projectION Manager to exclude those Active Directory and SQL below as an example.
How can this be configure and when you do an exclude, how does the endpoint project know that you are exclude server1(AD) or server4(sql server)? How can this configuraiton be done.
Thanks
Active Directory
Active Directory and related files to exclude
• Main NTDS database files. The location of these files is specified in:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\DSA Database File
The default location is %systemroot%\ntds.
File to exclude:
• Ntds.dit
• Active Directory transaction log files. The log directory on any given server is specified in:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Database Log Files Path
The default location is %systemroot%\ntds.
Files to exclude:
• EDB*.log (Notice the wildcard symbol; there can be several log files.)
• Edbres00001.jrs
• Edbres00001.jrs
• The NTDS Working folder that is specified in:
HKLM\System\CurrentControlSet\Services\NTDS\Parameters\DSA Working Directory
Files to exclude:
• TEMP.edb
• EDB.chk
SYSVOL files to exclude
The list in the following table shows the default locations of files and folders to be excluded or scanned for the SYSVOL directory and subdirectories when you use FRS to replicate SYSVOL.
Important
If you have placed SYSVOL in another location, then exclude the appropriate path for your installation.
Folder or File Scan or Exclude
%systemroot%\SYSVOL Exclude
%systemroot%\SYSVOL\domain Scan
%systemroot%\SYSVOL\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory Exclude
%systemroot%\SYSVOL\domain\policies Scan
%systemroot%\SYSVOL\domain\scripts Scan
%systemroot%\SYSVOL\staging Exclude
%systemroot%\SYSVOL\staging areas Exclude
%systemroot%\SYSVOL\sysvol Exclude
FRS and related files to exclude
• The FRS working directory that is specified in:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Working Directory
Files to exclude:
• <FRS working directory>\jet\sys\edb.chk
• <FRS working directory>\jet\ntfrs.jdb
• <FRS Working Directory>\jet\log\*.log
• The FRS database log files that are specified in:
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\NtFrs\Parameters\DB Log File Directory
The default location is %systemroot%\ntds.
Files to exclude:
• <FRS working directory>\jet\log\*.log (if the registry entry is not set)
• <Database log file directory>\log\*.log (if the registry entry is set)
• FRS Replica_root files that are specified in:
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\NtFrs\Parameters\Replica Sets\GUID\Replica Set Root
• The staging directory in:
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\NtFrs\Parameters\Replica Sets\GUID\Replica Set Stage
• The FRS Preinstall directory at:
<Replica_root>\DO_NOT_REMOVE_NtFrs_PreInstall_Directory.
The Preinstall directory is always open when FRS is running.
DFS Replication and related files to exclude
• System Volume Information\DFSR folders and their contents (includes DFSR.DB). This system-protected directory contains working files for the DFS Replication service. It should not be scanned because these files are always in use by the service.
• <Replicated folder path>\dfsrprivate folders and their contents
SQL Server
Directories to exclude from virus scanning
When you configure your antivirus software settings, make sure that you exclude the following files and directories from virus scanning. Doing this improves the performance of the files and helps make sure that the files are not locked when the SQL Server service must use them. However, if these files become infected, your antivirus software will not unable to detect the infection.
SQL Server data files
These files usually have one of the following file name extensions:
.mdf
.ldf
.ndf
SQL Server backup files
These files frequently have one of the following file name extensions:
.bak
.trn
Full-Text catalog files
The directory that holds Analysis Services data
Comments
This post have some helpful
This post have some helpful information
www-secure.symantec.com/connect/forums/built-and-recommended-centralized-exceptions
How to...
Hi,
SEP is not able to distinguish your servers... you have to distiguish them by putting them in different groups.
You can split your machines in different groups (for single machines as well), go in Policies panel, create as many centralized exceptions as you want and assign each of them to the proper group. As a suggestion to simplify your scenario, if server A needs the exeception X and the server B needs exception Y, and Y is not an issue for A and X is not issue for B, then you can put A and B in the same group under the exceptions X+Y.
Another solution is to put all servers in one only group but allow the users to create the exception locally in the SEP clients.
Step-by-step procedures are in the guides (but I am sure someone will copy them for you here).
Regards,
Regards,
Giuseppe
Screenshot with steps
Regards,
Giuseppe
Dear Partner, How does the
Dear Partner,
How does the system know which server e.g DC01, EXCH01 to exclude on the centralized exception?
Thanks
About the automatic exclusion of files and folders for Microsoft
About the automatic exclusion of files and folders for Microsoft Exchange
server
If Microsoft Exchange servers are installed on the computer where you installed
the Symantec Endpoint Protection client, the client software automatically detects
the presence of Microsoft Exchange. When the client software detects a Microsoft
Exchange server, it creates the appropriate file and folder exclusions for File
System Auto-Protect and all other scans. Microsoft Exchange servers can include
clustered servers. The client software checks for changes in the location of the
appropriate Microsoft Exchange files and folders at regular intervals. If you install
Microsoft Exchange on a computer where the client software is already installed,
the exclusions are created when the client checks for changes. The client excludes
both files and folders; if a single file is moved from an excluded folder, the file
remains excluded.
The client software creates file and folder scan exclusions for the following
Microsoft Exchange server versions:
■ Exchange 5.5
■ Exchange 6.0
■ Exchange 2000
■ Exchange 2003
■ Exchange 2007
■ Exchange 2007 SP1
Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)
-1 vote?
Hi Prachand.
I think you got that -1 vote because of this line
You forgot to mention that this only applies to default install location. If you customise the installation, all bets are off. You will then have to manually exclude your custom folders.
How the server Knows.
HI Christopher,
Once the policy is create you need to assign the policy to the group which contain the server e.g DC01, EXCHO1.
It would apply to all the servers in the group as policy is group specific and not server/Endpoint client specific.
Regards,
Nirav Mistry
Nirav Mistry
SEP client creates automatic exclusion for :
SEP client creates automatic exclusion for :
1. Exchange server
2. Active Directory domain controller database
3. Database
This is by design.
This is documented in the documentation provided in CD1
Automatic exclusion of Active Directory files and folders
The client monitors the applications that are installed on the client computer. If the software detects
Active Directory on the client computer, the software automatically creates the
exclusions.
The client software creates file and folder exclusions for the Active Directory domain controller database, logs, and working files.
Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)
This link may be helpful for
This link may be helpful for you also:
http://myitforum.com/cs2/blogs/scassells/archive/2007/05/14/what-anti-virus-scanning-exclusions-should-be-considered-for-system-and-servers.aspx
Dear Partner, Thanks. How
Dear Partner,
Thanks.
How about File Server and SQL? Does it have automatic exclusion?
I could not find in the admin guide that SQL has automatica exclusion?
Please advise.
Assuming if I need to create a centralized exclusion in a group of file server e.g c:\temp\software distribution\datastore, how do I do it in the centralized view. Should I type in the c:\temp\software distribution\datastore, a greate screen shot to show me how this can be configure in this case will provide very useful guidance.
Thanks
Exclusion for SQL
How to exclude SQL files and folders using Centralized Exceptions
http://service1.symantec.com/SUPPORT/ent-security....
Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)
Screen shot
Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)
Dear Partner, Thanks If
Dear Partner,
Thanks
If Prexfix variable is none I can specify the location. I assume all server in the group will be excluded.
How about if a prefix is selected say [SYSTEM], how does this apply to the folder path? Do I need to specify anything?
Another screen should would be nice.
By the way, based on my reseach, i cannot find that file server is auto exclusion. Can you confirmed is this auto exclusion?
In addition, if the symatenc endpoint manager also have a client, is it by default also exclude exclusion automatically.
Pls advise.
Thanks
No auto exclusion for File server
There is no automatic exclusion for a file server.
Ye s we need to install SEP client on the machine where SEPM is installed. This client is just a normal client. All auto exclusion that work on other client also work on the SEPM client
Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)
Prefix
Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)
Dear Partner, If I create a
Dear Partner,
If I create a group that contain AD, Exchange and File server, with the above setting applies to the group, am I right to say that it will auto detect and exclude any of this server?
Thanks
Yes .
Yes , it will
SEP client creates automatic exclusion for :
1. Exchange server
2. Active Directory domain controller database
3. Database
Automatic exclusion of Active Directory files and folders
The client monitors the applications that are installed on the client computer. If the software detects Active Directory on the client computer, the software automatically creates the exclusions.
The client software creates file and folder exclusions for the Active Directory domain controller database, logs, and working files.
Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)
Exclusion for 3. Database.
Exclusion for 3. Database. Which databases are excluded? And is Windows 2008 Domain Controllers auto excluded?
Yes Windows 2008
Yes Windows 2008 Domain Controllers is auto excluded
Database used by other symantec products
Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)
Need some firm documentation
Need some firm documentation on automatic exclusions. KB anyone?
Does this included SQL?
No it doesnot include
No it doesnot include SQL
Please refer to the admin guide page no 373 for more info on this
Prachand Kumar MCSE-2003 Symantec Technical Specialist (SCTS)
I'm looking at page 373 of
I'm looking at page 373 of the admin guide for RU5. No info..
Update: I found it on page 380. Thanks.
Exchange 2010?
Hi All,
1) So doe SEP currently have auto-exclusions for Exchange 2010 with 11.0.6? or does Symantec have any plans to include auto-exclustions in future releases?
2) Lastly just to be clear the auto-exclusions for databases are only for Symantec Embedded Databases NOT any MsSQL Databases?
Thanks in advance, (GREAT Forum Thread :-D)
1) Concerning MS Exchange
1) Concerning MS Exchange 2010: as of MR6 MP1 --> http://www.symantec.com/business/support/index?pag...
2) MS-SQL databases are not automatically excluded as far as I 'm aware of, it is the embedded database they speak of.
Would you like to reply?
Login or Register to post your comment.