Wednesday, October 17, 2012

Antivirus exclusions for Operations Manager 2012

There is a knowledge base entry regarding what virus scan exclusions should be made when using SCOM: http://support.microsoft.com/kb/975931

Unfortunately there is a documentation bug regarding agent exclusions for SCOM 2012:

The KB says:

C:\Program Files\System Center 2012\Operations Manager\<Component>\Health Service State\

what means

C:\Program Files\System Center 2012\Operations Manager\Agent\Health Service State\

but the default path is

C:\Program Files\System Center Operations Manager\Agent\Health Service State\

Further take note that you can (should) exclude the “Health Service State” folder and all it’s subfolders.

In general it is recommended to verify your exclusions by creating a text file in the folder and paste in the EICAR test definition:

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*

More information about the EICAR test “virus” can be found here:

http://eicar.org/86-0-Intended-use.html

Annotation for Symantec Endpoint Protection customers: be aware that the prefix-variable targets to “Program Files (x86)” on 64bit machines. So you have to type in the whole path by your own.

All information is provided "as is" without any warranty! Try in lab before. Handle with care in production.

2 comments:

  1. Excellent Blog every one can get lots of information for any topics from this blog nice work keep it up.

    ReplyDelete
  2. Very good work! Thanks for sharing this post.

    ReplyDelete