When planning a Configuration Manager 2012 environment it is wise to also plan the anti-virus scan exclusions for the servers. Adding exclusions to your anti-virus solution will give you a better performance, since the online access scanner will not scan every logfile or file in the Configuration Manager inbox folders. Based on the Configuration Manager 2007 blog of the ConfigMgr Team with the knowledge of Configuration Manager 2012 I created the exclusion list below, feel free to supply information if you are missing something.
I did not include the standard Windows and SQL Server exclusions. You can find these here at the Technet Wiki.
ConfigMgrInstallDir = <driveletter>:\Program Files\Microsoft Configuration Manager
| Location | File(s) |
| ConfigMgrInstallDir | Install.map |
| ConfigMgrInstallDir\Inboxes | *.adc, *.box, *.ccr, *.cfg, *.cmn, *.ct0, *.ct1, *.ct2, *.dat, *.dc, *.ddr, *.i*, *.ins, *.ist, *.job, *.lkp, *.lo_, *.log, *.mif, *.mof, *.nal, *.ncf, *.nhm, *.ofn, *.ofr, *.p*, *.pcf, *.pck, *.pdf, *.pkg, *.pkn, *.rpl, *.rpt, *.sca, *.scd, *.scu, *.sha, *.sic, *.sid, *.srq, *.srs, *.ssu, *.svf, *.tmp, *.udc |
| ConfigMgrInstallDir\Logs | *.log |
| <driveletter>:\SMSPKG | *.* |
| <driveletter>:\SMSPKG?$ (?=driveletter) | *.* |
| <driveletter>:\SMSPKGSIG | *.* |
| <driveletter>:\SMSSIG$ | *.* |
| <driveletter>:\SCCMContentLib | *.* |
| <driveletter>:\Program Files\SMS_CCM\ServiceData | *.msg, *.que, *.xml |
| <driveletter>:\Program Files\SMS_CCM\Logs | *.log |
Configuration Manager 2012 processes that can be excluded are:
- Smsexec.exe
- Ccmexec.exe
- CmRcService.exe
- Sitecomp.exe
- Smswriter.exe
- Smssqlbkup.exe
For the configuration manager clients the following exclusion can be added:
- %windir%ccmcache
Please leave a message if you think something is missing or needs to be changed!
Update 7-7-2012: When using System Center Endpoint Protection you can use the out of the box template (SCEP12_Default_CfgMgr2012.xml) located %Program Files%\Microsoft Configuration Manager\AdminConsole\XmlStorage\EPTemplates.
In the template the following folders and filetypes are excluded:
- %allusersprofile%\NTUser.pol
- %systemroot%\system32\GroupPolicy\Machine\registry.pol (update 30/1/2014; in the Template \Machine\ is left out, thanks to Kim Oppalfens)
- %windir%\Security\database\*.chk
- %windir%\Security\database\*.edb
- %windir%\Security\database\*.jrs
- %windir%\Security\database\*.log
- %windir%\Security\database\*.sdb
- %windir%\SoftwareDistribution\Datastore\Datastore.edb
- %windir%\Software\Distribution\Datastore\Logs\edb.chk
- %windir%\Software\Distribution\Datastore\Logs\edb*.log
- %windir%\Software\Distribution\Datastore\Logs\Edbres00001.jrs
- %windir%\Software\Distribution\Datastore\Logs\Edbres00002.jrs
- %windir%\Software\Distribution\Datastore\Logs\Res1.log
- %windir%\Software\Distribution\Datastore\Logs\Res2.log
- %windir%\Software\Distribution\Datastore\Logs\tmp.edb
for the next folders both “Program Files” and “Program Files x86” paths are listed:
- %programfiles%\Microsoft Configuration Manager\Inboxes\adsrv.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\AIKbMgr.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\amtproxymgr.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\auth.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\ccr.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\ccrretry.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\certmgr.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\clifiles.src
- %programfiles%\Microsoft Configuration Manager\Inboxes\colfile.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\coll_out.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\COLLEVAL.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\CompSumm.Box
- %programfiles%\Microsoft Configuration Manager\Inboxes\dataldr.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\ddm.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\ddmnotif.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\despoolr.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\distmgr.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\epmgr.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\hman.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\inventry.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\invproc.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\mmctrl.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\notictrl.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\objmgr.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\offermgr.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\OfferSum.Box
- %programfiles%\Microsoft Configuration Manager\Inboxes\pkginfo.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\PkgTransferMgr.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\policypv.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\polreq.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\rcm.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\replmgr.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\RuleEngine.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\schedule.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\sinv.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\sitecomp.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\sitectrl.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\SiteStat.Box
- %programfiles%\Microsoft Configuration Manager\Inboxes\smsbkup.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\statmgr.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\swmproc.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\WSUSMgr.box
- %programfiles%\Microsoft Configuration Manager\Inboxes\wsyncmgr.box
Adam Bokiniec
May 18, 2012 @ 16:46
Thanks mate, nice article!
SCCM Ranger
June 4, 2012 @ 18:12
THis is not the correct path for the SCCM cache %windir%ccmcache
It should be
%windir%ccmcache
Peter Daalmans
June 6, 2012 @ 10:45
You are totally right, thanks for the feedback!
Cheers,
Peter
Charles Said
June 12, 2012 @ 14:34
Is there a official Microsoft link to the anti virus exclusions required for Configuration Manager 2012 as our Company Security personnel are asking for this.
Peter Daalmans
July 7, 2012 @ 11:44
Hi Charles,
There is no official Microsoft link available. There is an out of the box template for AM policy though. You can find these in:
AdminConsoleXMLStorageEPTemplates
Cheers,
Peter
Nolan
September 5, 2012 @ 01:40
The smallest of typos:
:SMSPKSIG
Should read:
:SMSPKGSIG
And this entry needs a caveat:
:SMSPKGD$
Where D$ is the same as the driveletter
Peter Daalmans
September 10, 2012 @ 09:48
Thanks Nolan!
AndyChangTW
September 30, 2014 @ 17:02
For the clients, I think the ccmsetup folder should be added into the exclusion list. Otherwise the ccmsetup.log will show “Failed to copy C:\Windows\ccmsetup\ccmsetup.cab.download to C:\Windows\ccmsetup\ccmsetup.cab”
Peter Daalmans
November 19, 2014 @ 06:53
what kind of anti virus software do you have?
Mishaua
April 5, 2016 @ 23:55
How has this list changed for SCCM CB?