File-Level Antivirus Scanning on Exchange 2010 Applies to: Exchange Server 2010 SP1
Well we all know that Exchange files should be excluded from the AV Scan- Here is a good TechNet publication from MSFT.
In addition to excluding specific directories and processes, you should exclude the following Exchange-specific file name extensions in case directory exclusions fail or files are moved from their default locations.
- Application-related extensions
-
- .config
- .dia
- .wsb
- Database-related extensions
-
- .chk
- .log
- .edb
- .jrs
- .que
- Offline address book-related extensions:
-
- .lzx
- Content Index-related extensions
-
.ci .wid .001 .dir .000 .002
- Unified Messaging-related extensions
-
- .cfg
- .grxml
- GroupMetrics
-
- .dsc
- .bin
- .xml
- Forefront Protection for Exchange Server–related extensions
-
.avc .dt .lst .cab .fdb .mdb .cfg .fdm .ppl .config .ide .set .da1 .key .v3d .dat .klb .vdb .def .kli .vdm
The file name extensions listed for Forefront Protection for Exchange Server are the signature files from various antivirus directory engines. In most cases, these file name extensions don’t change, but file name extensions may be added in the future as third-party antivirus vendors update their antivirus signature files.
Many file-level scanners now support the scanning of processes, which can adversely affect Microsoft Exchange if the incorrect processes are scanned. Therefore, you should exclude the following processes from file-level scanners.
| Cdb.exe | Microsoft.Exchange.Search.Exsearch.exe |
| Cidaemon.exe | Microsoft.Exchange.Servicehost.exe |
| Clussvc.exe | MSExchangeADTopologyService.exe |
| Dsamain.exe | MSExchangeFDS.exe |
| EdgeCredentialSvc.exe | MSExchangeMailboxAssistants.exe |
| EdgeTransport.exe | MSExchangeMailboxReplication.exe |
| ExFBA.exe | MSExchangeMailSubmission.exe |
| GalGrammarGenerator.exe | MSExchangeRepl.exe |
| Inetinfo.exe | MSExchangeTransport.exe |
| Mad.exe | MSExchangeTransportLogSearch.exe |
| Microsoft.Exchange.AddressBook.Service.exe | MSExchangeThrottling.exe |
| Microsoft.Exchange.AntispamUpdateSvc.exe | Msftefd.exe |
| Microsoft.Exchange.ContentFilter.Wrapper.exe | Msftesql.exe |
| Microsoft.Exchange.EdgeSyncSvc.exe | OleConverter.exe |
| Microsoft.Exchange.Imap4.exe | Powershell.exe |
| Microsoft.Exchange.Imap4service.exe | SESWorker.exe |
| Microsoft.Exchange.Infoworker.Assistants.exe | SpeechService.exe |
| Microsoft.Exchange.Monitoring.exe | Store.exe |
| Microsoft.Exchange.Pop3.exe | TranscodingService.exe |
| Microsoft.Exchange.Pop3service.exe | UmService.exe |
| Microsoft.Exchange.ProtectedServiceHost.exe | UmWorkerProcess.exe |
| Microsoft.Exchange.RPCClientAccess.Service.exe | W3wp.exe |
If you’re also deploying Forefront Protection for Exchange Server, exclude the following processes.
| Adonavsvc.exe | FscStatsServ.exe |
| FscController.exe | FscTransportScanner.exe |
| FscDiag.exe | FscUtility.exe |
| FscExec.exe | FsEmailPickup.exe |
| FscImc.exe | FssaClient.exe |
| FscManualScanner.exe | GetEngineFiles.exe |
| FscMonitor.exe | PerfmonitorSetup.exe |
| FscRealtimeScanner.exe | ScanEngineTest.exe |
| FscStarter.exe | SemSetup.exe |
Resouce
http://technet.microsoft.com/en-us/library/bb332342(printer).aspx
