Антивирус для Windows Server – настраиваем список исключений

Алексей Максимов собирает в кучу исключения для антивирусного ПО под приложения Microsoft.

В ходе настройки политик управления клиентами любого антивирусного ПО необходимо определять список каталогов, имён процессов или даже расширений фалов, которые должны исключаться из Real-Time сканирования. Постараюсь собрать в одном месте информацию о рекомендуемых параметрах исключений и по мере необходимости буду его корректировать. Стоит отметить, что список составлен исходя из приложений, которые эксплуатируются в моём рабочем окружении. Список разделен по основным категориям сервисов и там где возможно есть ссылки на официальные рекомендации производителей ПО. Во всех случаях подразумевается что программное обеспечение установлено в каталоги «по умолчанию».

Общие рекомендации

Windows Update files

%windir%\SoftwareDistribution\Datastore\Datastore.edb
%windir%\SoftwareDistribution\Datastore\Logs\edb.chk
%windir%\SoftwareDistribution\Datastore\Logs\edb*.log
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00001.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00002.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Res1.log
%windir%\SoftwareDistribution\Datastore\Logs\Res2.log
%windir%\SoftwareDistribution\Datastore\Logs\tmp.edb
%windir%\SoftwareDistribution\Datastore\*.edb
%windir%\SoftwareDistribution\Datastore\Logs\*.log
%windir%\SoftwareDistribution\Datastore\Logs\*.chk
%windir%\SoftwareDistribution\Datastore\Logs\*.edb

Windows Security files

%windir%\Security\Database

%windir%\Security\database\*.chk
%windir%\Security\database\*.edb
%windir%\Security\database\*.jrs
%windir%\Security\database\*.log
%windir%\Security\database\*.sdb

Group Policy related files

%SystemRoot%\System32\GroupPolicy\
%allusersprofile%\NTUser.pol
%systemroot%\system32\GroupPolicy\registry.pol

Источник: KB822158 – Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows

Контроллеры домена AD

NTDS database file
%windir%\ntds\NTDS.dit

NTDS transaction log files
%windir%\ntds\EDB*.log
%windir%\ntds\Edbres*.jrs
%windir%\ntds\RES1.log
%windir%\ntds\RES2.log

NTDS working files
%windir%\ntds\TEMP.edb
%windir%\ntds\EDB.chk
%windir%\ntds\*.pat

FRS Working Directory files
%windir%\ntfrs\jet\sys\edb.chk
%windir%\ntfrs\jet\ntfrs.jdb
%windir%\ntfrs\jet\log\*.log
%windir%\ntfrs\jet\log\*.jrs

FRS Replica_root files
%windir%\sysvol\domain
%windir%\sysvol

Staging directory
%windir%\sysvol\staging\domain
%windir%\sysvol\staging areas

FRS Preinstall directory
%windir%\sysvol\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory

Processes
%systemroot%\System32\ntfrs.exe
%systemroot%\System32\dfsr.exe
%systemroot%\System32\dfsrs.exe

Источники:
Active Directory Directory Service Product Operations Guide
Managing Antivirus Software on Active Directory Domain Controllers

Сервера на базе с ОС Windows 2000 – 2008 R2 с распространенными серверными ролями

Cluster Service files

%QuorumDrive%\MSCS

%SystemRoot%\Cluster

DHCP files

%SystemRoot%\system32\dhcp\*.chk

%SystemRoot%\system32\dhcp\*.edb

%SystemRoot%\system32\dhcp\*.jrs

%SystemRoot%\system32\dhcp\*.log

%SystemRoot%\system32\dhcp\dhcp.mdb

%SystemRoot%\system32\dhcp\dhcp.pat
%windir%\System32\DHCP\backup\*.mdb
%windir%\System32\DHCP\backup\*.log
%windir%\System32\DHCP\backup\*.chk

DNS files

%SystemRoot%\System32\Dns\*.dns

%SystemRoot%\System32\Dns\*.log
%SystemRoot%\System32\dns.exe

WINS files

%SystemRoot%\System32\Wins

CA files

%SystemRoot%\system32\CatRoot2\*.edb

%SystemRoot%\system32\CatRoot2\*.chk

%SystemRoot%\system32\CatRoot2\*.log

%SystemRoot%\system32\CatRoot2\*.jrs

TS/RDS Licensing files

%SystemRoot%\System32\LServer\*.chk

%SystemRoot%\System32\LServer\*.edb

%SystemRoot%\System32\LServer\*.log

%SystemRoot%\System32\LServer\*.tmp

%SystemRoot%\System32\LServer\*.jrs

Print Service files

%SystemRoot%\system32\spool\PRINTERS\*.shd

%SystemRoot%\system32\spool\PRINTERS\*.spl

Источник: KB822158 – Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows

Сервера с Microsoft Exchange Server 2007/2010

Exchange Server
Common
Folders
%Winnt%\Cluster
%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files
%SystemRoot%\IIS Temporary Compressed Files
%SystemRoot%\System32\Inetsrv
%SystemDrive%\inetpub\logs

Exchange Server 2010 folders
%ExchangeInstallPath%\Mailbox
%ExchangeInstallPath%\GroupMetrics
%ExchangeInstallPath%\TransportRoles\Logs
%ExchangeInstallPath%\TransportRoles\Pickup
%ExchangeInstallPath%\TransportRoles\Replay
%ExchangeInstallPath%\TransportRoles\Data\Queue
%ExchangeInstallPath%\TransportRoles\Data\SenderReputation
%ExchangeInstallPath%\TransportRoles\Data\IpFilter
%ExchangeInstallPath%\Working\OleConvertor
%ExchangeInstallPath%\TransportRoles\Data\Adam
%ExchangeInstallPath%\ClientAccess
%ExchangeInstallPath%\Logging\POP3
%ExchangeInstallPath%\Logging\IMAP4
%ExchangeInstallPath%\UnifiedMessaging\grammars
%ExchangeInstallPath%\UnifiedMessaging\Prompts
%ExchangeInstallPath%\UnifiedMessaging\voicemail
%ExchangeInstallPath%\UnifiedMessaging\temp
%ExchangeInstallPath%\Logging
%ExchangeInstallPath%\ExchangeOAB
%ExchangeInstallPath%\Mailbox\MDBTEMP
%SystemDrive%\DAGFileShareWitnesses\*

Exchange Server 2007 folders

%ProgramFiles%\Microsoft\Exchange Server\Mailbox
%ProgramFiles%\Microsoft\Exchange Server\TransportRoles\Logs

%ProgramFiles%\Microsoft\Exchange Server\TransportRoles\Pickup
%ProgramFiles%\Microsoft\Exchange Server\TransportRoles\Replay
%ProgramFiles%\Microsoft\Exchange Server\TransportRoles\Data\Queue
%ProgramFiles%\Microsoft\Exchange Server\TransportRoles\SenderReputation
%ProgramFiles%\Microsoft\Exchange Server\TransportRoles\IpFilter

%ProgramFiles%\Microsoft\Exchange Server\Logging
%ProgramFiles%\Microsoft\Exchange Server\ExchangeOAB
%ProgramFiles%\Microsoft\Exchange Server\Working\OleConverter

%ProgramFiles%\Microsoft\Exchange Server\TransportRoles\Data\Adam

%ProgramFiles%\Microsoft\Exchange Server\ClientAccess

%ProgramFiles%\Microsoft\Exchange Server\UnifiedMessaging\grammars
%ProgramFiles%\Microsoft\Exchange Server\UnifiedMessaging\Prompts
%ProgramFiles%\Microsoft\Exchange Server\UnifiedMessaging\voicemail
%ProgramFiles%\Microsoft\Exchange Server\UnifiedMessaging\badvoicemail

Exchange Server 2007/2010 Processes

Cdb.exe
Cidaemon.exe
Clussvc.exe
Dsamain.exe
EdgeCredentialSvc.exe
EdgeTransport.exe
ExFBA.exe
GalGrammarGenerator.exe
Inetinfo.exe
Mad.exe
Microsoft.Exchange.AddressBook.Service.exe
Microsoft.Exchange.AntispamUpdateSvc.exe
Microsoft.Exchange.ContentFilter.Wrapper.exe
Microsoft.Exchange.EdgeSyncSvc.exe
Microsoft.Exchange.Imap4.exe
Microsoft.Exchange.Imap4service.exe
Microsoft.Exchange.Infoworker.Assistants.exe
Microsoft.Exchange.Monitoring.exe
Microsoft.Exchange.Pop3.exe
Microsoft.Exchange.Pop3service.exe
Microsoft.Exchange.ProtectedServiceHost.exe
Microsoft.Exchange.RPCClientAccess.Service.exe
Microsoft.Exchange.Search.Exsearch.exe
Microsoft.Exchange.Servicehost.exe
MSExchangeADTopologyService.exe
MSExchangeFDS.exe
MSExchangeMailboxAssistants.exe
MSExchangeMailboxReplication.exe
MSExchangeMailSubmission.exe
MSExchangeRepl.exe
MSExchangeTransport.exe
MSExchangeTransportLogSearch.exe
MSExchangeThrottling.exe
Msftefd.exe
Msftesql.exe
OleConverter.exe
Powershell.exe
SESWorker.exe
SpeechService.exe
Store.exe
TranscodingService.exe
UmService.exe
UmWorkerProcess.exe
W3wp.exe

Exchange Server 2007/2010

File Name Extension Exclusions

.config
.dia
.wsb
.chk
.log
.edb
.jrs

.jsl
.que
.lzx
.ci
.wid
.dir
.000
.001
.002
.cfg
.grxml

.dsc
.bin
.xml

Forefront Protection for Exchange Server

Forefront Protection for Exchange Server folders

%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server

%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data\Archive

%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data\Quarantine
%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data\Engines\x86

%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data\Engines\amd64

%ProgramFiles(x86)%\Microsoft Forefront Protection for Exchange Server\Data

Forefront Protection for Exchange Server processes

Adonavsvc.exe
FscController.exe
FscDiag.exe
FscExec.exe
FscImc.exe
FscManualScanner.exe
FscMonitor.exe
FscRealtimeScanner.exe
FscStarter.exe
FscStatsServ.exe
FscTransportScanner.exe
FscUtility.exe
FsEmailPickup.exe
FssaClient.exe
GetEngineFiles.exe
PerfmonitorSetup.exe
ScanEngineTest.exe
SemSetup.exe

FSCConfigurationServer.exe
FSCEventing.exe
FSCScheduledScanner.exe
MultiEngineScanner.exe
Kavehost.exe
FSCVSSWriter.exe

Forefront Protection for Exchange Server File Name Extension Exclusions

.avc
.cab
.cfg
.config
.da1
.dat
.def
.dt
.fdb
.fdm
.ide
.key
.klb
.kli
.lst
.mdb
.ppl
.set
.v3d
.vdb
.vdm

Источники:
File-Level Antivirus Scanning on Exchange 2007
File-Level Antivirus Scanning on Exchange 2010

Сервера SharePoint Server 2007/2010

SharePoint Common Folders

%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions
%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files
%SystemRoot%\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files
%SystemRoot%\system32\LogFiles
%SystemRoot%\Temp\WebTempDir

SharePoint 2007 Folders

%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\Logs
%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\12\Data\Applications
Drive:\Documents and Settings\All Users\Application Data\Microsoft\SharePoint\Config
%ProgramFiles%\Microsoft Office Servers\12.0\Data
%ProgramFiles%\Microsoft Office Servers\12.0\Logs
%ProgramFiles%\Microsoft Office Servers\12.0\Bin
%ProgramFiles(x86)%\Microsoft Office Servers\12.0\Data
%ProgramFiles(x86)%\Microsoft Office Servers\12.0\Logs

SharePoint 2010 Folders

%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\14\Logs
%ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions\14\Data\Applications
%ProgramData%\Microsoft\SharePoint
%ProgramFiles%\Microsoft Office Servers\14.0\Data
%ProgramFiles%\Microsoft Office Servers\14.0\Logs
%ProgramFiles%\Microsoft Office Servers\14.0\Bin
%ProgramFiles%\Microsoft Office Servers\14.0\Synchronization Service
%ProgramFiles(x86)%\Microsoft Office Servers\14.0\Data
%ProgramFiles(x86)%\Microsoft Office Servers\14.0\Logs

Источник: KB952167 – Certain folders may have to be excluded from antivirus scanning when you use a file-level antivirus program in SharePoint

Сервера с компонентами Internet Information Server (IIS)

IIS Temporary Compressed Files

%SystemRoot%\IIS Temporary Compressed Files
%SystemDrive%\inetpub\temp\IIS Temporary Compressed Files

IIS Log Files
%SystemDrive%\inetpub\logs
%systemroot%\System32\LogFiles
%systemroot%\SysWow64\LogFiles

IIS Processes
%systemroot%\system32\inetsrv\w3wp.exe
%systemroot%\SysWOW64\inetsrv\w3wp.exe

Источник: A 0-byte file may be returned when compression is enabled on a server that is running IIS

Сервера Microsoft Internet Security and Acceleration (ISA) Server

ISA Server Folders

%ProgramFiles%\Microsoft ISA Server
%ProgramFiles%\ISA Server\Adam Data
%ProgramFiles%\ISA Server\ISA logs

ISA Server processes

dsamain.exe
wspsrv.exe
mspadmin.exe
isastg.exe
w3prefch.exe
sqlsvr.exe

Источник: Considerations when using antivirus software on ISA Server

Сервера Microsoft Forefront Threat Management Gateway (TMG) 2010

TMG installation folder

%ProgramFiles%\Microsoft Forefront Threat Management Gateway

TMG SQL Express and SRS installation folders
%ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS
%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSFW

TMG Malware scanning cache
%SystemRoot%\Temp\ScanStorage

TMG Log Queue
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\Logs

TMG Report Summary Generator
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\dailysum.exe

TMG Report Generator
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\isarepgen.exe

TMG Diagnostic Logging Viewer
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\isadlviewer.exe

TMG Managed Control Service
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\IsaManagedCtrl.exe

TMG Storage Service
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\isastg.exe

TMG Administration Component
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\mspadmin.exe

TMG Firewall Service
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\wspsrv.exe

TMG Web Content Download Service
%ProgramFiles%\Microsoft Forefront Threat Management Gateway\w3prefch.exe

SQL 2008 Express and SQL 2008 Reporting Services

%ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS\MSSQL\Binn\sqlservr.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL10.ISARS\MSSQL\Binn\ReportingServicesService.exe
%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSFW\MSSQL\Binn\sqlservr.exe

Active Directory Lightweight Directory Services
%WinDir%\System32\dsamain.exe

Other executable processes (from default FEP Rule Template from SCCM 2012)
IsaApplianceInit.exe
IsaMgmt.exe
MsFpcSqmAgent.exe
NicsRestorer.exe
NLBClear.exe
UpdateAgent.exe
VpnHelpr.exe
tmgpolicysuite.exe
tmgbpacmd.exe
tmgbpa.exe
bpa2visio.exe
tmgbpapack.exe
tmgdatapackager.exe

TMG cache files

*.cdat

Источник: Considerations when using antivirus software on FF Edge Products

Сервера баз данных SQL Server 2005 – 2008 R2

Full-Text catalog data SQL Server 2005 – 2008 R2

%ProgramFiles%\Microsoft SQL Server\MSSQL.1\MSSQL\FTData

%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\FTData

%ProgramFiles%\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\FTData

Analysis Services data SQL Server 2005 – 2008 R2

%ProgramFiles%\Microsoft SQL Server\MSSQL.2\OLAP\Data

%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSSQLSERVER\OLAP\Data

%ProgramFiles%\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Data

Analysis Services backup files SQL Server 2005 – 2008 R2

%ProgramFiles%\Microsoft SQL Server\MSSQL.2\OLAP\Backup

%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSSQLSERVER\OLAP\Backup

%ProgramFiles%\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Backup

Analysis Services log files SQL Server 2005 – 2008 R2

%ProgramFiles%\Microsoft SQL Server\MSSQL.2\OLAP\Log

%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSSQLSERVER\OLAP\Log

%ProgramFiles%\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Log

SQL Server 2005

Processes

%ProgramFiles%\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLServr.exe

%ProgramFiles%\Microsoft SQL Server\MSSQL.3\Reporting Services\ReportServer\Bin\ReportingServicesService.exe

%ProgramFiles%\Microsoft SQL Server\MSSQL.2\OLAP\Bin\MSMDSrv.exe

SQL Server 2008

Processes

%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLServr.exe

%ProgramFiles%\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\Bin\ReportingServicesService.exe

%ProgramFiles%\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\Bin\MSMDSrv.exe

SQL Server 2008 R2 Processes

%ProgramFiles%\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn\SQLServr.exe

%ProgramFiles%\Microsoft SQL Server\MSRS10_50.MSSQLSERVER\Reporting Services\ReportServer\Bin\ReportingServicesService.exe

%ProgramFiles%\Microsoft SQL Server\MSAS10_50.MSSQLSERVER\OLAP\Bin\MSMDSrv.exe

File Types

*.mdf
*.ldf
*.ndf
*.bak
*.trn

*.trc

*.sqlaudit

*.sql

Примечание: если используются именованные экземпляры SQL Server, то выделенное красным цветом нужно заменять на имя экземпляра.
Источники:
Guidelines for choosing antivirus software to run on the computers that are running SQL Server
File Locations for Default and Named Instances of SQL Server 2005
File Locations for Default and Named Instances of SQL Server 2008
File Locations for Default and Named Instances of SQL Server 2008 R2

Сервера баз данных

Oracle databases files

*.ora

*.ctl

Clipper, dBase, FoxPro, etc files

*.dbf
*.cdx
*.fdb
*.edb
*.ib
*.gdi
*.gdb

Сервера виртуализации Microsoft Hyper-V

Default virtual HDD directory

%PUBLIC%\Documents\Hyper-V\Virtual Hard Disks

Default VM configuration directory

%ProgramData%\Microsoft\Windows\Hyper-V

Default Snapshot files directory
%ProgramData%\Microsoft\Windows\Hyper-V\Snapshots

Live Migration with CSV
%SystemDrive%\ClusterStorage

Processes

%SystemRoot%\system32\vmwp.exe
%SystemRoot%\system32\vmms.exe
%SystemRoot%\system32\vmicsvc.exe

File Types

*.xml
*.vhd
*.vfd
*.avhd
*.iso
*.vsv
*.bin

Источники:

KB2628135 – A System Center Virtual Machine Manager 2008 P2V fails with ‘A device attached to the system is not functioning (0x8007001F)’

KB961804 – Virtual machines are missing in the Hyper-V Manager Console or when you create or start a virtual machine, you receive one of the following error codes: “0x800704C8”, “0×80070037” or “0x800703E3”

TechNet Articles – Hyper-V: Anti-virus Exclusions for Hyper-V Hosts

Компоненты Microsoft System Center Virtual Machine Manager

VMM Agent 2008 R2

%ProgramFiles%\Microsoft System Center Virtual Machine Manager 2008 R2\bin\vmmAgent.exe

VMM Agent 2012

%ProgramFiles%\Microsoft System Center 2012\Virtual Machine Manager\bin\vmmAgent.exe

VMM Server 2012

%ProgramFiles%\Microsoft System Center 2012\Virtual Machine Manager\bin\vmmservice.exe

Компоненты Microsoft System Center Data Protection Manager

DPM 2007-2012 Common Server Files

%WinDir%\Microsoft.net\Framework\v2.0.50727\csc.exe

DPM 2007-2012 Common Agent Files

%ProgramFiles%\Microsoft Data Protection Manager\DPM\bin\dpmra.exe

DPM 2007-2010 Common Server Files

%ProgramFiles%\Microsoft DPM\DPM\XSD

%ProgramFiles%\Microsoft DPM\DPM\Temp\MTA
%ProgramFiles%\Microsoft DPM\DPM\Volumes
%ProgramFiles%\Microsoft DPM\DPM\bin\dpmra.exe

DPM Server 2012

%ProgramFiles%\Microsoft System Center 2012\DPM\DPM\XSD

%ProgramFiles%\Microsoft System Center 2012\DPM\DPM\Temp\MTA
%ProgramFiles%\Microsoft System Center 2012\DPM\DPM\Volumes
%ProgramFiles%\Microsoft System Center 2012\DPM\DPM\bin\dpmra.exe

Источники:
System Center Data Protection Manager 2007 – Running Antivirus Software on the DPM Server
System Center Data Protection Manager 2010 – Running Antivirus Software on the DPM Server

Компоненты Microsoft System Center Operation Manager 2007

Processes (Server/Agent)

%ProgramFiles%\System Center Operations Manager 2007\MonitoringHost.exe

Folders (Server/Agent)

%ProgramFiles%\System Center Operations Manager 2007\Health Service State\Health Service Store\

File Types (Server/Agent)

*.chk
*.log
*.edb

Источник: Recommendations for antivirus exclusions that relate to MOM 2005 and to Operations Manager 2007

Компоненты Microsoft System Center Operation Manager 2012

Processes (Server)

%ProgramFiles%\System Center 2012\Operations Manager\Server\monitoringhost.exe

Processes (Agent)

%ProgramFiles%\System Center Operations Manager\Agent\monitoringhost.exe

Folders (Server)

%ProgramFiles%\System Center 2012\Operations Manager\Server\Health Service State\Health Service Store\

Folders (Agent)

%ProgramFiles%\System Center Operations Manager\Agent\Health Service State\Health Service Store\

File Types (Server/Agent)

*.chk
*.log
*.edb

Источник (с исправлениями): Thoughts on OpsMgr and System Center 2012 – OM12: Antivirus exclusions

Компоненты Microsoft System Configuration Manager

CM 2007-2012 Common Server Files

%ProgramFiles%\Microsoft Configuration Manager\Install.map
%ProgramFiles%\Microsoft Configuration Manager\inboxes
%ProgramFiles%\Microsoft Configuration Manager\Logs
%ProgramFiles%\SMS_CCM\ServiceData
%ProgramFiles(x86)%\Microsoft Configuration Manager\inboxes
%ProgramFiles(x86)%\Microsoft Configuration Manager\Logs
%ProgramFiles(x86)%\SMS_CCM\ServiceData
<DriveLetter>:\SMS_CCM\ServiceData
<DriveLetter>:\SMSSIG$
<DriveLetter>:\SMSPKGSIG
<DriveLetter>:\SMSPKG
<DriveLetter>:\SMSPKG<DriveLetter>$

CM 2007-2012 Common Agent Files

%SystemRoot%\System32\CCM\Cache
%SystemRoot%\ccmcache
%SystemRoot%\CCM\Logs

CM Server 2012 Files

<DriveLetter>:\SCCMContentLib
%SMS_LOG_PATH%
%SMS_ADMIN_UI_PATH%

CM Server Processes

Smsexec.exe
Ccmexec.exe
CmRcService.exe
Sitecomp.exe
Smswriter.exe
Smssqlbbkup.exe

Примечание: значение <DriveLetter> должно быть заменено на конкретные буквы дисков используемых установленным экземпляром SCCM, поэтому желательно чтобы в организации существовала какая-то стандартизация в этом плане.

Источник:
KB327453 – Antivirus programs may contribute to file backlogs in SMS 2.0, SMS 2003 and Configuration Manager 2007
ConfigMgr 2007 Antivirus Scan and Exclusion Recommendations
Anti-virus scan exclusions for Configuration Manager 2012

Компоненты Lync Server 2010

Lync Server 2010 processes

ASMCUSvc.exe
AVMCUSvc.exe
DataMCUSvc.exe
DataProxy.exe
FileTransferAgent.exe
IMMCUSvc.exe
MasterReplicatorAgent.exe
MediaRelaySvc.exe
MediationServerSvc.exe
MeetingMCUSvc.exe
MRASSvc.exe
OcsAppServerHost.exe
QmsSvc.exe
ReplicaReplicatorAgent.exe
RTCArch.exe
RtcCdr.exe
RTCSrv.exe

IIS processes

%systemroot%\system32\inetsrv\w3wp.exe
%systemroot%\SysWOW64\inetsrv\w3wp.exe

SQL Server processes

%ProgramFiles%\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLServr.exe
%ProgramFiles%\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
%ProgramFiles%\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\Bin\MSMDSrv.exe

Directories and files

%systemroot%\System32\LogFiles
%systemroot%\SysWow64\LogFiles
%systemroot%\Windows\Assembly\GAC_MSIL
%programfiles%\Microsoft Lync Server 2010
%programfiles%\commonfiles\Microsoft Lync Server 2010
%SystemDrive%\RtcReplicaRoot

Источник: Specifying Antivirus Scanning Exclusions

Компоненты App-V

Clients Windows XP or Windows Server 2003

%USERPROFILE%\Application Data\SoftGrid Client
%ALLUSERSPROFILE%\Application Data\Microsoft\Application Virtualization Client
%ALLUSERSPROFILE%\Documents\SoftGrid Client

Clients Windows Vista, Windows Server 2008 or later

%USERPROFILE%\AppData\Local\SoftGrid Client
%USERPROFILE%\AppData\Roaming\SoftGrid Client
%PROGRAMDATA%\Microsoft\Application Virtualization Client\SoftGrid Client

Источник: Recommended antivirus or antimalware exclusions when troubleshooting Application Virtualization (App-V) client issues

Дополнительные ссылки:

• TechNet Wiki Articles – Windows Anti-Virus Exclusion List
• KB943556 – Recommended Forefront Client Security file and folder exclusions for Microsoft products