This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Windows Exclusion Question

Hi all,

I'm stuggling with the Windows Exclusions and the documentation how to do that.
All the documented examples are very simple and limited.
Below I have some examples which I need to exclude and recommented from Microsoft.
Does anybody can give solutions how to exclude this?

%windir%\SoftwareDistribution\Datastore\Logs\Res*.log
%ProgramFiles%\Microsoft SQL Server\MSRS11.*\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
Program Files\Microsoft SQL Server\MSSQL*\FTDATA
%systemdrive%\System Volume Information\DFSR\SimilarityTable_*
%systemtoot%\SYSVOL\sysvol\*\DO_NOT_REMOVE_NtFrs_PreInstall_Directory

I appreciate your help.
Regards,
Ingo

This thread was automatically locked due to age.

0 QC over 12 years ago

Hello Ingo,
the usual introduction: These are recommendations, Microsoft carefully avoids ~~making~~ calling them requirements - they mention potential problems when not using exclusions but also warn about additional risks if you do (there are several threads in this forum discussing this).
As Blocker has stated in another thread you can't use System Variables (this too has been covered several times here). Thus you'd have to use the specific correct paths. Furthermore wildcards are accepted only in a very few places.
%windir%\SoftwareDistribution\Datastore\Logs\Res*.log
This would have to be something like C:\Windows\SoftwareDistribution\Datastore\Logs\Res????????????????.log (an asterisk is only allowed as placeholder for the name or the extension, not as a pre- or suffix and not for both - use a reasonable number of ?s)
%ProgramFiles%\Microsoft SQL Server\MSRS11.*\Reporting Services\ReportServer\Bin\ReportingServicesService
This is a process exclusion - from the KB article it is not clear though what this means. Anyway you'd have to explicitly give the instance name, you can't use an asterisk
Program Files\Microsoft SQL Server\MSSQL*\FTDATA
Also no asterisk; if there is no drive letter (which is valid) it must start with a backslash; to exclude the folder (and everything in and below) a trailing backslash is required (but the GUI adds it if you have selected Folder)
Guess you can figure out how to write the other two.
Finally I'd suggest to carefully read the More Information (especially the first two paragraphs) in KB309422 - it's quite clearly saying that you should not just "blindly" apply the suggested exclusions.
HTH
Christian
:43221
Cancel
Vote Up 0 Vote Down

Cancel
0 Ingo over 12 years ago

Hello Christian,
thanks for your reply.
To avoid using asterisks and a specific abount of question marks I created exclusions like below. Would those work?
\MSSQL\Binn\SQLServr.exe
\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
\OLAP\Bin\MSMDSrv.exe
\FTDATA\
\DO_NOT_REMOVE_NtFrs_PreInstall_Directory\
I removed disk drives and environment variables.
Thanks and regards,
Ingo
:43223
Cancel
Vote Up 0 Vote Down

Cancel
0 QC over 12 years ago

Hello Ingo,
as for the executables: The recommendation speaks of processes - as opposed to files - and thus your .exe-exclusions won't have the desired effect. In fact they'd have a rather undesired effect - the programs aren't scanned before they are allowed to run. As I've said it's not clear what excluding a process should achieve, it could be either that the process shall not be scanned for suspicious behaviour or that no file opened by these processes is scanned (or both). You should perhaps test if not excluding them causes any issues (BTW: I have no exclusions for the "on-board" SQL instance on the management server and haven't seen any issues).
\FTDATA\
will apply only to a folder in the root (e.g. C:\FTDATA\ or \\Server\FTDATA\). It is too "dangerous" to allow a global exclusion of folders with a certain name. You don't have to specify a drive but you must use the entire path.
Christian
:43225
Cancel
Vote Up 0 Vote Down

Cancel