Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 1 subscriber
  • Views 7911 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Windows Exclusion Question

Ingo

Hi all,

I'm stuggling with the Windows Exclusions and the documentation how to do that.
All the documented examples are very simple and limited.
Below I have some examples which I need to exclude and recommented from Microsoft.
Does anybody can give solutions how to exclude this?

%windir%\SoftwareDistribution\Datastore\Logs\Res*.log
%ProgramFiles%\Microsoft SQL Server\MSRS11.*\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
Program Files\Microsoft SQL Server\MSSQL*\FTDATA
%systemdrive%\System Volume Information\DFSR\SimilarityTable_*
%systemtoot%\SYSVOL\sysvol\*\DO_NOT_REMOVE_NtFrs_PreInstall_Directory

I appreciate your help.
Regards,
Ingo

:43189


This thread was automatically locked due to age.
Parents
  • 0

    Hello Ingo,

    as for the executables: The recommendation speaks of processes - as opposed to files - and thus your .exe-exclusions won't have the desired effect. In fact they'd have a rather undesired effect - the programs aren't scanned before they are allowed to run. As I've said it's not clear what excluding a process should achieve, it could be either that the process shall not be scanned for suspicious behaviour or that no file opened by these processes is scanned (or both). You should perhaps test if not excluding them causes any issues (BTW: I have no exclusions for the "on-board" SQL instance on the management server and haven't seen any issues).

    \FTDATA\

    will apply only to a folder in the root (e.g. C:\FTDATA\ or \\Server\FTDATA\). It is too "dangerous" to allow a global exclusion of folders with a certain name. You don't have to specify a drive but you must use the entire path.

    Christian

    :43225
Reply
  • 0

    Hello Ingo,

    as for the executables: The recommendation speaks of processes - as opposed to files - and thus your .exe-exclusions won't have the desired effect. In fact they'd have a rather undesired effect - the programs aren't scanned before they are allowed to run. As I've said it's not clear what excluding a process should achieve, it could be either that the process shall not be scanned for suspicious behaviour or that no file opened by these processes is scanned (or both). You should perhaps test if not excluding them causes any issues (BTW: I have no exclusions for the "on-board" SQL instance on the management server and haven't seen any issues).

    \FTDATA\

    will apply only to a folder in the root (e.g. C:\FTDATA\ or \\Server\FTDATA\). It is too "dangerous" to allow a global exclusion of folders with a certain name. You don't have to specify a drive but you must use the entire path.

    Christian

    :43225
Children
No Data