Anti-Virus exclusions

I can't give any recommendation regarding the products you mentioned, but as this thread has such an awesome generic title we could start giving recommendations of what [b]generally[/b] should be excluded from AV scanning. I'm not sure if Sophos has these exclusions already hardcoded into SAV or not.

I can start with an official MS recommendation.

For computers that are running Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows 2000, Windows XP, Windows Vista, or Windows 7: http://support.microsoft.com/kb/822158

• Turn off scanning of the Windows Update or Automatic Update database file (Datastore.edb). This file is located in the following folder:
  %windir%\SoftwareDistribution\Datastore
• Turn off scanning of the log files that are located in the following folder:
  %windir%\SoftwareDistribution\Datastore\Logs
  Specifically, exclude the following files:

1. Res*.log
2. Res*.jrs
3. Edb.chk
4. Tmp.edb

• Turn off scanning of Windows Security files by adding the following files in the %windir%\Security\Database path of the exclusions list:

1. *.edb
2. *.sdb
3. *.log
4. *.chk
5. *.jrs

• Turn off scanning of Group Policy related files:
  
  1. Group Policy user registry information. These files are located in the following folder:
     %allusersprofile%
     Specifically, exclude the following file: NTUser.pol
  2. Group Policy client settings file. This file is located in the following folder:
     %Systemroot%\System32\GroupPolicy
     Specifically, exclude the following file: Registry.pol

Note If these files are not excluded, antivirus software may prevent proper access to these files, and security databases can become corrupted. Scanning these files can prevent the files from being used or may prevent a security policy from being applied to the files. These files should not be scanned because antivirus software may not correctly treat them as proprietary database files.

I can't give any recommendation regarding the products you mentioned, but as this thread has such an awesome generic title we could start giving recommendations of what [b]generally[/b] should be excluded from AV scanning. I'm not sure if Sophos has these exclusions already hardcoded into SAV or not.

I can start with an official MS recommendation.

For computers that are running Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows 2000, Windows XP, Windows Vista, or Windows 7: http://support.microsoft.com/kb/822158

• Turn off scanning of the Windows Update or Automatic Update database file (Datastore.edb). This file is located in the following folder:
  %windir%\SoftwareDistribution\Datastore
• Turn off scanning of the log files that are located in the following folder:
  %windir%\SoftwareDistribution\Datastore\Logs
  Specifically, exclude the following files:

1. Res*.log
2. Res*.jrs
3. Edb.chk
4. Tmp.edb

• Turn off scanning of Windows Security files by adding the following files in the %windir%\Security\Database path of the exclusions list:

1. *.edb
2. *.sdb
3. *.log
4. *.chk
5. *.jrs

• Turn off scanning of Group Policy related files:
  
  1. Group Policy user registry information. These files are located in the following folder:
     %allusersprofile%
     Specifically, exclude the following file: NTUser.pol
  2. Group Policy client settings file. This file is located in the following folder:
     %Systemroot%\System32\GroupPolicy
     Specifically, exclude the following file: Registry.pol

Note If these files are not excluded, antivirus software may prevent proper access to these files, and security databases can become corrupted. Scanning these files can prevent the files from being used or may prevent a security policy from being applied to the files. These files should not be scanned because antivirus software may not correctly treat them as proprietary database files.