This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exclusion for Server 2012R2 Domain Controllers and Exchange 2013

since on access scanning only scans excecutables, there should be no need for most of the exclusions Microsoft recommends, except for the ones that are executables, correct? or am I completely wrong? How do you guys handle exclusions?

This thread was automatically locked due to age.

0 QC over 8 years ago

Hello joeyl,

only scans executables
more or less correct. You can see the extensions considered by opening the local GUI, Configure anti-virus and HIPS -> On-access scanning, tab Extensions (the ? represents one arbitrary character). Note that e.g. JPGs are not executables but nevertheless other vulnerable files. Files that haven't changed aren't re-scanned and before a file is actually scanned its "true file type" is determined.

Our DCs are 2008R2, we don't have any exclusions. Same for Exchange (had one for Forefront Protection's Quarantine folder). Please note that the Microsoft articles (depending on the product the apply to) don't consistently specify the, well, significance of these exclusions - ranging from consider as troubleshooting step but be wary of the additional risk to required. Personally I prefer the if it ain't broken don't fix it approach.

Christian
Cancel
Vote Up 0 Vote Down

Cancel
0 joeyl over 8 years ago in reply to QC

Christian,

thanks for the insight. I will roll out Sophos and keep an eye on the event viewer logs. The servers are preproduction so I have some time to play with them
Cancel
Vote Up 0 Vote Down

Cancel