SCOM 2016: Don’t forget those Antivirus Exclusions!

Something that I find is often missed with a SCOM deployment is putting in place the recommended AV exclusions. Not having these in place can cause issues in your environment.

Note: Paths are examples, amend drive letter as required for your environment.

Processes
Monitoringhost.exe

Directories
The following directory-specific exclusions for Operations Manager include real-time scans, scheduled scans and local scans. The directories that are listed here are default application directories so you may have to modify these paths based on your specific environment. Only the following Operations Manager related directories should be excluded.

Important When a directory that is to be excluded has a directory name greater than 8 characters long, add both the short and long directory names of the directory to the exclusion list. These names are required by some AV programs to traverse the subdirectories.

SCOM Management Servers
C:\Program Files\Microsoft System Center 2016\Operations Manager\Server\Health Service State

 Agent machines
C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State

SCOM SQL Servers
These will include the locations for your SCOM databases and log files as well as you SQL master and tempdb
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data
C:\MSSQL\DATA
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Log

File Extensions 
SCOM Management Servers / Agent machines
EDB
CHK
Log

SCOM SQL Servers
MDF
LDF

Leave a Reply

Your email address will not be published. Required fields are marked *