I have just installed the 60 day trial of Avast SBS Suite on my 2003 SBS machine. I am wondering if I need to add manual exclusions to Avast to prevent Avast from actively scanning SYSVOL, etc. Am I required to add the exclusions to this product that Microsoft advises to exclude from real-time scanning, or does the product automatically not scan these locations?
If I need to add exclusions, does a list exist that covers all of the needed ones? I don’t want AD or other server services taking a hit because active-scanning has hit those files.
Also, must I exclude for the system scan that runs on server start-up? ??? Thanks in advance!
There have been 122 reviews yet not one person can advise re: the necessary exclusions for the SBS product on a 2003 SBS machine?! Looks like I might have to find another product then…
go to the TASKS and then the CLIENT-SIDE TASKS
there you have to look for the ON-ACCESS TASKS (and the on-demand if u created any)
choose for the PROPERTIES of the task that you server client has assigned (probably th default resident task)
scroll down to the STANDARD SHIELD and click on the ADVANCED sub option.
in there you can ADD a location
ps: this is a description when you use the ADNM console (which i guess ur using if you plan to test this for deployment in your network enviroment)
the steps might be a little bit different from the normal client configuration but they are almost the same i think (i never used the stand alone server client)
That’s my question to you (are exclusions REQUIRED). I have always been told to exclude certain folders and files from being scanned by antivirus programs on domain controllers, etc. I found the following article that explains what I mean. Are these exclusions needed with the Avast SBS Suite product? Are they needed for both real-time and scheduled scanning, or does this product automatically not scan these types of files/locations being it is specifically tailored to a Small Business Server? Does this make sense? Please advise and thanks!
i could only see a major reason for excluding the netlogon:
when a lot of clients access the netlogon directory (i.e. boot up their computer at the start of the day) it will slow the reading of the netlogon directory/scripts execution thus making it a good idea to exclude
on the other hand, files in the netlogon could be infected too, if a computer logs on it will execute the scripts in that directory as an elevated user meaning admin level access, if a virus finds its way into that directory your complete network could be infected in a mather of minutes…
therefor i would personally NOT exclude that directory for this above reason…
Thanks for the response, WPN. Did you have a chance to read the article? Do I need to worry about any manual exclusions? I appreciate your help thus far and thanks in advance for additional information.
right now im very busy with my vacation c.q. studying for my MCITP 70-643 exam, so sorry no time yet for reading the articles, i will try today tho
in my domain (around 65 concurrent users) i do not make use of any exclusions and its working fine…
as i said i believe the thread is bigger when that directory you mentioned is excluded because of the nature of teh directory, maybe the articles will
clarify some when i read them and change my mind but i do not think i will change my mind about it
Thanks for the input and do let me know once you have a chance. The article is a very easy and short read. I really appreciate you sticking with me. ;D
i quickly scanned tru the MS articles that i found on the site u gave…
they advise to exclude certain directories cuz scanning the files in those directories can result in services stopping and possible dataloss because the scanner locking the files and the services that uses those files cant access the files…
on another note for the avast crew: is there a way to put the suggested exclusions that Microsoft recommends in the above page standard in the ADNM/client configuration, in the way that Microsoft gives, meaning during installation look into the registry about the locations of the files/dirs that need exclusion according to MS…? would be very nice improvement AND a very good selling point, u can sell the point as bein the first? AV package that standard looks for MS recommended exclusions and take of head breaking searches for admins
You are most welcome. I guess this answers my question as to whether or not exclusions are needed. I haven’t entered any yet and things seem to be going okay, but I probably should with all of this being said. Thanks for the review and your response. ;D