Computer Associates used to recommend excluding particular processes and directories from eTrust anti-virus scanning. This, I found, was very important with Microsoft SQL Server, as it would cause a significant performance hit.
You would do this via setting the following registry keys, under HKEY_LOCAL_MACHINE\SOFTWARE\ComputerAssociates\eTrustITM\CurrentVersion\Realtime
szExcludeProcessNames
| Reason for exclusion | List of processes to be excluded, separated by “|” |
| Microsoft SQL Server | sqlserver.exe sqlservr.exe |
| Microsoft Exchange | store.exe |
| Microsoft SMS 2003 | SMSEXEC.EXE CCMEXEC.EXE |
| and some others … |
szExcludeDirs
| Reason for exclusion | List of directories to be excluded, separated by “|” |
| Microsoft SQL Server | SQL disk devices files directories. |
| Microsoft Exchange | Arctemp |
| and some others … |
szExcludeExtList
Allows you to exclude files based on the file name extension. Examples for this I have seen include BTR|DB|MDX|NDX|MDW|ASD|TMP|ZMG
I was reminded of these registry keys, when I read Tim McMichael’s TechNet blog post, An interesting issue with file level antivirus…
Updated 26 Nov 2009 – Added Microsoft SMS 2003.
Updated 22 Dec 2009 – Added:
Virus scanning recommendations for computers that are running Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows 2000, Windows XP, Windows Vista, or Windows 7
Recent Comments