Endpoint Protection

 View Only
Expand all | Collapse all

How to Exclude Files for AD, Exchange.

Migration User

Migration UserJul 28, 2009 05:19 AM

Migration User

Migration UserJul 28, 2009 01:16 PM

Migration User

Migration UserJul 29, 2009 07:15 AM

  • 1.  How to Exclude Files for AD, Exchange.

    Posted Jul 27, 2009 12:52 PM

    Dear Partner,


    Assuming the symantec endpoint has been push down to several serves including AD, Exchange, SQL Server....etc


    How do I configure on the EndPoint projectION Manager to exclude those Active Directory and SQL below as an example.

    How can this be configure and when you do an exclude, how does the endpoint project know that you are exclude server1(AD)   or   server4(sql server)? How can this configuraiton be done.


    Thanks


    Active Directory

    Active Directory and related files to exclude
    • Main NTDS database files. The location of these files is specified in:

    HKLM\System\CurrentControlSet\Services\NTDS\Parameters\DSA Database File

    The default location is %systemroot%\ntds.

    File to exclude:
    • Ntds.dit
    • Active Directory transaction log files. The log directory on any given server is specified in:

    HKLM\System\CurrentControlSet\Services\NTDS\Parameters\Database Log Files Path

    The default location is %systemroot%\ntds.

    Files to exclude:
    • EDB*.log (Notice the wildcard symbol; there can be several log files.)
    • Edbres00001.jrs
    • Edbres00001.jrs
    • The NTDS Working folder that is specified in:

    HKLM\System\CurrentControlSet\Services\NTDS\Parameters\DSA Working Directory

    Files to exclude:
    • TEMP.edb
    • EDB.chk
    SYSVOL files to exclude
    The list in the following table shows the default locations of files and folders to be excluded or scanned for the SYSVOL directory and subdirectories when you use FRS to replicate SYSVOL.
    Important
    If you have placed SYSVOL in another location, then exclude the appropriate path for your installation.

    Folder or File Scan or Exclude
    %systemroot%\SYSVOL Exclude
    %systemroot%\SYSVOL\domain Scan
    %systemroot%\SYSVOL\domain\DO_NOT_REMOVE_NtFrs_PreInstall_Directory Exclude
    %systemroot%\SYSVOL\domain\policies Scan
    %systemroot%\SYSVOL\domain\scripts Scan
    %systemroot%\SYSVOL\staging Exclude
    %systemroot%\SYSVOL\staging areas Exclude
    %systemroot%\SYSVOL\sysvol Exclude
    FRS and related files to exclude
    • The FRS working directory that is specified in:

    HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NtFrs\Parameters\Working Directory

    Files to exclude:
    • <FRS working directory>\jet\sys\edb.chk
    • <FRS working directory>\jet\ntfrs.jdb
    • <FRS Working Directory>\jet\log\*.log
    • The FRS database log files that are specified in:

    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\NtFrs\Parameters\DB Log File Directory

    The default location is %systemroot%\ntds.

    Files to exclude:
    • <FRS working directory>\jet\log\*.log (if the registry entry is not set)
    • <Database log file directory>\log\*.log (if the registry entry is set)
    • FRS Replica_root files that are specified in:

    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\NtFrs\Parameters\Replica Sets\GUID\Replica Set Root
    • The staging directory in:

    HKEY_LOCAL_MACHINE\system\currentcontrolset\services\NtFrs\Parameters\Replica Sets\GUID\Replica Set Stage
    • The FRS Preinstall directory at:

    <Replica_root>\DO_NOT_REMOVE_NtFrs_PreInstall_Directory.

    The Preinstall directory is always open when FRS is running.
    DFS Replication and related files to exclude
    • System Volume Information\DFSR folders and their contents (includes DFSR.DB). This system-protected directory contains working files for the DFS Replication service. It should not be scanned because these files are always in use by the service.
    • <Replicated folder path>\dfsrprivate folders and their contents

    SQL Server


    Directories to exclude from virus scanning
    When you configure your antivirus software settings, make sure that you exclude the following files and directories from virus scanning. Doing this improves the performance of the files and helps make sure that the files are not locked when the SQL Server service must use them. However, if these files become infected, your antivirus software will not unable to detect the infection.
    SQL Server data files

    These files usually have one of the following file name extensions:
    .mdf
    .ldf
    .ndf
    SQL Server backup files

    These files frequently have one of the following file name extensions:
    .bak
    .trn
    Full-Text catalog files
    The directory that holds Analysis Services data


  • 2.  RE: How to Exclude Files for AD, Exchange.

    Posted Jul 27, 2009 02:37 PM


  • 3.  RE: How to Exclude Files for AD, Exchange.

    Posted Jul 27, 2009 02:53 PM
    Hi,

    SEP is not able to distinguish your servers... you have to distiguish them by putting them in different groups.
    You can split your machines in different groups (for single machines as well), go in Policies panel, create as many centralized exceptions as you want and assign each of them to the proper group. As a suggestion to simplify your scenario, if server A needs the exeception X and the server B needs exception Y, and Y is not an issue for A and X is not issue for B, then you can put A and B in the same group under the exceptions X+Y.
    Another solution is to put all servers in one only group but allow the users to create the exception locally in the SEP clients.

    Step-by-step procedures are in the guides (but I am sure someone will copy them for you here).

    Regards,




  • 4.  RE: How to Exclude Files for AD, Exchange.

    Posted Jul 28, 2009 05:19 AM
    imagebrowser image


  • 5.  RE: How to Exclude Files for AD, Exchange.

    Posted Jul 28, 2009 05:58 AM
    Dear Partner,

    How does the system  know which server  e.g DC01,  EXCH01 to exclude on the centralized exception?

    Thanks


  • 6.  RE: How to Exclude Files for AD, Exchange.

    Posted Jul 28, 2009 06:12 AM
    About the automatic exclusion of files and folders for Microsoft Exchange
    server
    If Microsoft Exchange servers are installed on the computer where you installed
    the Symantec Endpoint Protection client, the client software automatically detects
    the presence of Microsoft Exchange. When the client software detects a Microsoft
    Exchange server, it creates the appropriate file and folder exclusions for File
    System Auto-Protect and all other scans. Microsoft Exchange servers can include
    clustered servers. The client software checks for changes in the location of the
    appropriate Microsoft Exchange files and folders at regular intervals. If you install
    Microsoft Exchange on a computer where the client software is already installed,
    the exclusions are created when the client checks for changes. The client excludes
    both files and folders; if a single file is moved from an excluded folder, the file
    remains excluded.
    The client software creates file and folder scan exclusions for the following
    Microsoft Exchange server versions:
    ■ Exchange 5.5
    ■ Exchange 6.0
    ■ Exchange 2000
    ■ Exchange 2003
    ■ Exchange 2007
    ■ Exchange 2007 SP1


  • 7.  RE: How to Exclude Files for AD, Exchange.

    Posted Jul 28, 2009 06:23 AM
    HI Christopher,

    Once the policy is create you need to assign the policy to the group which contain the server e.g DC01, EXCHO1.
    It would apply to all the servers in the group as policy is group specific and not server/Endpoint client specific.

    Regards,
    Nirav Mistry


  • 8.  RE: How to Exclude Files for AD, Exchange.

    Posted Jul 28, 2009 06:47 AM

    SEP client creates automatic exclusion for :
    1. Exchange server
    2. Active Directory domain controller database
    3. Database
    This is by design.
    This is documented in the documentation provided in CD1

    Automatic exclusion of Active Directory files and folders

    The client monitors the applications that are installed on the client computer. If the software detects
    Active Directory on the client computer, the software automatically creates the
    exclusions.
    The client software creates file and folder exclusions for the Active Directory domain controller database, logs, and working files.



  • 9.  RE: How to Exclude Files for AD, Exchange.



  • 10.  RE: How to Exclude Files for AD, Exchange.

    Posted Jul 28, 2009 12:14 PM

    Dear Partner,

    Thanks.

    How about File Server and SQL? Does it have automatic exclusion? 

    I could not find in the admin guide that SQL has automatica exclusion?

    Please advise.

    Assuming if I need to create a centralized exclusion in a group of file server   e.g     c:\temp\software distribution\datastore, how do I do it in the centralized view. Should I type in the c:\temp\software distribution\datastore,  a greate screen shot to show me how this can be configure in this case will provide very useful guidance.

    Thanks



  • 11.  RE: How to Exclude Files for AD, Exchange.

    Posted Jul 28, 2009 12:28 PM


    How to exclude SQL files and folders using Centralized Exceptions

    http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008062709312848



  • 12.  RE: How to Exclude Files for AD, Exchange.

    Posted Jul 28, 2009 01:16 PM
    imagebrowser image



    imagebrowser image


  • 13.  RE: How to Exclude Files for AD, Exchange.

    Posted Jul 28, 2009 08:03 PM
    Dear Partner,


    Thanks

    If Prexfix variable is none I can specify the location. I assume  all server in the group will be excluded.

    How about if a prefix is selected say [SYSTEM], how does this apply to the folder path? Do I need to specify anything?

    Another screen should would be nice.

    By the way, based on my reseach, i cannot find that file server is auto exclusion. Can you confirmed is this auto exclusion?

    In addition, if the symatenc endpoint manager also have a client, is it by default also exclude exclusion automatically.

    Pls advise.

    Thanks


  • 14.  RE: How to Exclude Files for AD, Exchange.

    Posted Jul 29, 2009 06:33 AM
    There is no automatic exclusion for a file server.

    Ye s we need to install SEP client on the machine where SEPM is installed. This client is just a normal client. All auto exclusion that work on other client also work on the SEPM client


  • 15.  RE: How to Exclude Files for AD, Exchange.

    Posted Jul 29, 2009 07:15 AM
    imagebrowser image


  • 16.  RE: How to Exclude Files for AD, Exchange.

    Posted Jul 30, 2009 08:03 PM

    Dear Partner,

    If I create a group that contain AD, Exchange and File server, with the above setting applies to the group, am I right to say that it will auto detect and exclude any of this server?

    Thanks

     



  • 17.  RE: How to Exclude Files for AD, Exchange.

    Posted Jul 30, 2009 08:12 PM
    Yes , it will 

    SEP client creates automatic exclusion for :
    1. Exchange server
    2. Active Directory domain controller database
    3. Database

    Automatic exclusion of Active Directory files and folders
    The client monitors the applications that are installed on the client computer. If the software detects Active Directory on the client computer, the software automatically creates the exclusions.
    The client software creates file and folder exclusions for the Active Directory domain controller database, logs, and working files.


  • 18.  RE: How to Exclude Files for AD, Exchange.

    Posted Sep 30, 2009 02:02 PM

    Exclusion for 3. Database.  Which databases are excluded? And is Windows 2008 Domain Controllers auto excluded?



  • 19.  RE: How to Exclude Files for AD, Exchange.

    Posted Sep 30, 2009 02:11 PM
    Yes  Windows 2008 Domain Controllers is  auto excluded

    Database used by other symantec products


  • 20.  RE: How to Exclude Files for AD, Exchange.

    Posted Sep 30, 2009 03:09 PM
    Need some firm documentation on automatic exclusions. KB anyone?

    Does this included SQL?


  • 21.  RE: How to Exclude Files for AD, Exchange.

    Posted Sep 30, 2009 03:59 PM
    No it doesnot include SQL

    Please refer to the admin  guide page no 373 for more info on this


  • 22.  RE: How to Exclude Files for AD, Exchange.

    Posted Sep 30, 2009 04:43 PM
    I'm looking at page 373 of the admin guide for RU5. No info..

    Update: I found it on page 380. Thanks.



  • 23.  RE: How to Exclude Files for AD, Exchange.

    Posted May 18, 2010 10:03 AM

    Hi All,

    1) So doe SEP currently have auto-exclusions for Exchange 2010 with 11.0.6?  or does Symantec have any plans to include auto-exclustions in future releases?


    2) Lastly just to be clear the auto-exclusions for databases are only for Symantec Embedded Databases NOT any MsSQL Databases?


    Thanks in advance, (GREAT Forum Thread :-D)


  • 24.  RE: How to Exclude Files for AD, Exchange.

    Posted Oct 06, 2010 10:11 AM

    1) Concerning MS Exchange 2010: as of MR6 MP1 --> http://www.symantec.com/business/support/index?page=content&id=TECH97707&locale=en_US

    2) MS-SQL databases are not automatically excluded as far as I 'm aware of, it is the embedded database they speak of.



  • 25.  RE: How to Exclude Files for AD, Exchange.

    Posted Feb 09, 2011 11:10 PM

    Hi Prachand.

    I think you got that -1 vote because of this line

    When the client software detects a Microsoft Exchange server, it creates the appropriate file and folder exclusions for File System Auto-Protect and all other scans.

    You forgot to mention that this only applies to default install location. If you customise the installation, all bets are off. You will then have to manually exclude your custom folders.