Question
What are the antivirus exclusions for PremierOne CAD?
Answer
Purpose and Scope
Anti Virus software uses aggressive strategies to protect its environment from threats posed by malicious code. As such AV software can divert the system’s resources to monitor code execution by the running processes, limit connectivity and interoperability of the said processes, and prevent them from accessing certain system assets. This can have the effect of completely blocking or severely reducing the usability of some applications. The purpose of this document is to enumerate and describe the exclusions that must be allowed in the system’s anti-virus scanning software in order to ensure the full and unimpeded functionality of the PremierOne software suite.
References
-
Recommendations for antivirus exclusions that relate to Operations Manager: https://support.microsoft.com/en-us/help/975931/recommendations-for-antivirus-exclusions-that-relate-to-operations-man
-
Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows: https://support.microsoft.com/en-us/kb/822158
-
A 0-byte file may be returned when compression is enabled on a server that is running IIS: https://support.microsoft.com/en-us/kb/817442
-
Recommended vendor exclusions for use with Sophos products (Windows): https://www.sophos.com/support/knowledgebase/35970.aspx
-
How to choose antivirus software to run on computers that are running SQL Server: https://support.microsoft.com/en-us/kb/309422
-
Excluding Microsoft SQL Server files and folders using Centralized Exceptions: https://support.symantec.com/en_US/article.TECH105240.html
-
Recommendations for antivirus exclusions that relate to Operations Manager: https://support.microsoft.com/en-us/kb/975931
-
SYSTEM CENTER 2012 R2 Operations Manager – Anti-Virus Exclusion: http://blogs.technet.com/b/manageabilityguys/archive/2013/11/26/system-center-2012-r2-operations-manager-anti-virus-exclusions.aspx
-
FAQ: Which ArcGIS Enterprise directories should be excluded for security or antivirus software? https://support.esri.com/technical-article/000015732
-
Recommended antivirus exclusions for Hyper-V hosts: https://support.microsoft.com/en-us/help/3105657/recommended-antivirus-exclusions-for-hyper-v-hosts
-
Solarwinds files and directories to exclude from antivirus scanning: https://support.solarwinds.com/Success_Center/Network_Performance_Monitor_(NPM)/Files_and_directories_to_exclude_from_antivirus_scanning
Definitions / Abbreviations / Acronyms
AV - Anti Virus
SCOM - System Center Operations Manager
SQL - Structured Query Language
IIS - Internet Information Services
RDW - Reporting Data Warehouse
SCOM Servers - PINFSCM01, PINFSCM02
SQL Servers - PCADDB01, PCADDB02, PCADRDW01
Application Servers - PCADAPP01, PCADAPP02, PCADAPP03, PCADAPP04
AD Servers - PINFAD01, PINFAD02
GIS Servers - PINFGIS01, PINFGIS02
*.*/s - designates that all files in the folder specified and all sub-folders should be excluded
NOTE: All paths provided in this document may vary and should be confirmed on site
AV Exclusions for System Center Operations Manager (SCOM)
System Center Operations Manager 2012
-
For all Server VMs
-
Location: D:\Program Files\System Center Operations Manager\Agent
-
File Types: .EDB, .CHK, .LOG
-
Processes: HealthService.exe, MonitoringHost.exe
-
-
SCOM Server VMs
-
Location: D:\Program Files\System Center 2012\Operations Manager\Server\Health Service State
-
File Types: .EDB, .CHK, .LOG
-
Processes: CShost.exe, Microsoft.Mom.Sdk.ServiceHost.exe, HealthService.exe, MonitoringHost.exe
-
Exclude the following directory for real-time scans, scheduled scans and local scans: C:\Program Files\System Center Operations Manager\<component>\Health Service State
-
-
SQL Server VMs
-
Location: M:\PremierOne
-
File Types: .MDF
-
Location: L:\PremierOne
-
File Types: .LDF
-
Location: T:\PremierOne
-
File Types: .MDF, .LDF, .NDF
-
Location: K:\PremierOne
-
File Types: .BAK, .TRN
-
Processes: sqlservr.exe, ReportingServicesService.exe
-
System Center Operations Manager 2016
-
For all Server VMs
-
Location: D:\Program Files\System Center Operations Manager\Agent
-
File Types: .EDB, .CHK, .LOG
-
Processes: HealthService.exe, MonitoringHost.exe
-
-
SCOM Server VMs
-
Location: D:\Program Files\System Center 2016\Operations Manager\Server\Health Service State
-
File Types: .EDB, .CHK, .LOG
-
Processes: CShost.exe, Microsoft.Mom.Sdk.ServiceHost.exe, HealthService.exe, MonitoringHost.exe
-
Exclude the following directory for real-time scans, scheduled scans and local scans: C:\Program Files\System Center Operations Manager\<component>\Health Service State
-
-
CAD SQL Server VMs
-
Location: M:\PremierOne
-
File Types: .MDF
-
Location: L:\PremierOne
-
File Types: .LDF
-
Location: T:\PremierOne
-
File Types: .MDF, .LDF, .NDF
-
Location: K:\PremierOne
-
File Types: .BAK, .TRN
-
Processes: sqlservr.exe, ReportingServicesService.exe
-
AV Exclusions for Windows Server
Windows Server 2012 R2
-
For all Server VMs
-
Location: C:\Windows\SoftwareDistribution\Datastore
-
Files: Datastore.edb
-
Location: C:\Windows\SoftwareDistribution\Datastore\Logs
-
Files: EDB*.jrs, Edb.chk, Tmp.edb
-
Location: C:\Windows\Security\Database
-
File Types: .EDB, .SDB, .LOG, .CHK, .JRS
-
Location: %allusersprofile%\
-
File: NTUser.pol
-
Location: C:\windows\System32\GroupPolicy\Machine\ and C:\windows\System32\GroupPolicy\User
-
Registry.pol
-
-
For AD Server VMs
-
Location: D:\AD\NTDS
-
Files: Ntds.dit, Ntds.pat, EDB*.log, Res*.log, Edb*.jrs, Temp.edb, Edb.chk
-
Windows Server 2016
-
For all Server VMs
-
Location: C:\Windows\SoftwareDistribution\Datastore
-
Files: Datastore.edb
-
Location: C:\Windows\SoftwareDistribution\Datastore\Logs
-
Files: EDB*.jrs, Edb.chk, Tmp.edb
-
Location: C:\Windows\Security\Database
-
File Types: .EDB, .SDB, .LOG, .CHK, .JRS
-
Location: %allusersprofile%\
-
File: NTUser.pol
-
Location: C:\windows\System32\GroupPolicy\Machine\ and C:\windows\System32\GroupPolicy\User
-
Registry.pol
-
-
For AD Server VMs
-
Location: D:\AD\NTDS
-
Files: Ntds.dit, Ntds.pat, EDB*.log, Res*.log, Edb*.jrs, Temp.edb, Edb.chk
-
AV Exclusions for IIS
-
For Application Server VMs
-
Location: C:\Windows\IIS Temporary Compressed Files (IIS 6)
-
Files: *.*/s
-
Location: C:\inetpub\temp\IIS Temporary Compressed Files (IIS 7)
-
Files: *.*/s
-
Location: C:\Inetpub\mailroot
-
Files: *.*/s
-
AV Exclusions for PremierOne CAD Services
-
For CAD Application Server VMs
-
Location: D:\Program Files (x86)\Motorola
-
Files: *.*/s
-
Location: D:\Program Files (x86)\CommSys
-
Files: *.*/s
-
Processes: CSIMasterService.exe, Motorola.PremierOne.ServiceHost.exe, PmdcConnectorService.exe, PmdcInterfaceService.exe, PremierOne_CADI_Service.exe, PremierOne_CADP_Service.exe, PremierOne_CADS_Service.exe, PremierOne_CALLS_Service.exe, PremierOne_CS_Service.exe, PremierOne_GIS_Service.exe, PremierOne_MGMT_Service.exe, PremierOne_MS_Service.exe, StartService.exe, WMIService.exe
-
AV Exclusions for PremierOne RMS Services
-
For RMS Application Server VMs
-
Location: D:\Program Files (x86)\Motorola
-
Files: *.*/s
-
Processes: Motorola.PremierOne.RecordsSecurity.Host.exe, Motorola.Notifications.Service.exe, Observability.ConsumerService.exe, Motorola.DocumentPipeline.QueuingService.exe, Motorola.PlatformDaemon.Host.exe
-
AV Exclusions for SQL
SQL Server 2012
-
For CAD SQL and RDW Server VMs (Note: make certain AV is ‘Always-On’ aware)
-
Location: M:\PremierOne
-
File Types: .MDF
-
Location: L:\PremierOne
-
File Types: .LDF
-
Location: T:\PremierOne
-
File Types: .MDF, .LDF, .NDF
-
Location: K:\PremierOne
-
File Types: .BAK, .TRN
-
Location M:\PremierOne\MSSQL11.PREMIERONE\MSSQL\Log\
-
File Types: .TRC
-
Location: D:\Program Files\Microsoft SQL Server\MSSQL11.PREMIERONE\MSSQL\Binn\
-
Location: D:\SQLtrace\ and R:\SQLtrace\
-
Files: sqlservr.exe
-
Location M:\PremierOne\MSSQL11.PREMIERONE\MSSQL\FTData
-
Location: D:\Program Files\Microsoft SQL Server Reporting Services\SSRS\ReportServer\\RSTempFiles\
-
Location: D:\Program Files\Microsoft SQL Server Reporting Services\SSRS\LogFiles\
-
M:\PremierOne\MSSQL11.PREMIERONE\MSSQL\Log\
-
File Types: .XEL, XEM
-
Location: D:\Program Files\Microsoft SQL Server\MSSQL11.PREMIERONE\MSSQL\Binn\Xtp\
-
File Types: .C, .OBJ, .OUT, .PDB, .XML
-
Location: M:\PremierOne\MSSQL11.PREMIERONE\MSSQL\repldata\
-
Location: D:\Program Files\Microsoft SQL Server\MSAS11.PREMIERONE\OLAP
-
Files: *.*/s
-
Location: D:\Program Files\Microsoft SQL Server\MSRS11.OPSMGRRPTS\Reporting Services\RSTempFiles\
-
Files: *.*/s
-
Location: D:\Program Files\Microsoft SQL Server\MSRS11.P1REPORTS\Reporting Services\RSTempFiles\
-
Files: *.*/s
-
Location: D:\Program Files\Microsoft SQL Server\MSRS11.PREMIERONE\Reporting Services\RSTempFiles\
-
Files: *.*/s
-
Location: D:\Program Files\Microsoft SQL Server\MSRS11.PREMIERONE\Reporting Services\LogFiles\
-
Files: *.*/s
-
Location: D:\Program Files\Microsoft SQL Server\MSRS11.P1REPORTS\Reporting Services\LogFiles\
-
Files: *.*/s
-
Location: D:\Program Files\Microsoft SQL Server\MSRS11.OPSMGRRPTS\Reporting Services\LogFiles\
-
Files: *.*/s
-
Location: D:\FileWitness\P1-CAD-CL
-
Files: *.*/s
-
Location: D:\Program Files\Microsoft SQL Server\MSRS11.P1REPORTS\Reporting Services\ReportServer\bin\
-
Files: ReportingServicesService.exe
-
Location: D:\Program Files\Microsoft SQL Server\MSRS11.OPSMGRRPTS\Reporting Services\ReportServer\bin \
-
Files: ReportingServicesService.exe
-
Location: D:\Program Files\Microsoft SQL Server\MSAS11.PREMIERONE\OLAP\bin\
-
Files: msmdsrv.exe
-
Processes: sqlservr.exe, ReportingServicesService.exe, msmdsrv.exe
-
SQL Server 2017
-
For CAD SQL and RDW Server VMs (Note: make certain AV is ‘Always-On’ aware)
-
Location: M:\PremierOne
-
File Types: .MDF
-
Location: L:\PremierOne
-
File Types: .LDF
-
Location: T:\PremierOne
-
File Types: .MDF, .LDF, .NDF
-
Location: M:\PremierOneCJI
-
File Types: .MDF
-
Location: L:\PremierOneCJI
-
File Types: .LDF
-
Location: T:\PremierOneCJI
-
File Types: .MDF, .LDF, .NDF
-
Location: K:\PremierOne
-
File Types: .BAK, .TRN
-
Location M:\PremierOne\MSSQL14.PREMIERONE\MSSQL\Log\
-
File Types: .TRC
-
Location M:\PremierOne\MSSQL14.PREMIERONECJI\MSSQL\Log\
-
File Types: .TRC
-
Location: D:\Program Files\Microsoft SQL Server\MSSQL14.PREMIERONE\MSSQL\Binn\
-
Location: D:\SQLtrace\ and R:\SQLtrace\
-
Files: sqlservr.exe
-
Location M:\PremierOne\MSSQL14.PREMIERONE\MSSQL\FTData
-
Location M:\PremierOne\MSSQL14.PREMIERONECJI\MSSQL\FTData
-
Location: D:\Program Files\Microsoft SQL Server Reporting Services\SSRS\ReportServer\\RSTempFiles\
-
Location: D:\Program Files\Microsoft SQL Server Reporting Services\SSRS\LogFiles\
-
M:\PremierOne\MSSQL14.PREMIERONE\MSSQL\Log\
-
File Types: .XEL, XEM
-
M:\PremierOne\MSSQL14.PREMIERONECJI\MSSQL\Log\
-
File Types: .XEL, XEM
-
Location: D:\Program Files\Microsoft SQL Server\MSSQL14.PREMIERONE\MSSQL\Binn\Xtp\
-
File Types: .C, .OBJ, .OUT, .PDB, .XML
-
Location: M:\PremierOne\MSSQL14.PREMIERONE\MSSQL\repldata\
-
Location: D:\Program Files\Microsoft SQL Server\MSSQL14.PREMIERONECJI\MSSQL\Binn\Xtp\
-
File Types: .C, .OBJ, .OUT, .PDB, .XML
-
Location: M:\PremierOne\MSSQL14.PREMIERONECJI\MSSQL\repldata\
-
Location: D:\Program Files\Microsoft SQL Server\MSAS11.PREMIERONE\OLAP
-
Files: *.*/s
-
Location: D:\Program Files\Microsoft SQL Server\MSAS11.PREMIERONECJI\OLAP
-
Files: *.*/s
-
Location: C:\Program Files\Microsoft SQL Server Reporting Services\SSRS\ReportServer\RSTempFiles\
-
Files: *.*/s
-
Location: C:\Program Files\Microsoft SQL Server Reporting Services\SSRS\LogFiles\
-
Files: *.*/s
-
Location: C:\Program Files\Microsoft SQL Server Reporting Services\SSRS\ReportServer\bin\
-
Files: ReportingServicesService.exe
-
Location: D:\Program Files\Microsoft SQL Server\MSAS14.PREMIERONE\OLAP\bin\
-
Location: D:\Program Files\Microsoft SQL Server\MSAS14.PREMIERONECJI\OLAP\bin\
-
Files: msmdsrv.exe
-
Processes: sqlservr.exe, ReportingServicesService.exe, msmdsrv.exe
-
AV Exclusions for SolarWinds Server
Note: Volume:\ is the default install volume.
-
Location: Volume:\Inetpub\SolarWinds\
-
Files: *.*/s
-
Location: Volume:\ProgramData\SolarWinds\
-
Files: *.*/s
-
Location: Volume:\Program Files (x86)\Common Files\SolarWinds\
-
Files: *.*/s
-
Location: Volume:\Program Files (x86)\Microsoft SQL Server\
-
Files: *.*/s
-
Location: Volume:\Program Files (x86)\SolarWinds\
-
Files: *.*/s
-
Location: C:\Windows\Temp\SolarWinds\
-
Files: *.*/s
-
Location: C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\
-
Files: *.*/s
-
Location: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files\
-
Files: *.*/s
-
Location: C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files\
-
Files: *.*/s
-
Location: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files\
-
Files: *.*/s
-
Location: C:\Windows\System32\config\systemprofile\AppData\Local\assembly\
-
Files: *.*/s
-
The Antivirus program must not restrict any of the following ports: IIS web (TCP/80), SNMP ports (UDP/161, UDP/162), MS SQL database connections (TCP/1433, TCP/1434), SolarWinds Information Service (TCP/17777)
AV Exclusions for ArcGIS Server
-
For ArcGIS Server VMs
-
Location: D:\arcgisserver
-
Files: *.*/s
-
Location: D:\Program Files\ArcGIS\Server
-
Files: *.*/s
-
Location: D:\Python27
-
Files: *.*/s
-
AV Exclusions for CAD Client
-
Location: C:\Program Files (x86)\Motorola
-
Files: *.*/s
-
Location: C:\Program Files (x86)\Priority Dispatch (if installed)
-
Files: *.*/s
-
Location: C:\Users\All Users\CAD Client\Cache
-
Files: *.*/s
-
Location:C:\ProgramData\CAD Client
-
Files: *.*/s
-
Location: C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\DATA\
-
Files: *.*/s
-
Location: C:\Program Files\Microsoft SQL Server\MSSQL14.SQLEXPRESS\MSSQL\DATA\
-
Files: *.*/s
-
Processes: sqlservr.exe, PSWGS.Client.Shell.exe
AV Exclusions for CAD Mobile Client
-
Location: C:\Program Files (x86)\Motorola
-
Files: *.*/s
-
Location: C:\Program Files (x86)\Priority Dispatch (if installed)
-
Files: *.*/s
-
Location: C:\Users\All Users\Mobile Client\Cache
-
Files: *.*/s
-
Location:C:\ProgramData\Mobile Client
-
Files: *.*/s
-
Location: C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\DATA\
-
Files: *.*/s
-
Location: C:\Program Files\Microsoft SQL Server\MSSQL14.SQLEXPRESS\MSSQL\DATA\
-
Files: *.*/s
-
C:\Program Files\Motorola\MobileMap
-
Files: WpfMobileMap.exe
-
Processes: sqlservr.exe, PSWGS.Mobile.Shell.exe, P1Mobile.exe
AV Exclusions for RMS HA Client
-
Location: C:\Program Files (x86)\Motorola\SmartClient
-
Files: *.*/s
-
Location: C:\Program Files
-
Files: *.*/s
-
Location: C:\ProgramData\Motorola
-
Files: *.*/s
-
Location:C:\ProgramData\Mobile Client
-
Files: *.*/s
-
Location: C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\DATA\
-
Files: *.*/s
-
Location: C:\Program Files\Microsoft SQL Server\MSSQL14.SQLEXPRESS\MSSQL\DATA\
-
Files: *.*/s
-
Processes: sqlservr.exe, Motorola.SmartClient.exe, Motorola.SmartClient.Services.exe, Motorola.SmartClient.Updater.exe
AV Exclusions for PMDC
Note: Volume:\ is the default install volume.
-
PMDC Message Switch
-
Location: Volume:\PMDC\
-
Files: *.*/s
-
PMDC Remote Administration Module (RAM)
-
Location: Volume:\RAM\
-
Files: *.*/s
-
-
PMDC Client
-
Location: C:\Premier MDC\
-
Files: *.*/s
-
-
ATMM
-
Location: C:\Program files (x86)\Motorola\ATM or C:\Motorola\ATM\
-
Files: *.*/s
-