Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Arellia recommends that you add the following antivirus exclusions be added in order to maintain application performance and integrity.

These guidelines apply to both Real-Time and On-Demand real time and on-demand antivirus scanning.

Exclusions for Arellia Management Server (AMS)

Exclude the following antivirus programs for the AMS.

Temporary ASP.NET Files

This directory should be excluded Exclude the following directory to prevent degradation in performance and possible unexpected restarts of the Ams and AmsWorker IIS application pools:

  • %SYSTEMROOT%\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files

Database Server

...

Exclusions for Database server

Exclude the following antivirus programs for databases.

SQL server data files

These files contain the data in the Databases and typically have the following extensions:

  • .mdf - Primary Data primary data filegroups
  • .ndf - Secondary Data secondary data filegroups
  • .ldf - Transaction Log transaction log filegroups

SQL

...

server backup files

These files contain the backup files and typically have the following extensions:

  • .bak - Database database backup files
  • .trn - Transaction Log transaction log backup files

By default the directories that contain the Data and Backup files are located under C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL.

SQL

...

profiler trace files

These files contain SQL Profiler Trace log data and can be contained in any folder.

They usually have the file extension .trc

...

.

Exclusions for managed endpoints

Exclude the following antivirus programs for managed endpoints.

Request Run As Administrator registry key

Arellia Application Control installs a context menu item that allows executables to be "Request Run as Administrator.".

This context menu is added under the following registry key which some Antivirus antivirus programs incorrectly flag as malware:

  • HKLM\SOFTWARE\Classes\exefile\Shell

Client

...

item database

This directory contains the Arellia Agent client item database and should be excluded from antivirus to prevent corruption:

  • C:\ProgramData%ProgramData%\Arellia\ClientItems
    • If required you can further limit this exclusion to all files with the .db and .db-* extensions under this location

Miscellaneous

...

agent databases

This directory contains other internal databases used by the Arellia Agent such as the file hash cache and running process cache:

  • C:\ProgramData%ProgramData%\Arellia\Agent
    • If required you can further define this exclusion to all files with the .db and .db-* extensions under this location.

Arellia Application Control

...

agent service

Some antivirus products require that the Arellia Application Control service be excluded from tamper protection rules .This is due to the fact that because Application Control manipulates other applications which AV may mistake as malicious.

...

For more information on how to configure Symantec Endpoint Protection refer to KB article Enable Arellia Application Control Solution and Symantec Endpoint Protection (SEP) .