Arellia recommends that the following antivirus exclusions be added in order to maintain application performance and integrity.
These guidelines apply to both Real-Time and On-Demand antivirus scanning.
Arellia Management Server
Temporary ASP.NET Files
This directory should be excluded to prevent degradation in performance and possible unexpected restarts of the Ams and AmsWorker IIS application pools:
- %SYSTEMROOT%\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files
Database Server
SQL Server Data Files
These files contain the data in the Databases and typically have the following extensions:
- .mdf - Primary Data filegroups
- .ndf - Secondary Data filegroups
- .ldf - Transaction Log filegroups
SQL Server Backup Files
These files contain the backup files and typically have the following extensions:
- .bak - Database backup files
- .trn - Transaction Log backup files
By default the directories that contain the Data and Backup files are located under C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL
SQL Profiler Trace Files
These files contain SQL Profiler Trace log data and can be contained in any folder.
They usually have the file extension .trc
Managed Endpoints
Request Run As Administrator registry key
Arellia Application Control installs a context menu item that allows executables to be "Request Run as Administrator".
This context menu is added under the following registry key which some Antivirus programs incorrectly flag as malware:
- HKLM\SOFTWARE\Classes\exefile\Shell
Client Item database
This directory contains the Arellia Agent client item database and should be excluded from antivirus to prevent corruption:
- C:\ProgramData\Arellia\ClientItems
- If required you can further limit this exclusion to all files with the .db and .db-* extensions under this location
Miscellaneous Agent databases
This directory contains other internal databases used by the Arellia Agent such as the file hash cache and running process cache:
- C:\ProgramData\Arellia\Agent
- If required you can further define this exclusion to all files with the .db and .db-* extensions under this location
Arellia Application Control Agent service
Some antivirus products require that the Arellia Application Control service be excluded from tamper protection rules.
This is due to the fact that Application Control manipulates other applications which AV may mistake as malicious.
- C:\Program Files\Arellia\Agents\ApplicationControl\ArelliaACSvc.exe
For more information on how to configure Symantec Endpoint Protection refer to KB article Enable Arellia Application Control Solution and Symantec Endpoint Protection (SEP)