Recommended antivirus exclusions

Owned by John Murphy (Deactivated)
Last updated: Jan 15, 2016 by Max Pinion (Deactivated)

Arellia recommends that you add the following antivirus exclusions to maintain application performance and integrity.

These guidelines apply to both real time and on-demand antivirus scanning.

Exclusions for Arellia Management Server (AMS)

Exclude the following antivirus programs for the AMS.

Temporary ASP.NET Files

Exclude the following directory to prevent degradation in performance and possible unexpected restarts of the Ams and AmsWorker IIS application pools:

  • %SYSTEMROOT%\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files

Exclusions for Database server

Exclude the following antivirus programs for databases.

SQL server data files

These files contain the data in the Databases and typically have the following extensions:

  • .mdf - primary data filegroups
  • .ndf - secondary data filegroups
  • .ldf - transaction log filegroups

SQL server backup files

These files contain the backup files and typically have the following extensions:

  • .bak - database backup files
  • .trn - transaction log backup files

By default the directories that contain the Data and Backup files are located under C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL.

SQL profiler trace files

These files contain SQL Profiler Trace log data and can be contained in any folder.

They usually have the file extension .trc.

Exclusions for managed endpoints

Exclude the following antivirus programs for managed endpoints.

Request Run As Administrator registry key

Arellia Application Control installs a context menu item that allows executables to be "Request Run as Administrator."

This context menu is added under the following registry key which some antivirus programs incorrectly flag as malware:

  • HKLM\SOFTWARE\Classes\exefile\Shell

Client item database

This directory contains the Arellia Agent client item database and should be excluded from antivirus to prevent corruption:

  • %ProgramData%\Arellia\ClientItems
    • If required you can further limit this exclusion to all files with the .db and .db-* extensions under this location

Miscellaneous agent databases

This directory contains other internal databases used by the Arellia Agent such as the file hash cache and running process cache:

  • %ProgramData%\Arellia\Agent
    • If required you can further define this exclusion to all files with the .db and .db-* extensions under this location.

Arellia Application Control agent service

Some antivirus products require that the Arellia Application Control service be excluded from tamper protection rules because Application Control manipulates other applications which AV may mistake as malicious.

  • C:\Program Files\Arellia\Agents\ApplicationControl\ArelliaACSvc.exe 

For more information on how to configure Symantec Endpoint Protection refer to KB article Enable Arellia Application Control Solution and Symantec Endpoint Protection (SEP).