Views:

To exclude the list, you need to log on to the Apex One, OfficeScan, Worry-Free Business Security (WFBS) or Deep Security Manager console and go to the following section:

For Apex One as a Service, go to Policies > Policy Management > Policy Name > Edit Policy > Real-time Scan Settings > Scan Exclusion
For OfficeScan, go to Agents > Agent Management > Scan Settings > Real-time Scan Settings
For Worry-Free Business Security (WFBS): Configuring exclusions for File, Folder, and File Type Scanning
For Worry-Free Business Security Services (WFBS-SVC): Excluding a file or application from the anti-malware scan
For Deep Security, go to Agent > Anti-Malware > Scan Profile > Edit > Exclusions.

General Exclusions for all Windows platforms

Please refer to the following article for more information: Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows.

You may also refer to this Microsoft article for Windows Server platforms.

Acronis Backup & Recovery

Refer to the Acronis article: Acronis Backup & Recovery: Exclude Program Folders and Executables from Security Programs.

Appian Enterprise

Refer to the Knowledgebase article: Appian Enterprise slows down or hangs when installed with OfficeScan or ServerProtect.

APTRA

C:\Program Files\NCR APTRA\Activate Core Service\bin\NCR.APTRA.ActivateCoreSrv.exe
C:\Program Files\NCR APTRA\Advance NDC\AANDC.exe
C:\Program Files\NCR APTRA\Advance NDC\ApplicationCore.exe
C:\Program Files\NCR APTRA\Advance NDC\APTRAUSERCDI.exe
C:\Program Files\NCR APTRA\Advance NDC\CampaignImport.exe
C:\Program Files\NCR APTRA\Advance NDC\CheckSum_Tool.exe
C:\Program Files\NCR APTRA\Advance NDC\CommunicationLog.exe
C:\Program Files\NCR APTRA\Advance NDC\FEH.exe
C:\Program Files\NCR APTRA\Advance NDC\HideTB.exe
C:\Program Files\NCR APTRA\Advance NDC\InitEJ.exe
C:\Program Files\NCR APTRA\Advance NDC\makecab.exe
C:\Program Files\NCR APTRA\Advance NDC\NCR.APTRA.AppLoader.exe
C:\Program Files\NCR APTRA\Advance NDC\NCR.APTRA.NDC.Monitor.exe
C:\Program Files\NCR APTRA\Advance NDC\NCR.APTRA.NDC.SST.Configuration.exe
C:\Program Files\NCR APTRA\Advance NDC\NCR.APTRA.SWUpdateSrv_WindowsService.exe
C:\Program Files\NCR APTRA\Advance NDC\NCRSilentDebug.exe
C:\Program Files\NCR APTRA\Advance NDC\NDCReboot.exe
C:\Program Files\NCR APTRA\Advance NDC\PromoteCP.exe
C:\Program Files\NCR APTRA\Advance NDC\VPITCPIPCOMServer.exe
C:\Program Files\NCR APTRA\Advance NDC\Pd\makecab.exe
C:\Program Files\NCR APTRA\Aggregate Installer\AggSrv.exe
C:\Program Files\NCR APTRA\Aggregate Installer\Setup.exe
C:\Program Files\NCR APTRA\Exception Handling\NCRPRS.exe
C:\Program Files\NCR APTRA\Exception Handling\ueh.exe
C:\Program Files\NCR APTRA\Mode Switch\ulms.exe
C:\Program Files\NCR APTRA\NCR Remote Agent\Connector\EAccessTest.exe
C:\Program Files\NCR APTRA\NCR Remote Agent\Connector\EAuthHelper.exe
C:\Program Files\NCR APTRA\NCR Remote Agent\Connector\EKernel.exe
C:\Program Files\NCR APTRA\NCR Remote Agent\Connector\EKernelEx.exe
C:\Program Files\NCR APTRA\NCR Remote Agent\Connector\ELoader.exe
C:\Program Files\NCR APTRA\NCR Remote Agent\Connector\EPACEval.exe
C:\Program Files\NCR APTRA\NCR Remote Agent\Connector\EPwManager.exe
C:\Program Files\NCR APTRA\NCR Remote Agent\Connector\ERemoteServer.exe
C:\Program Files\NCR APTRA\NCR Remote Agent\Connector\ERemoteViewer.exe
C:\Program Files\NCR APTRA\NCR Remote Agent\Connector\EShutdown.exe
C:\Program Files\NCR APTRA\NCR Remote Agent\Connector\openssl.exe
C:\Program Files\NCR APTRA\NCR Remote Agent\Connector\PingServer.exe
C:\Program Files\NCR APTRA\NCR Remote Agent\Connector\SignDUConfig.exe
C:\Program Files\NCR APTRA\NCR Remote Agent\Connector\xWatchDog.exe
C:\Program Files\NCR APTRA\NCR Remote Agent\Desktop\Server\AxedaDesktopACL.exe
C:\Program Files\NCR APTRA\NCR Remote Agent\Desktop\Server\AxedaDesktopServer.exe
C:\Program Files\NCR APTRA\NCR Remote Agent\Desktop\Server\Driver\vista\setupdrv.exe
C:\Program Files\NCR APTRA\NCR Remote Agent\Desktop\Server\Driver\vista64\setupdrv.exe
C:\Program Files\NCR APTRA\NCR Remote Agent\Desktop\Server\Driver\w2K\setupdrv.exe
C:\Program Files\NCR APTRA\NCR Remote Agent\Desktop\Server\Driver\xp\setupdrv.exe
C:\Program Files\NCR APTRA\NCR Remote Agent\Desktop\Server\Driver\xp64\setupdrv.exe
C:\Program Files\NCR APTRA\PcQwertyKeyboard\fmqwerty.exe
C:\Program Files\NCR APTRA\PcSound\SndSync.exe
C:\Program Files\NCR APTRA\Problem Determination Collection\EXTRACT.EXE
C:\Program Files\NCR APTRA\Problem Determination Collection\makecab.exe
C:\Program Files\NCR APTRA\Resource Manager\aptraResourceManager.exe
C:\Program Files\NCR APTRA\RS232IMCRW\croseexe.exe
C:\Program Files\NCR APTRA\RS232IMCRW\fmimcrw.exe
C:\Program Files\NCR APTRA\RS232IMCRW\imcrwldr.exe
C:\Program Files\NCR APTRA\RS232IMCRW\ncrimcrw.exe
C:\Program Files\NCR APTRA\Security Policies\Tools\infconv.exe
C:\Program Files\NCR APTRA\Serial Detector\SerialDeviceDetector.exe
C:\Program Files\NCR APTRA\SM Primitives\aptraSMPrimitives.exe
C:\Program Files\NCR APTRA\SM Primitives\SSTManage.exe
C:\Program Files\NCR APTRA\SSS Runtime Core\EXTRACT.EXE
C:\Program Files\NCR APTRA\SSS Runtime Core\uladminproxy.exe
C:\Program Files\NCR APTRA\SSS Runtime Core\ulkbemul.exe
C:\Program Files\NCR APTRA\SSS Runtime Core\ulloader.exe
C:\Program Files\NCR APTRA\SSS Runtime Core\ulmasth.exe
C:\Program Files\NCR APTRA\SSS Runtime Core\ulmntapp.exe
C:\Program Files\NCR APTRA\SSS Runtime Core\ulpnpsync.exe
C:\Program Files\NCR APTRA\SSS Runtime Core\ulrmpu.exe
C:\Program Files\NCR APTRA\SSS Runtime Core\ulroot.exe
C:\Program Files\NCR APTRA\SSS Runtime Core\ulsm.exe
C:\Program Files\NCR APTRA\SSS Runtime Core\ulstart.exe
C:\Program Files\NCR APTRA\SSS Runtime Core\ulSysApp.exe
C:\Program Files\NCR APTRA\SSS Runtime Core\ultail.exe
C:\Program Files\NCR APTRA\SSS Runtime Core\ulwait.exe
C:\Program Files\NCR APTRA\SSS Runtime Core\WindowsXP-KB969238-x86-ENU.exe
C:\Program Files\NCR APTRA\Tools\UA Log Collector\bin\NCR.APTRA.UALogCollector.exe
C:\Program Files\NCR APTRA\Unified Agent\SNMP\bin\NCR.APTRA.CollectorProxySNMP.exe
C:\Program Files\NCR APTRA\Unified Agent\WS\bin\NCR.APTRA.CollectorProxyWS.exe
C:\Program Files\NCR APTRA\Unified Agent\WS\bin\NCR.APTRA.UAWSTSSrv.exe
C:\Program Files\NCR APTRA\UOPS\UOPServer\kick.exe
C:\Program Files\NCR APTRA\UOPS\UOPServer\UOPCOMServer.exe
C:\Program Files\NCR APTRA\UOPS\UOPServer\UOPLoader.exe
C:\Program Files\NCR APTRA\UOPS\UOPServer\UOPServer.exe
C:\Program Files\NCR APTRA\USB Encrypting PIN Pad 2\USBEPP2Ldr.exe
C:\Program Files\NCR APTRA\USB Loader Service\UsbLoaderSrv.exe
C:\Program Files\NCR APTRA\USB Mini Miscellaneous Interface\UMMCLDR.exe
C:\Program Files\NCR APTRA\USB Miscellaneous Interface\heartbeat.exe
C:\Program Files\NCR APTRA\USB Miscellaneous Interface\WDOG_Uninstall.exe
C:\Program Files\NCR APTRA\Usb80mmThermalPrinters\InstallationFiles\WinMsgMonitor.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELOConfigNCR.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\NCRSleep.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\Setup.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\32bit\AprPerfAdjustTool.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\32bit\EloAprAutoCal.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\32bit\EloAprConf.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\32bit\EloDkMon.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\32bit\EloDriverDefaults.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\32bit\EloIrUTR.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\32bit\EloMultiDrawXP.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\32bit\EloRtBtn.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\32bit\EloSelectComPort.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\32bit\EloSetCal.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\32bit\EloSetup.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\32bit\EloTouchZones.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\32bit\EloTTray.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\32bit\EloVa.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\32bit\EloVa25p.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\32bit\FlashMon.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\64bit\AprPerfAdjustTool.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\64bit\EloAprConf.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\64bit\EloDkMon.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\64bit\EloDriverDefaults.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\64bit\EloIrUTR.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\64bit\EloMultiDrawXP.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\64bit\EloRtBtn.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\64bit\EloSelectComPort.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\64bit\EloSetCal.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\64bit\EloSetup.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\64bit\EloTouchZones.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\64bit\EloTTray.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\64bit\EloVa.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\64bit\EloVa25p.exe
C:\Program Files\NCR APTRA\USBAcousticWaveTouchScreen\ELODrivers\64bit\FlashMon.exe
C:\Program Files\NCR APTRA\USBAntiSkimmingModule\LdrSync.exe
C:\Program Files\NCR APTRA\USBAntiSkimmingModule\SoDRcvry.exe
C:\Program Files\NCR APTRA\USBAntiSkimmingModule\Support.exe
C:\Program Files\NCR APTRA\USBAntiSkimmingModule\UASMLDR.exe
C:\Program Files\NCR APTRA\USBAntiSkimmingModule\AppFirmware\Loader.exe
C:\Program Files\NCR APTRA\USBAntiSkimmingModule\AppFirmware\Rcvry32.exe
C:\Program Files\NCR APTRA\USBAntiSkimmingModule\AppFirmware\Rcvry64.exe
C:\Program Files\NCR APTRA\USBGop\PMFiles\Setup.exe
C:\Program Files\NCR APTRA\USBGop\PMFiles\Driver\install.exe
C:\Program Files\NCR APTRA\USBGop\PMFiles\Utility\DMCCtrl.exe
C:\Program Files\NCR APTRA\USBGop\PMFiles\Utility\PMonitor.exe
C:\Program Files\NCR APTRA\USBGop\PMFiles\Utility\RButton.exe
C:\Program Files\NCR APTRA\USBGop\TSFiles\setup-x86.exe
C:\Program Files\NCR APTRA\USBGop\TSFiles\setup.exe
C:\Program Files\NCR APTRA\USBGop\TSFiles\Common\HTrayApp.exe
C:\Program Files\NCR APTRA\USBGop\TSFiles\Common\hwincal.exe
C:\Program Files\NCR APTRA\USBGop\TSFiles\Common\tsun.exe
C:\Program Files\NCR APTRA\USBGop\TSFiles\USB\NcrHTSE.exe
C:\Program Files\NCR APTRA\USBTouchScreen\deinst.exe
C:\Program Files\NCR APTRA\USBTouchScreen\SETUP.EXE
C:\Program Files\NCR APTRA\WMIDProv\CompileMOFs.exe
C:\Program Files\NCR APTRA\WMIDProv\NCRDevProvSupport.exe
C:\Program Files\NCR APTRA\XFS VDM Service Provider\VDAController.exe

ARCmap

C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\AdjustFrameCamera.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\AdjustRPC.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\ARConfig.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\ArcReaderHost.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\ArcSOMP.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\ComputeFTP.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\FilterDSM.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\FuseDSM.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\GenerateDSM.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\JavaConfigTool.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\RuntimeLocalServer.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\SetBingKey.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\TextureCookerService.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\ArcSOCP.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\BAEngine.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\aisdtsr2g.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\AppESRIPrintLocal.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\ArcScene.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\DesktopThumbnailUpdatingService.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\mp.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\SchematicDatasetEditor.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\aisdtslist.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\aisdtsp2a.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\AppROT.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\ArcCatalog.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\ArcGlobe.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\ArcMap.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\Categories.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\DesktopIndexingService.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\import71.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\Utilities\AdvancedArcMapSettings.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\Tools\DocDefragmenter.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\Tools\MXDDoctor.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\MakeServerStyleSet.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\java\jre\bin\jabswitch.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\java\jre\bin\java.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\java\jre\bin\javacpl.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\java\jre\bin\java-rmi.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\java\jre\bin\javaw.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\java\jre\bin\javaws.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\java\jre\bin\jjs.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\java\jre\bin\jp2launcher.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\java\jre\bin\keytool.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\java\jre\bin\kinit.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\java\jre\bin\klist.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\java\jre\bin\ktab.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\java\jre\bin\orbd.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\java\jre\bin\pack200.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\java\jre\bin\policytool.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\java\jre\bin\rmid.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\java\jre\bin\rmiregistry.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\java\jre\bin\servertool.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\java\jre\bin\ssvagent.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\java\jre\bin\tnameserv.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\java\jre\bin\unpack200.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\agfshp.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\avmifshp.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\SHAPEDXF.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\bin\shpagf.exe
C:\Program Files (x86)\ArcGIS\Desktop10.6\ArcToolbox\Scripts\TestGPRAM.exe

ARCserve

For more information, refer to the following ARCserver articles:

AutoDesk Inventor / AutoCAD

C:\Program Files\Autodesk\Inventor 2013\Bin\Inventor.exe
C:\Program Files\Autodesk\Vault Professional 201\Explorer\Connectivity.VaultPro.exe
C:\Program Files\Autodesk\AutoCAD 2013\acad.exe
C:\Program Files\Autodesk\Inventor Fusion 2013\Inventor Fusion.exe
C:\Program Files\Autodesk\DWG TrueView 2013\dwgviewr.exe
C:\Program Files (x86)\Autodesk\Autodesk Design Review 2013\DesignReview.exe
C:\Program Files\Autodesk\Product Design Suite 2013\Bin\ProductDesignSuite.exe

Cisco AMP

C:\Program Files\Cisco\AMP\6.2.19\sfc.exe
C:\Program Files\Cisco\AMP\6.2.19\uninstall.exe
C:\Program Files\Cisco\AMP\clamav\0.100.2.63\freshclamwrap.exe
C:\Program Files\Cisco\AMP\clamav\0.100.2.63\freshclam.exe
C:\Program Files\Cisco\AMP\6.2.19\ipsupporttool.exe
C:\Program Files\Cisco\AMP\6.2.19\ConnectivityTool.exe
C:\Program Files\Cisco\AMP\6.2.19\creport.exe
C:\Program Files\Cisco\AMP\6.2.19\iptray.exe
C:\Program Files\Cisco\AMP\6.2.19\sfc.exe
C:\Program Files\Cisco\AMP\6.2.19\updater.exe
c:\windows\temp\clamav-8b9ae7ad89e074cb9a38af0dcf64ee83.tmp to c:\windows\temp\clamav-*.tmp (clamav-xxxx.tmp files, Cisco confirmed that these files are part of their signature patterns)

Cisco AnyConnect

C:\Program Files (x86)\Cisco\Cisco HostScan\bin\cscan.exe
C:\Program Files (x86)\Cisco\Cisco HostScan\bin\ciscod.exe
C:\Program Files (x86)\Cisco\Cisco HostScan\bin\cstub.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpndownloader.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpndownloader.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpncli.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\VACon64.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\aciseuac.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\aciseposture.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\aciseagent.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acise.exe
C:\Program Files (x86)\Cisco\Cisco HostScan\lib\wa_3rd_party_host_32.exe
C:\Program Files (x86)\Cisco\Cisco HostScan\lib\wa_3rd_party_host_64.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\opswat\wa_3rd_party_host_32.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\opswat\wa_3rd_party_host_64.exe

Cisco Anyconnect VPN

Drive:\Program Files (x86)\cisco\cisco anyconnect vpn client\vpnagent.exe
Drive:\Program Files (x86)\cisco\cisco anyconnect vpn client\vpnui.exe

Citrix

C:\program files\citrix\ICA Client\reciver.exe
C:\program files\citrix\ICA Client\pnamain.exe
C:\program files\citrix\ICA Client\concentr.exe
C:\program files\citrix\ICA Client\wfcrun32.exe
C:\program files\citrix\ICA Client\PNagent.exe
C:\program files\Citrix\Broker\Service\BrokerService.exe
C:\program files\Citrix\Broker\Service\HighAvailabilityService.exe
C:\program files\Citrix\ConfigSync\ConfigSyncService.exe
C:\program files\Citrix\User Profile Manager\UserProfileManager.exe
C:\program files\Citrix\Virtual Desktop Agent\BrokerAgent.exe
C:\Windows\System32\spoolsv.exe
C:\program files\Citrix\ICAService\picaSvc2.exe
C:\program files\Citrix\ICAService\CpSvc.exe
C:\program files\Citrix\Provisioning Services\BNTFTP.EXE
C:\program files\Citrix\Provisioning Services\PVSTSB.EXE
C:\program files\Citrix\Provisioning Services\StreamService.exe
C:\program files\Citrix\Provisioning Services\StreamProcess.exe
C:\program files\Citrix\Provisioning Services\soapserver.exe
C:\program files\Citrix\Provisioning Services\Inventory.exe
C:\program files\Citrix\Provisioning Services\Notifier.exe
C:\program files\Citrix\Provisioning Services\MgmntDaemon.exe
C:\program files\Citrix\Provisioning Services\BNPXE.exe
C:\program files\Citrix\XaXdCloudProxy\XaXdCloudProxy.exe

Citrix Exclusions

On Citrix systems, the following extensions have been causing performance problems. Exclude these file extensions to avoid any performance problems: *.LOG, *.DAT, *.TMP, *.POL, *.PF.

For more information, refer to the Citrix articles:

The following process recommended by Citrix articles is already excluded in Deep Security by default. Please do not add it again to Process Image exclusion:

%SystemRoot%\System32\winlogon.exe

CyberSafe

C:\Program Files (x86)\CyberSafe\bin\CSTBesigauth32.exe
C:\Program Files (x86)\CyberSafe\bin\khostname.exe
C:\Program Files (x86)\CyberSafe\bin\ktutil.exe
C:\Program Files (x86)\CyberSafe\bin\getsite.exe
C:\Program Files (x86)\CyberSafe\bin\CSTBpmem_cc32.exe
C:\Program Files (x86)\CyberSafe\bin\CSTBcred32.exe

DGagent DLP

C:\Program Files\DGAgent\Verity\miniIdol\IDOL\agentstoremini\agentstore.exe
C:\Program Files\DGAgent\Verity\kv\_nti40\bin\tstxtract.exe
C:\Program Files\DGAgent\Verity\kv\_nti40\bin\kvoop.exe
C:\Program Files\DGAgent\Verity\kv\_nti40\bin\FilterTestDotNet.exe
C:\Program Files\DGAgent\Verity\kv\_nti40\bin\filter.exe
C:\Program Files\DGAgent\DgUpdate\DgUpdate.exe
C:\Program Files\DGAgent\DGCipher.exe
C:\Program Files\DGAgent\DG-Diag.exe
C:\Program Files\DGAgent\iftest.exe
C:\Program Files\DGAgent\dg_UsrEncrProvider.exe
C:\Program Files\DGAgent\DgWip.exe
C:\Program Files\DGAgent\DgUpdate.exe
C:\Program Files\DGAgent\DgService.exe
C:\Program Files\DGAgent\DgScan.exe
C:\Program Files\DGAgent\DgProbe.exe
C:\Program Files\DGAgent\DgPrompt.exe
C:\Program Files\DGAgent\DGFolderScan.exe
C:\Program Files\DGAgent\DgAgent.exe

The data directory is used to store Domino email messages. Repeated scanning of this folder while it is being updated with new messages is not an efficient way to scan locally stored email. Use virus scanning applications such as ScanMail for Domino to handle email viruses. By default, the Domino data directory for a non-partitioned installation is: \ Lotus \ Domino \ Data.

Docker

Add the following directories depending on the operating system where the docker is deployed:

/var/lib/docker on Linux
%ProgramData%\docker on Windows Server
$HOME/Library/Containers/com.docker.docker/ on Mac

Refer to Full documentation from Docker.

Exchange 2007, 2010, 2013, 2016, Office 2013 and Office 365

Refer to the following Microsoft articles:

Exchange 2007: File-Level Antivirus Scanning on Exchange 2007
Exchange 2010: File-Level Antivirus Scanning on Exchange 2010
Exchange 2013: Anti-Virus Software in the Operating System on Exchange Servers
Exchange 2016: Running Windows antivirus software on Exchange 2016 servers
Office 2013 (including Office 365): Plan antivirus scanning for Outlook 2013

FAST Search Server 2010 for SharePoint

Refer to this Microsoft article: Review hardware and software requirements (FAST Search Server 2010 for SharePoint).

FSLogix Profile Containers

Refer to the following Microsoft article for more information: FSLogix for the enterprise

Intel WiDi/Miracast

Refer to this KB article: Firewall setting configuration for Intel WiDi/Miracast in OfficeScan.

Ivanti AppSense

Refer to the following article: Recommended Anti-Virus and AppSense Exclusions.

Laserfiche

C:\Program Files (x86)\Laserfiche\Client\Scanning\WIAScanClient91.exe
C:\Program Files (x86)\Laserfiche\Client\Scanning\LFScan.exe
C:\Program Files (x86)\Laserfiche\Client\Scanning\LfTwainClient91.exe
C:\Program Files (x86)\Laserfiche\Client\Scanning\ScanConnectClient91.exe
C:\Program Files (x86)\Laserfiche\Client\Scanning\ThumbnailGen.exe
C:\Program Files (x86)\Laserfiche\Client\Scanning\BPSessionClient91.exe
C:\Program Files (x86)\Laserfiche\Client\Scanning\FileScanClient91.exe
C:\Program Files (x86)\Laserfiche\Client\Scanning\LfKofaxClient91.exe
C:\Program Files (x86)\Laserfiche\Client\LFOffice\Laserfiche.OfficeMonitor.exe
C:\Program Files (x86)\Laserfiche\Client\LFOffice\Laserfiche.OfficePlugin.WebAccess.Monitor.exe

Lenovo Plugin

C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\RegAsm.exe
C:\Program Files\Lenovo\HOTKEY\PerfModeSettings.exe
C:\Program Files\Lenovo\HOTKEY\tposdc.exe
C:\Program Files\Lenovo\HOTKEY\micmutes.exe
C:\Program Files\Lenovo\HOTKEY\micmutec.exe
C:\Program Files\Lenovo\HOTKEY\kbdmgr.exe
C:\Program Files\Lenovo\HOTKEY\specialkeyhelper.exe
C:\Program Files\Lenovo\HOTKEY\kbdmgrc.exe
C:\Program Files\Lenovo\HOTKEY\setapps.exe
C:\Program Files (x86)\Lenovo\System Update\unins000.exe
C:\Program Files (x86)\Lenovo\System Update\tpisysidsu.exe
C:\Program Files (x86)\Lenovo\System Update\EnumCD.exe
C:\Program Files (x86)\Lenovo\System Update\mapdrv.exe
C:\Program Files (x86)\Lenovo\System Update\clearsuservice.exe
C:\Program Files (x86)\Lenovo\System Update\IsMetroMode.exe
C:\Program Files (x86)\Lenovo\System Update\ApsChk86.exe
C:\Program Files (x86)\Lenovo\System Update\ApsChk64.exe
C:\Program Files (x86)\Lenovo\System Update\Installer64.exe
C:\Program Files (x86)\Lenovo\System Update\DiDriverInstall64.exe
C:\Program Files (x86)\Lenovo\System Update\egather\IA.exe
C:\Program Files (x86)\Lenovo\System Update\uncsetting.exe
C:\Program Files (x86)\Lenovo\System Update\tvsuShim.exe
C:\Program Files (x86)\Lenovo\System Update\tvsu.exe
C:\Program Files (x86)\Lenovo\System Update\susetsched.exe
C:\Program Files (x86)\Lenovo\System Update\UNCServer.exe
C:\Program Files (x86)\Lenovo\System Update\UACSdk.exe
C:\Program Files (x86)\Lenovo\System Update\TvtBiosCheck.exe
C:\Program Files (x86)\Lenovo\System Update\Tvsukernel.exe
C:\Program Files (x86)\Lenovo\System Update\TvsuCommandLauncher.exe
C:\Program Files (x86)\Lenovo\System Update\StartSuService.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Lenovo\System Update\ConfigService.exe
C:\Program Files (x86)\Lenovo\System Update\ConfigScheduledTask.exe
C:\Program Files (x86)\Lenovo\System Update\7za.exe

Mapped Drives / Shared Folders

This option is best disabled. If it is enabled, it may create unnecessary network traffic when the end users access remote paths or mapped network drives. It can severely impact the user’s experience. Consider disabling this function if all workstations have OfficeScan client installed and are updated to the latest virus signature.

McAfee DLP endpoint

Please refer to the following McAfee article for detailed instructions: Endpoint Security and VirusScan Enterprise exclusions for Data Loss Prevention Endpoint to improve performance.

Trend Micro does not recommend running multiple DLP solutions as this may possibly result in software conflict. Please disable Trend Micro Apex One Data Loss Prevention should McAfee DLP be used.

Microsoft Active Directory Domain Controller

Process exclusions for AD DS and AD DS-related support files:

%systemroot%\System32\ntfrs.exe
%systemroot%\System32\lsass.exe

Refer to the following article for turning off scanning of Active Directory and Active Directory-related files: Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows.

Microsoft Azure Information Protection

C:\Program Files (x86)\Microsoft Azure Information Protection\MSIP.Scanner.exe
C:\Program Files (x86)\Microsoft Azure Information Protection\MSIP.ExecutionHost32.exe
C:\Program Files (x86)\Microsoft Azure Information Protection\MSIP.App.exe
C:\Program Files (x86)\Microsoft Azure Information Protection\MSIP.ExecutionHost.exe
C:\Program Files (x86)\Microsoft Azure Information Protection\MSIP.Tools.Configuration.exe
C:\Program Files (x86)\Microsoft Azure Information Protection\MSIP.Viewer.exe
C:\Program Files (x86)\Microsoft Azure Information Protection\adxregistrator.exe

Microsoft File Cluster

Microsoft Exchange Server

Exclude the directory or partition where MS Exchange stores its mailbox. Use virus scanning applications like ScanMail for Exchange to handle email viruses. Installable File System (IFS) drive M must also be excluded to prevent the corruption of the Exchange Information Store.

Microsoft Hyper-V

Refer to this article: Recommended antivirus exclusions for Hyper-V hosts.

C:\Windows\System32\Vmms.exe
C:\Windows\System32\Vmwp.exe
C:\Windows\System32\Vmsp.exe
C:\Windows\System32\Vmcompute.exe
C:\Windows\System32\dfsr.exe
C:\Windows\System32\dfsrs.exe
C:\Windows\system32\inetsrv\w3wp.exe
C:\Windows\SysWOW64\inetsrv\w3wp.exe

Microsoft IIS 7.0 Server

Web Server log files should be excluded from scanning. By default, IIS logs are saved in:\inetpub\logs\*.log.

Microsoft Lync

Scan exclusion guidelines for Microsoft Lync:

Microsoft SharePoint Servers Foundation 2010

Refer to this Microsoft article: Certain folders may have to be excluded from antivirus scanning when you use a file-level antivirus program in SharePoint.

Microsoft SQL Server

Because scanning may hinder performance, large databases should not be scanned. Since Microsoft SQL Server databases are dynamic, they exclude the directory and backup folders from the scan list. If it is necessary to scan database files, a scheduled task can be created to scan them during off-peak hours.

Refer to the following article from Microsoft to obtain the advised SQL server exclusion list: How to choose antivirus software to run on computers that are running SQL Server.

Microsoft WSUS and SMS Service

You can refer to the article on allowing WSUS and SMS exclusion list: Recommended exclusion list for Microsoft WSUS and SMS servers

N-Able

You can refer to the official list from the N-Able website: N-central Windows Agent Exclusions for third party AV products.

NCR

C:\Aptra\USBDISPENSER\setup.exe
C:\Aptra\USBDISPENSER\Comps\VisualC2.16d\010101.8c0\VC2015RT.exe
C:\iSuite\iJournal\EJCutOff.exe
C:\iSuite\iJournal\IJournalATM.exe
C:\iSuite\iJournal\iJournalATMCutover.exe
C:\iSuite\iJournal\InstallUtil.exe
C:\iSuite\NCRAppManager\NCRAppManager.exe
C:\iSuite\NCRAppManager\NCRAppManager.vshost.exe
C:\iSuite Client\iJournalSetup_3.3.13_All banks Win 7.exe
C:\iSuite Client\NCRAppManager_1.0.0.2.exe
C:\iSuite Client\VCRuntime2005.exe
C:\MSSOHAR_V1\hosts.exe
C:\MSSOHAR_V1\PredictiveServicesCertificateUpdate.exe
C:\MSSOHAR_V1\UAWS.exe
C:\NCR\Fetch.exe
C:\NCR\UAWS\setup.exe
C:\Program Files\Common Files\NCR\MAKECAB.EXE
C:\Program Files\Common Files\NCR\NCRXFSInternalError.exe
C:\Program Files\Common Files\NCR\PRSCheck.exe
C:\Program Files\Common Files\NCR\StdWrap.exe
C:\Program Files\Common Files\NCR\ulfm.exe
C:\Program Files\Common Files\NCR\ulwait.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Security Runtime\sntlsrtsrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel System Driver\Drv32InstLauncher.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel System Driver\RemoveDriverTrail.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel System Driver\RemoveDriverTrailLauncher.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel System Driver\SentinelDrv32Support.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel System Driver\SetupSysDriver.exe
C:\Program Files\Elo Touch Solutions\AprPerfAdjustTool.exe
C:\Program Files\Elo Touch Solutions\EloAprAutoCal.exe
C:\Program Files\Elo Touch Solutions\EloAprConf.exe
C:\Program Files\Elo Touch Solutions\EloDkMon.exe
C:\Program Files\Elo Touch Solutions\EloDriverDefaults.exe
C:\Program Files\Elo Touch Solutions\EloIrUTR.exe
C:\Program Files\Elo Touch Solutions\EloMultiDrawXP.exe
C:\Program Files\Elo Touch Solutions\EloRtBtn.exe
C:\Program Files\Elo Touch Solutions\EloSelectComPort.exe
C:\Program Files\Elo Touch Solutions\EloSetCal.exe
C:\Program Files\Elo Touch Solutions\EloSetup.exe
C:\Program Files\Elo Touch Solutions\EloTouchZones.exe
C:\Program Files\Elo Touch Solutions\EloTTray.exe
C:\Program Files\Elo Touch Solutions\EloVa.exe
C:\Program Files\Elo Touch Solutions\EloVa25p.exe
C:\Program Files\Elo Touch Solutions\FlashMon.exe
C:\Windows\NCR\Autologon.exe
C:\Windows\NCR\DosHide.exe
C:\Windows\NCR\DosSee.exe
C:\Windows\NCR\HTaskbar.exe
C:\Windows\NCR\NoCursor.exe
C:\Windows\NCR\PROCESS.EXE
C:\Windows\NCR\StartUp.exe
C:\Windows\NCR\STaskbar.exe
C:\Windows\NCR\ULSETPRS.EXE
C:\Windows\NCR\ULSHUTD.EXE
C:\Windows\NCR\ULSLEEP.EXE
C:\Windows\NCR\USBPRT.exe
C:\Windows\NCR\vidchng.exe
C:\Windows\NCR\Tools\Dev2Csv.exe
C:\Windows\NCR\Tools\Fetch.exe
C:\Windows\NCR\Tools\GBNAInfo.exe
C:\Windows\NCR\Tools\reg.exe
C:\Windows\NCR\Tools\SaveBVInfo.exe
C:\Windows\NCR\Tools\Shakari.exe
C:\Windows\NCR\Tools\Tallies.exe
C:\Windows\NCR\Tools\zip.exe
C:\Windows\Panther\setup.exe

Oracle

.dbf - Database file
.log - Online Redo Log
.rdo - Online Redo Log
.arc - Archive log
.ctl - Control files

Palo Alto Traps

%Program Files%\Palo Alto Networks\Traps\
%ProgramData%\Cyvera\
Cyserver.exe
CyveraConsole.exe
CyveraService.exe
tlaworker.exe

SAP

SAP ABAP or Java installs: \usr\sap\
SAP Content Server Install: \SAPDB\
SAP Printer Server: SAPSprint.exe
Servers where are SAPGui is installed: lsagent.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\saplgpad.exe
C:\Program Files (x86)\SAP\NWBC65\cef\CefSharp.BrowserSubprocess.exe
C:\Program Files (x86)\SAP\NWBC65\NwbcUrlHandler.exe
C:\Program Files (x86)\SAP\NWBC65\NwbcTaskbarHandler.exe
C:\Program Files (x86)\SAP\NWBC65\NwbcPropertyCollector.exe
C:\Program Files (x86)\SAP\NWBC65\NwbcDesktopAgent.exe
C:\Program Files (x86)\SAP\NWBC65\NwbcCore.exe
C:\Program Files (x86)\SAP\NWBC65\NwbcBrowserHost.exe
C:\Program Files (x86)\SAP\NWBC65\NWBC.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\visu_se.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\visualiz.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\ssfrfc.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\sapsettingsshow.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\sapshcut.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPhttp.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\SapGuiServer.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPgui.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPftp.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\sapcms.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\niping.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\omsprint.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\gnxlx.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\gnupx.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\gnwdx.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\gnstx.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\gnsux.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\gnpox.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\gnscx.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\gnmsx.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\gnnex.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\gnhix.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\gnhox.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\gnhpx.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\gngax.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\gnetx.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\gneux.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\gnbux.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\gndlx.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\gnbax.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\gnbmx.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\SAPGUIControlPlugin.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\FrontOptEdit.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\Unicode\SAPhttp.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\Unicode\SAPftp.exe
C:\Program Files (x86)\SAP\SapSetup\Setup\SapStart.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\guixt.exe
C:\Program Files (x86)\SAP\Business Explorer\BI\BExWebApplicationDesigner.exe
C:\Program Files (x86)\SAP\Business Explorer\BI\BExReportDesignerStarter.exe
C:\Program Files (x86)\SAP\Business Explorer\BI\BExQueryDesignerStarter.exe
C:\Program Files (x86)\SAP\Business Explorer\BI\BExInstaller.exe
C:\Program Files (x86)\SAP\Business Explorer\BI\BExAnalyzer.exe
C:\Program Files (x86)\SAP\SapSetup\Setup\SapRegSv.exe
C:\Program Files (x86)\SAP\SapSetup\Setup\NwSnapshot64.exe
C:\Program Files (x86)\SAP\SapSetup\Setup\NwSAPSetupOnRebootInstSvc.exe
C:\Program Files (x86)\SAP\SapSetup\Setup\DotNetUtils20.exe
C:\Program Files (x86)\SAP\SapSetup\Setup\DotNetUtils40.exe
C:\Program Files (x86)\SAP\SapSetup\Setup\NwSapSetup.exe
C:\Program Files (x86)\SAP\SapSetup\Setup\NwCheckWorkstation.exe
C:\Program Files (x86)\SAP\SapSetup\OnRebootSvc\sapregsv.exe
C:\Program Files (x86)\SAP\SapSetup\OnRebootSvc\NwSnapshot64.exe
C:\Program Files (x86)\SAP\SapSetup\OnRebootSvc\NWSAPSetupOnRebootInstSvc.exe
C:\Program Files (x86)\SAP\SapSetup\OnRebootSvc\DotNetUtils20.exe
C:\Program Files (x86)\SAP\SapSetup\OnRebootSvc\DotNetUtils40.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\help_04.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\htmlhelp\shh.exe
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\Testtools\Check_DOI.exe

During SAP installs or upgrades, it is recommended to exclude the base SAPinst directories and subdirectories: ..\Program Files\SAPinst_instdir\.

SMART Notebook Express

Refer to the Knowledgebase article: Excluding third-party software from the OfficeScan Realtime Scan.

Symantec Backup Exec

~\Symantec\Backup Exec\beremote.exe
~\Symantec\Backup Exec\beserver.exe
~\Symantec\Backup Exec\bengine.exe
~\Symantec\Backup Exec\benetns.exe
~\Symantec\Backup Exec\pvlsvr.exe
~\Symantec\Backup Exec\BkUpexec.exe

For the latest updates on this list, you may refer to this Veritas Support article.

System Center Configuration Manager (SCCM)

SCCM 2012 Manager

Boot image: C:\Windows\TEMP\BootImages\
OS image: \ConfigMgr_OfflineImageServicing and subfolders.\

SCCM 2012 Endpoint Protection

%allusersprofile%\NTUser.pol
%systemroot%\system32\GroupPolicy\registry.pol
%windir%\Security\database\*.chk
%windir%\Security\database\*.edb
%windir%\Security\database\*.jrs
%windir%\Security\database\*.log
%windir%\Security\database\*.sdb
%windir%\SoftwareDistribution\Datastore\Datastore.edb
%windir%\SoftwareDistribution\Datastore\Logs\edb.chk
%windir%\SoftwareDistribution\Datastore\Logs\edb*.log
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00001.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Edbres00002.jrs
%windir%\SoftwareDistribution\Datastore\Logs\Res1.log
%windir%\SoftwareDistribution\Datastore\Logs\Res2.log
%windir%\SoftwareDistribution\Datastore\Logs\tmp.edb
%programfiles%\Microsoft Configuration Manager\Inboxes\*.*
%programfiles(x86)%\Microsoft Configuration Manager\Inboxes\*.*

System Center Operations Manager (SCOM)

Exclusion by Directory

For Operations Manager 2007 or Operations Manager 2007 R2: C:\Program Files\System Center Operations Manager<version>\Health Service State
The placeholder <version> represents "2007" for Operations Manager 2007 or Operations Manager 2007 R2.
For Operations Manager 2012: C:\Program Files\System Center Operations Manager\<component>\Health Service State
The placeholder <component> represents "Agent" or "Server" for Operations Manager
For Operations Manager 2012 R2 (management server): C:\Program Files\Microsoft System Center 2012 R2\Operations Manager\Server\Health Service State
For Operations Manager 2012 R2 (gateway server): C:\Program Files\System Center Operations Manager\Gateway\Health Service State
For Operations Manager 2012 R2 (agent): C:\Program Files\Microsoft Monitoring Agent\Agent\Health Service State

Exclusion by Extension

SQL database servers:
These exclusions include the SQL Server database files that are used by Operations Manager components and the system database files for the master database and for the tempdb database.For example:
- MDF
- LDF
Operations Manager (management servers, gateways, and agents):
These exclusions include the queue and log files that are used by Operations Manager. For Example:
- EDB
- CHK
- LOG

TripWire AV

*CVD.exe
*Cvfwd.exe
*ClMgrS.exe
*GxSearchServer
*tomcat.exe
*EvMgrS.exe
*AppMgrSvc.exe
*JobMgr.exe
*MediaManager.exe
*QSDK.exe
*CVMountd.exe
*CVContentPreview.exe
*CVMessageQueue.exe
*ClMgrS.exe
*CVRepSvc.exe
*VSS_SWProv_Svc.exe
*VSS_HWPROV.SCV.exe
*CVJavaWorkflow(Instance001).exe
*Tomcat.exe
*GxWinClusPlugin.exe

Veeam

Refer to this Veeam article: How to configure antivirus exclusions to prevent interaction with Veeam Backup & Replication.

VMWare Horizon

C:\Program Files\VMware\VMware View\Agent\bin\VMWVvpsvc.exe
C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\VMTOOLSD.EXE
C:\Program Files\Common Files\VMware\View Composer Guest Agent\vmware-svi-ga.exe
C:\Program Files\VMware\VMware View\Agent\bin\wsnm.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Program Files\VMware\VMware View\Agent\bin\ws_scripthost.exe
C:\Program Files\VMware\VMware View\Server\appblastgateway\nssm.exe
C:\Program Files\VMware\VMware View\Server\bin\ws_ConnectionServer.exe
C:\Program Files\VMware\VMware View\Server\bin\wsnm.exe
C:\Program Files\VMware\VMware View\Server\bin\ws_MessageBusService.exe
C:\Program Files\VMware\VMware View\Server\bin\SecurityGateway.exe
C:\Program Files\VMware\VMware View\Server\bin\ws_scripthost.exe
C:\Program Files\VMware\VMware View\Server\bin\ws_TunnelService.exe
C:\Program Files (x86)\VMware\JMP\nssm-2.24\nssm-2.24\win32\nssm.exe
C:\Program Files (x86)\VMware\JMP\com\xmp\node_modules\winser\bin\nssm.exe
C:\Program Files (x86)\VMware\VMware Horizon View Client\vmware-view.exe
C:\Program Files (x86)\VMware\VMware Horizon View Client\wsnm.exe
C:\Program Files (x86)\VMware\VMware Horizon View Client\bin\vmware-view-usbd.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

VMWare

Other file extension types that should be added to the exclusion list include large flat and designed files, such as VMWare disk partition. Scanning VMWare partitions while attempting to access them can affect session loading performance and the ability to interact with the virtual machine. Exclusions can be configured for the directory(ies) that contain the Virtual Machines, or by excluding *.vmdk and *.vmem files.

Volume Shadow Copies

Backup process takes longer to finish when real-time scan is enabled. There are also instances when real-time scan detects an infected file in the volume shadow copy but cannot enforce the scan action because volume shadow copies have read-only access.

You can refer to the Knowledgebase article: Excluding Volume Shadow copies from OfficeScan client real-time scans.

It is also advisable to apply the latest Microsoft patches for the Volume Shadow Copies service. Refer to this Microsoft article: A Volume Shadow Copy Service (VSS) update package is available for Windows Server 2003.

Zscaler

Refer to the Article provided by Zscaler about Zscaler Client Connector Processes to Allowlist.

For Mac OS users:

Add the following entries to the exclusion list on top of the items provided by Zscaler in their article:

/Library/Application Support/Zscaler/UPM/db/upm_device_stats.db
/Library/Application Support/Zscaler/UPM/db/upm_device_stats.db-journal

Other Trend Micro Products

Make sure the checkbox for Do not scan the directories where Trend Micro products are installed is enabled in WFBS’s Exclusion List settings (Security Settings > Antivirus/Anti-spyware > Exclusions).

Add the .bkf extension to the list of real-time scan exclusions.

To know more about Microsoft's exclusion list, refer to this TechNet article: Microsoft Anti-Virus Exclusion List.

Miscellaneous

C:\Program Files (x86)\Zscaler\ZSATunnel\ZSATunnel.exe
C:\Program Files (x86)\Tanium\Tanium Client\TaniumCX.exe
C:\Program Files\Qualys\Qualysagent\QualysAgent.exe

For security reasons, it is not recommended to exclude temp folders.

Keywords: exclusion list,recomended files to exclude,excluding files,Real time scan exclusion,Realtime scan,exclusions in scanning,scan exclusions for WFBS,scanning encrypted files,scan-exclusion list,scanning in windows environment,sql slow,sql slowness,slow SQL,S

Comments (0)

Recommended scan exclusion list for Trend Micro Endpoint products

Product / Version includes:

Apex OneAll , Deep SecurityAll , Worry-Free Business Security StandardAll , Worry-Free Business Security ServicesAll , Remote ManagerAll , Worry-Free Business Security AdvancedAll

Last updated: 2024/05/02

Solution ID: KA-0002520

Category: Configure

Summary

Database and encrypted type files should generally be excluded from scanning to avoid performance and functionality issues.

This article only serves as general guidelines. For the latest and updated exclusion list, always refer to the respective software vendor.