Views:

Scan Exclusion List for Security Agents

This exclusion list contains all of the Trend Micro products that are, by default, excluded from scanning.

Table 1. Security Agent Exclusion List

Product Name

Installation Path Location

InterScan eManager 3.5x

HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\InterScan eManager\CurrentVersion

ProgramDirectory=

ScanMail eManager (ScanMail for Microsoft Exchange eManager) 3.11, 5.1, 5.11, 5.12

HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ScanMail for Microsoft Exchange eManager\CurrentVersion

ProgramDirectory=

ScanMail for Lotus Notes (SMLN) eManager NT

HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ScanMail for Lotus Notes\CurrentVersion

AppDir=

DataDir=

IniDir=

InterScan Web Security Suite (IWSS)

HKEY_LOCAL_MACHINE\Software\TrendMicro\Interscan Web Security Suite

Program Directory= C:\Program Files\Trend Micro\IWSS

InterScan WebProtect

HKEY_LOCAL_MACHINE SOFTWARE\TrendMicro\InterScan WebProtect\CurrentVersion

ProgramDirectory=

InterScan FTP VirusWall

HKEY_LOCAL_MACHINE SOFTWARE\TrendMicro\ InterScan FTP VirusWall\CurrentVersion

ProgramDirectory=

InterScan Web VirusWall

HKEY_LOCAL_MACHINE SOFTWARE\TrendMicro\ InterScan Web VirusWall\CurrentVersion

ProgramDirectory=

InterScan E-Mail VirusWall

HKEY_LOCAL_MACHINE SOFTWARE\TrendMicro\ InterScan E-Mail VirusWall\CurrentVersion

ProgramDirectory={Installation Drive}:\INTERS~1

InterScan NSAPI Plug-In

HKEY_LOCAL_MACHINE SOFTWARE\TrendMicro\ InterScan NSAPI Plug-In\CurrentVersion

ProgramDirectory=

InterScan E-Mail VirusWall

HKEY_LOCAL_MACHINE SOFTWARE\TrendMicro\ InterScan E-Mail VirusWall \CurrentVersion

ProgramDirectory=

IM Security (IMS)

HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\IM Security\CurrentVersion

HomeDir=

VSQuarantineDir=

VSBackupDir=

FBArchiveDir=

FTCFArchiveDir=

ScanMail for Microsoft Exchange (SMEX)

HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ScanMail for Microsoft Exchange\CurrentVersion

TempDir=

DebugDir=

HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ScanMail for Microsoft Exchange\RealTimeScan\ScanOption

BackupDir=

MoveToQuarantineDir=

HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ScanMail for Microsoft Exchange\RealTimeScan\ScanOption\Advance

QuarantineFolder=

HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ScanMail for Microsoft Exchange\RealTimeScan\IMCScan\ScanOption

BackupDir=

MoveToQuarantineDir=

HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ScanMail for Microsoft Exchange\RealTimeScan\IMCScan\ScanOption\Advance

QuarantineFolder=

ScanMail for Microsoft Exchange (SMEX)

HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ScanMail for Microsoft Exchange\ManualScan\ScanOption

BackupDir=

MoveToQuarantineDir=

HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ScanMail for Microsoft Exchange\QuarantineManager

QMDir=

Get exclusion.txt file path from HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ScanMail for Microsoft Exchange\CurrentVersion\HomeDir

Go to HomeDir path (for example, C:\Program Files\Trend Micro\Messaging Security Agent\)

Open exclusion.txt

C:\Program Files\Trend Micro\Messaging Security Agent\Temp\

C:\Program Files\Trend Micro\Messaging Security Agent\storage\quarantine\

C:\Program Files\Trend Micro\Messaging Security Agent\storage\backup\

C:\Program Files\Trend Micro\Messaging Security Agent\storage\archive\

C:\Program Files\Trend Micro\Messaging Security Agent\SharedResPool

Scan Exclusion Lists for Messaging Security Agent (Advanced Only)

By default, when the Messaging Security Agent is installed on a Microsoft Exchange server (2000 or later) it will not scan Microsoft Exchange databases, Microsoft Exchange log files, Virtual server folders, or the M:\ drive. The exclusion list is saved in:

HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\PC-cillinNTCorp\CurrentVersion\Misc.

ExcludeExchangeStoreFiles=C:\Program Files\Exchsrvr\mdbdata\

priv1.stm|C:\Program Files\Exchsrvr\mdbdata\

priv1.edb|C:\Program Files\Exchsrvr\mdbdata\

pub1.stm|C:\Program Files\Exchsrvr\mdbdata\pub1.edb

ExcludeExchangeStoreFolders=C:\Program Files\Exchsrvr\mdbdata\

|C:\Program Files\Exchsrvr\Mailroot\vsi 1\Queue\

|C:\Program Files\Exchsrvr\Mailroot\vsi 1\PickUp\

|C:\Program Files\Exchsrvr\Mailroot\vsi 1\BadMail\

For other Microsoft Exchange recommended folders, please add them to scan exclusion list manually. See http://support.microsoft.com/kb/245822/.

SBS 2003 Exclusions

For SBS 2003, manually add the following:

Microsoft Exchange exclusions

Microsoft Exchange Server Database

C:\Program Files\Exchsrvr\MDBDATA

Microsoft Exchange MTA files

C:\Program Files\Exchsrvr\Mtadata

Microsoft Exchange Message tracking log files

C:\Program Files\Exchsrvr\server_name.log

Microsoft Exchange SMTP Mailroot

C:\Program Files\Exchsrvr\Mailroot

Microsoft Exchange working files

C:\Program Files\Exchsrvr\MDBDATA

Site Replication Service

C:\Program Files\Exchsrvr\srsdata

C:\Program Files\Exchsrvr\conndata

 

IIS Exclusions

IIS System Files

C:\WINDOWS\system32\inetsrv

IIS Compression Folder

C:\WINDOWS\IIS Temporary Compressed Files

 

Domain Controller Exclusions

Active Directory database files

C:\WINDOWS\NTDS

SYSVOL

C:\WINDOWS\SYSVOL

NTFRS Database Files

C:\WINDOWS\ntfrs

 

Windows SharePoint Services Exclusions

Temporary SharePoint folder

C:\windows\temp\FrontPageTempDir

 

Client Desktop Folder Exclusions

Windows Update Store

C:\WINDOWS\SoftwareDistribution\DataStore

 

Additional Exclusions

Removable Storage Database (used by SBS Backup)

C:\Windows\system32\NtmsData

SBS POP3 connector Failed Mail

C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Failed Mail

SBS POP3 connector Incoming Mail

C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Incoming Mail

Windows Update Store

C:\WINDOWS\SoftwareDistribution\DataStore

DHCP Database Store

C:\WINDOWS\system32\dhcp

WINS Database Store

C:\WINDOWS\system32\wins