Required exclusions for Antivirus on Windows

Jerome.Jargot's picture
Jerome.Jargot
Monday, April 1, 2019 - 11:43
Blog Categories: 
Tip of the Week

Component: Windows | Component: Antivirus

Microsoft Official Wiki

Microsoft maintains a wiki page to list all exclusions per server type: Microsoft Anti-Virus Exclusion List

There is below the exclusions to start with:

Add to these exclusions the ones from the sections below.

Antivirus

The antivirus software companies may provide a list of exclusion and a recommended configuration for java-based servers, and database servers.
Retrieve this information from the official web site of the antivirus.

Virtualization

The official web site of the VM solution in use may provide a list of exclusions and a recommended configuration for the antivirus.
Retrieve this information from the official web site of the VM solution in use.

Database Server

Exclude the working directories, and directories where binaries and data files are located, from the antivirus scanning.
Retrieve this information from the official web site of the database server.
For example, there is an official page for SQL Server: How to choose antivirus software to run on computers that are running SQL Server

Java Application Server

When you deploy an antivirus program on a server, make sure that the folder exclusions, process exclusions and file name extension exclusions that are listed below are configured for both memory-resident and file-level scanning:

  • Folder exclusions
    • the directory were the application server is installed and all its sub directories
    • the temp directory of the application server
    • the directory pointed out by the java.io.tmpdir system variable use with the javacommand
  • Process exclusions
    • the java.exe used to start the application server
  • file name extension exclusions
    • .zip
    • .jar
    • .bar
    • .ear
    • .war
    • .bos
    • .cla
    • .jav
    • .data
    • .properties
    • .xml
    • .log
    • .dll
    • .tlog
    • .cfg
    • .css
    • .csslintrc
    • .deb
    • .eot
    • .gif
    • .groovy
    • .htc
    • .html
    • .ico
    • .jpg
    • .js
    • .json
    • .lic
    • .png
    • .sample
    • .svg
    • .tmp
    • .ttf
    • .txt
    • .woff
    • .woff2
    • .X1024-lock
    • .xpi
    • .xsd

Maintain the antivirus configuration

If the server is being kept up-to-date, or after a migration of Bonita, the product may require a different java version, a new application server may be deployed, then you may have to update the antivirus's settings because CATALINA_HOME (with Tomcat) and the JVM paths will
likely change.

Studio

Make sure that the folder exclusions, process exclusions and file name extension exclusions that are listed below are configured for both memory-resident and file-level scanning:

  • Folder exclusions
    • the directory were the Studio is installed and all its sub directories
    • the directory pointed out by the java.io.tmpdir system variable
  • Process exclusions
    • the java.exe used to start the Studio
  • file name extension exclusions
    • .zip
    • .jar
    • .bar
    • .ear
    • .war
    • .bos
    • .cla
    • .jav
    • .data
    • .properties
    • .xml
    • .log
    • .dll
    • .tlog
    • .cfg
    • .css
    • .csslintrc
    • .deb
    • .eot
    • .gif
    • .groovy
    • .htc
    • .html
    • .ico
    • .jpg
    • .js
    • .json
    • .lic
    • .png
    • .sample
    • .svg
    • .tmp
    • .ttf
    • .txt
    • .woff
    • .woff2
    • .X1024-lock
    • .xpi
    • .xsd
Notifications