Required exclusions for Antivirus on Windows

Jerome.Jargot · 1 April 2019 09:43

Component: Windows | Component: Antivirus

Microsoft Official Wiki

Microsoft maintains a wiki page to list all exclusions per server type: Microsoft Anti-Virus Exclusion List

There is below the exclusions to start with:

Windows Server – KB822158 – Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows
Windows Update – http://support.microsoft.com/kb/900638

Add to these exclusions the ones from the sections below.

Antivirus

The antivirus software companies may provide a list of exclusion and a recommended configuration for java-based servers, and database servers.
Retrieve this information from the official web site of the antivirus.

Virtualization

The official web site of the VM solution in use may provide a list of exclusions and a recommended configuration for the antivirus.
Retrieve this information from the official web site of the VM solution in use.

Database Server

Exclude the working directories, and directories where binaries and data files are located, from the antivirus scanning.
Retrieve this information from the official web site of the database server.
For example, there is an official page for SQL Server: How to choose antivirus software to run on computers that are running SQL Server

Java Application Server

When you deploy an antivirus program on a server, make sure that the folder exclusions, process exclusions and file name extension exclusions that are listed below are configured for both memory-resident and file-level scanning:

Folder exclusions
the directory were the application server is installed and all its sub directories
the temp directory of the application server
the directory pointed out by the java.io.tmpdir system variable use with the javacommand
Process exclusions
the java.exe used to start the application server
file name extension exclusions
.zip
.jar
.bar
.ear
.war
.bos
.cla
.jav
.data
.properties
.xml
.log
.dll
.tlog
.cfg
.css
.csslintrc
.deb
.eot
.gif
.groovy
.htc
.html
.ico
.jpg
.js
.json
.lic
.png
.sample
.svg
.tmp
.ttf
.txt
.woff
.woff2
.X1024-lock
.xpi
.xsd

Maintain the antivirus configuration

If the server is being kept up-to-date, or after a migration of Bonita, the product may require a different java version, a new application server may be deployed, then you may have to update the antivirus’s settings because CATALINA_HOME (with Tomcat) and the JVM paths will
likely change.

Studio

Make sure that the folder exclusions, process exclusions and file name extension exclusions that are listed below are configured for both memory-resident and file-level scanning:

Folder exclusions
the directory were the Studio is installed and all its sub directories
the directory pointed out by the java.io.tmpdir system variable
Process exclusions
the java.exe used to start the Studio
file name extension exclusions
.zip
.jar
.bar
.ear
.war
.bos
.cla
.jav
.data
.properties
.xml
.log
.dll
.tlog
.cfg
.css
.csslintrc
.deb
.eot
.gif
.groovy
.htc
.html
.ico
.jpg
.js
.json
.lic
.png
.sample
.svg
.tmp
.ttf
.txt
.woff
.woff2
.X1024-lock
.xpi
.xsd

Topic		Replies	Views
SQLJDBC_XA En Base de Datos Azure como servicio Q&A	3	1	21 March 2017
No more service.bat ! How install bonita server as an windows service ? Q&A	2	0	29 August 2016
MySQL database connection one error coming Q&A	0	0	30 January 2017
Purge tool use in production environment Q&A	1	7	17 September 2021
Recomendation for the Intallation of the BonitaSoft on Windows Server Q&A	1	0	25 May 2016