Updated 30 June, 7 July 2020 and includes docs.microsoft.com article updates
NOTE: Process name exclusion wildcards could potentially prevent some dangerous programs from being detected.
Hopefully this table is helpful (my thanks to Matt Goedtel for the docs site updates, and Matt’s efforts to keep docs the ‘go-to’ site)
Previously the blog left the SCOM Admin and Security teams with questions where blogs did NOT match vendor site documentation. The blog merged the PFE UK team blog & Kevin Holman blog into an easier tabular view per component)
Original Blog introduction
As we are all aware, antivirus exclusions can affect monitoring data generated, and affect system performance.
Best practice is to implement specific exclusions.
| Exclusions\Role | MS | DB | GW | RS | Web | Agent |
| Folder | ||||||
| Management Server installation folder Default: “C:\Program Files\Microsoft System Center 2016\Operations Manager\Server\” | * | |||||
| Agent installation folder Default: “C:\Program Files\Microsoft Monitoring Agent” | * | * | ||||
| Gateway installation folder Default: “C:\Program Files\Microsoft System Center 2016\Operations Manager\Gateway\” | * | |||||
| Reporting installation folder Default: “C:\Program Files\Microsoft System Center 2016\Operations Manager\Reporting” | * | |||||
| WebConsole installation folder Default: “C:\Program Files\Microsoft System Center 2016\Operations Manager\WebConsole” | * | |||||
| SQL Data installation folder Default: “C:\Program Files\Microsoft SQL Server\MSSQL.1x<INSTANCENAME>\MSSQL\Data” | * | |||||
| SQL Log installation folder Default: “C:\Program Files\Microsoft SQL Server\MSSQL.1x<INSTANCENAME>\MSSQL\Log” | * | |||||
| SQL Reporting installation folder Default: “C:\Program Files\Microsoft SQL Server\MSRS.1x<INSTANCENAME> | * | |||||
| File Types | ||||||
| EDB | * | * | * | * | * | |
| CHK | * | * | * | * | * | |
| LOG | * | * | * | * | * | |
| LDF | * | * | ||||
| MDF | * | * | ||||
| NDF | * | * | ||||
| Processes | ||||||
| CShost.exe | * | |||||
| HealthService.exe | * | * | * | * | * | * |
| Microsoft.Mom.Sdk.ServiceHost.exe | * | |||||
| MonitoringHost.exe | * | * | * | * | * | * |
| SQL Server Default: “C:\Program Files\Microsoft SQL Server\MSSQL1x.<Instance Name>\MSSQL\Binn\SQLServr.exe” | * | |||||
| SQL Reporting Services Default: “C:\Program Files\Microsoft SQL Server\MSRS1x.<Instance Name>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe” | * | * |
Useful information for decoding the matrix
Docs site https://docs.microsoft.com/en-us/system-center/scom/plan-security-antivirus?view=sc-om-2019
SCOM 2012/2012R2 KB975931 https://support.microsoft.com/en-us/help/975931/recommendations-for-antivirus-exclusions-that-relate-to-operations-manager
PFE UK team blog https://blogs.technet.microsoft.com/manageabilityguys/2013/11/26/system-center-2012-r2-operations-manager-anti-virus-exclusions/
SQL
Version mapping by folder (my thanks to StackOverFlow https://stackoverflow.com/questions/18753886/sql-server-file-names-vs-versions )
100 = SQL Server 2008 = 10.00.xxxx
105 = SQL Server 2008 R2 = 10.50.xxxx
110 = SQL Server 2012 = 11.00.xxxx
120 = SQL Server 2014 = 12.00.xxxx
130 = SQL Server 2016 = 13.00.xxxx