What exclusions are necessary for Symantec Management Platform (SMP) and Agents to function correctly with an anti-virus (AV) solution installed?
On the SMP / Notification Server:
The following folders in C:\ProgramData\Symantec\SMP\EventQueue should be excluded from AV:
Exclude files in the Software Library
Exclude Patch Packages (Tools and Downloads): C:\Program Files\Altiris\Patch Management\Packages
Exclude C:\Program Files\Common Files\Altiris. We use the 7z.dll in this folder to recreate AeXNSCHTTPS.exe. See KB: Unable to save SMP Communication Profile
On the SQL Server:
Consider excluding the database files (files with extensions of .ldf, .mdf, and .bak).
Exclude the following on all Altiris Agents:
MacOS and Linux machines:
MAC / Linux machines follows the same logic as far as file types to exclude. For example, you may want to exclude the agent logs:
or just the full agent directory:
Temporary files created for events should be considered as well:
Disclaimer: Symantec Management Platform and ITMS testing is being performed without third party software installed.
The recommendations in the KB are provided as is based on our experience and updated if further issues surface.
The files in the EvtInbox folder are zero-footprint inventory files from client machines
The files in the EvtQ* folders are generally inventory and notification data from client machines
The files in the Temp folder are temporary files that the system is using
As well, in certain situations you should consider for excluding the Windows %temp% folder, typically found at C:\Windows\Temp, but its location can change for some of the Windows operating systems. In this folder, exclude .tmp files. These .tmp files can be .nse files that IIS may temporarily store (either created, compressed or uncompressed) at this location before placing them in the NScap queues.
A consideration to exclude the <install drive>:\Program Files\Altiris\Symantec Installation Manager\Installs\Altiris folder for .msi files can be made if the AV client will modify or block the .msi files used for installations.