What file types do Symantec recommend for exclusion from real time scanning in a deployment of Symantec Protection Engine (SPE) ?

As with any other real time Antivirus scanner, certain file types are not indicated for either real time scanning, or frequent interactions by other processes.
This information largely depends on the environment being used.  BROADCOM recommends excluding the filetypes in the list below from real time scanning within a NAS..

In addition to the list below, other files may change on a frequent basis in the NAS environment. Identify and consider them for exclusion from real time scanning as well.

The following files change very frequently and are accessed by multiple users, so the scanners performance could be affected by scanning them in real time.

• Database files, such as MDB, LDB and NSF
  • Database backup files, such as .sql.gz
• User mailboxes
• User profiles
• Group profiles
• Logs

The following file types are often utilized by programs or scripts that will not tolerate the delays involved in scanning or the files may no longer exist when the scan request is fulfilled (particularly in local scanning scenarios such as with NetApp scanners or ICAP scanners using FILEMOD):

• Temporary files
• Lock files
  - Examples: .laccdb, .ldb, .ldf

NOTE: When scanning Windows User Profiles, the number of Scan Requests generated can be very high. In this scenario it's crucial to assess Hardware and Network Resources properly for the users not to experience slow or denied access to their profiles.

Examples of NAS features that permit not sending file scan requests by extension:

• NetApp Filer:
  Add to the list of file extensions to exclude: vserver vscan on-access-policy file-ext-to-exclude add
  
  
• EMC Isilon:
  Exclude files from antivirus scans

NOTE: BROADCOM is not responsible for content published by others.