Recommended antivirus exlusions on Notification Servers

book

Article ID: 181361

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server)

Issue/Introduction

 

Resolution

Question
What Notification Server folders and files should be considered for exclusion with antivirus software?

Answer

The folders and files on Notification Servers that would qualify for consideration to be excluded from antivirus scans are the following:

  1. In the NScap folder:
    • …\Program Files\Altiris\Notification Server\NSCap\EvtInbox
    • …\Program Files\Altiris\Notification Server\NSCap\EvtQFast
    • …\Program Files\Altiris\Notification Server\NSCap\EvtQLarge
    • …\Program Files\Altiris\Notification Server\NSCap\EvtQSlow
    • …\Program Files\Altiris\Notification Server\NSCap\EvtQueue
    • …\Program Files\Altiris\Notification Server\NSCap\Temp

      Note: The files in the EvtInbox folder are zero-footprint inventory files from client machines
      Note: The files in the EvtQ* folders are generally inventory and notification data from client machines
      Note: The files in the Temp folder are temporary files that the system is using
  2. The Windows %temp% folder, typically found at C:\Windows\Temp, but its location can change for some of the Windows operating systems. In this folder, exclude .tmp files.

    Note: These .tmp files can be .nse files that IIS may temporarily store at this location before placing them in the NScap queues.
  3. If SQL is on the same computer as the Notification Server, there is wisdom in excluding the database files (files with extensions of .ldf, .mdf, and .bak).