Shulou(Shulou.com)06/02 Report--

Windows Defender antivirus on Windows Server 2016 computers automatically registers you in certain exclusions, defined by the server role you specify.

These exclusions do not display the list of standard exclusions shown in the Windows Security Center application.

Custom exclusions take precedence over automatic exclusions. (* Tip: custom and repeated exclusions do not conflict with automatic exclusions. *)

Windows Defender antivirus uses deployment Image Services and Management (DISM) tools to determine which roles are installed on your computer.

Select exit from automatic exclusion

In Windows Server 2016, predefined exclusions that define update generation exclude only the default path for a role or feature. If you install a role or feature in a custom path, or if you want to manually control the exclusion set, you need to choose to exit to define the automatic exclusion generated by the update. (note: this setting is only supported on Windows Server 2016. Although this setting exists in Windows 10, it does not have the effect of excluding items.)

* warning: choosing among automatic exclusions may adversely affect performance or may lead to data corruption. Automatically generated exclusions work best for Windows Server 2016 roles. *

You can disable automatic exclusion lists for Group Policy, PowerShell cmdlet, and WMI.

Use Group Policy to disable the automatic exclusion list on Windows Server 2016:

1. On the Group Policy Management computer, open the Group Policy Management console, right-click the Group Policy object you want to configure and click the Group Policy object you want to edit.

two。 In the Group Policy Management Editor, go to computer configuration and click Administrative templates.

3. Expand the tree to Windows component > Windows Defender antivirus > exclusion.

4. Double-click to turn off automatic exclusion and set the option to enabled. Click OK.

Use PowerShell cmdlet to disable the automatic exclusion list on Windows Server 2016:

> Set-MpPreference-DisableAutoExclusions $true

Automatic exclusion list

The following sections contain exclusions generated using automatic exclusions file paths and file types.

Default exclusion for all roles

This section lists the default exclusions that apply to all Windows Server 2016 roles.

Windows "temp.edb" file:

% windir%\ SoftwareDistribution\ Datastore\ *\ tmp.edb

% ProgramData%\ Microsoft\ Search\ Data\ Applications\ Windows\ * .log

Windows updates files or automatically updates files:

% windir%\ SoftwareDistribution\ Datastore\ *\ Datastore.edb

% windir%\ SoftwareDistribution\ Datastore\ *\ edb.chk

% windir%\ SoftwareDistribution\ Datastore\ *\ edb*.log

% windir%\ SoftwareDistribution\ Datastore\ *\ Edb*.jrs

% windir%\ SoftwareDistribution\ Datastore\ *\ Res*.log

Windows security files:

% windir%\ Security\ database\ * .chk

% windir%\ Security\ database\ * .edb

% windir%\ Security\ database\ * .jrs

% windir%\ Security\ database\ * .log

% windir%\ Security\ database\ * .sdb

Group Policy File:

% allusersprofile%\ NTUser.pol

% SystemRoot%\ System32\ GroupPolicy\ Machine\ registry.pol

% SystemRoot%\ System32\ GroupPolicy\ User\ registry.pol

WINS file:

% systemroot%\ System32\ Wins\ *. Chk

% systemroot%\ System32\ Wins\ *. Log

% systemroot%\ System32\ Wins\ *. Mdb

% systemroot%\ System32\ LogFiles\

% systemroot%\ SysWow64\ LogFiles\

File replication Service (FRS) exclusion:

Files in the working folder of the File replication Service (FRS). The FRS working folder is specified in the following registry key

HKEY_LOCAL_MACHINE\ System\ CurrentControlSet\ Services\ NtFrs\ Parameters\ Working Directory

% windir%\ Ntfrs\ jet\ sys\ *\ edb.chk

% windir%\ Ntfrs\ jet\ *\ Ntfrs.jdb

% windir%\ Ntfrs\ jet\ log\ *\ * .log

FRS database log file. The FRS database log file folder specifies HKEY_LOCAL_MACHINE\ System\ Currentcontrolset\ Services\ Ntfrs\ Parameters\ DB Log File Directory in the following registry key

-% windir%\ Ntfrs\ *\ Edb*.log

FRS staging folder. The staging folder is specified in the following registry key: HKEY_LOCAL_MACHINE\ System\ Currentcontrolset\ Services\ NtFrs\ Parameters\ Replica Sets\ GUID\ Replica Set Stage

% systemroot%\ Sysvol\ *\ Nntfrs_cmp*\

FRS preinstallation folder. This folder is specified by the following folder Replica_root\ DO_NOT_REMOVE_NtFrs_PreInstall_Directory

% systemroot%\ SYSVOL\ domain\ DO_NOT_REMOVE_NtFrs_PreInstall_Directory\ *\ Ntfrs*\

Distributed file system replication (DFSR) databases and working folders. These folders are specified by the following registry key HKEY_LOCAL_MACHINE\ System\ Currentcontrolset\ Services\ DFSR\ Parameters\ Replication Groups\ GUID\ Replica Set Configuration File

% systemdrive%\ System Volume Information\ DFSR\ $db_normal$

% systemdrive%\ System Volume Information\ DFSR\ FileIDTable_*

% systemdrive%\ System Volume Information\ DFSR\ SimilarityTable_*

% systemdrive%\ System Volume Information\ DFSR\ * .XML

% systemdrive%\ System Volume Information\ DFSR\ $db_dirty$

% systemdrive%\ System Volume Information\ DFSR\ $db_clean$

% systemdrive%\ System Volume Information\ DFSR\ $db_lostl$

% systemdrive%\ System Volume Information\ DFSR\ Dfsr.db

% systemdrive%\ System Volume Information\ DFSR\ * .frx

% systemdrive%\ System Volume Information\ DFSR\ * .log

% systemdrive%\ System Volume Information\ DFSR\ Fsr*.jrs

% systemdrive%\ System Volume Information\ DFSR\ Tmp.edb

Process exclusion

% systemroot%\ System32\ dfsr.exe

% systemroot%\ System32\ dfsrs.exe

Hyper-V exclusion:

This section lists the file type exclusions, folder exclusions, and process exclusions that are automatically generated when the Hyper-V role is installed

File type exclusion:

* .vhd

* .vhdx

* .avhd

* .avhdx

* .vsv

* .iso

* .rct

* .vmcx

* .vmrs

Folder exclusion:

% ProgramData%\ Microsoft\ Windows\ Hyper-V

% ProgramFiles%\ Hyper-V

% SystemDrive%\ ProgramData\ Microsoft\ Windows\ Hyper-V\ Snapshots

% Public%\ Documents\ Hyper-V\ Virtual Hard Disks

Process exclusions:

% systemroot%\ System32\ Vmms.exe

% systemroot%\ System32\ Vmwp.exe

SYSVOL file:

% systemroot%\ Sysvol\ Domain\ * .adm

% systemroot%\ Sysvol\ Domain\ * .admx

% systemroot%\ Sysvol\ Domain\ * .adml

% systemroot%\ Sysvol\ Domain\ Registry.pol

% systemroot%\ Sysvol\ Domain\ * .aas

% systemroot%\ Sysvol\ Domain\ * .inf

% systemroot%\ Sysvol\ Domain\ * .Scripts.ini

% systemroot%\ Sysvol\ Domain\ * .ins

% systemroot%\ Sysvol\ Domain\ Oscfilter.ini

Active Directory exclusion

This section lists the exclusions that are automatically generated when Active Directory domain services are installed.

NTDS database file. The database file specifies HKEY_LOCAL_MACHINE\ System\ CurrentControlSet\ Services\ NTDS\ Parameters\ DSA Database File in the following registry key

% windir%\ Ntds\ ntds.dit

% windir%\ Ntds\ ntds.pat

AD DS transaction log file. The transaction log file specifies HKEY_LOCAL_MACHINE\ System\ CurrentControlSet\ Services\ NTDS\ Parameters\ Database Log Files in the following registry key

% windir%\ Ntds\ EDB*.log

% windir%\ Ntds\ Res*.log

% windir%\ Ntds\ Edb*.jrs

% windir%\ Ntds\ Ntds*.pat

% windir%\ Ntds\ EDB*.log

% windir%\ Ntds\ TEMP.edb

NTDS working folder. This folder specifies HKEY_LOCAL_MACHINE\ System\ CurrentControlSet\ Services\ NTDS\ Parameters\ DSA Working Directory in the following registry key

% windir%\ Ntds\ Temp.edb

% windir%\ Ntds\ Edb.chk

Process exclusions for AD DS and AD DS related support files:

% systemroot%\ System32\ ntfrs.exe

% systemroot%\ System32\ lsass.exe

DHCP server exclusion

This section lists the exclusions automatically generated when you install the DHCP server role. The DHCP server file location is specified by the DatabasePath, DhcpLogFilePath, and BackupDatabasePath parameters in the following registry key: HKEY_LOCAL_MACHINE\ System\ CurrentControlSet\ Services\ DHCPServer\ Parameters

% systemroot%\ System32\ DHCP\ *. Mdb

% systemroot%\ System32\ DHCP\ *. Pat

% systemroot%\ System32\ DHCP\ *. Log

% systemroot%\ System32\ DHCP\ *. Chk

% systemroot%\ System32\ DHCP\ *. Edb

DNS server exclusion

This section lists file and folder exclusions and process exclusions that are automatically generated when you install the DNS server role.

File and folder exclusions for the DNS server role:

% systemroot%\ System32\ Dns\ *. Log

% systemroot%\ System32\ Dns\ *. Dns

% systemroot%\ System32\ Dns\ *. Scc

% systemroot%\ System32\ Dns\ *\ BOOT

Process exclusions for the DNS server role:

% systemroot%\ System32\ dns.exe

File and storage services

This section lists the file and folder exclusions that are automatically generated when you install the file and storage service roles. The exclusions listed below do not include exclusions for the cluster role.

% SystemDrive%\ ClusterStorage

% clusterserviceaccount%\ Local Settings\ Temp

% SystemDrive%\ mscs

Print server exclusion

This section lists file type exclusions, folder exclusions, and process exclusions that are automatically generated when you install the print server role.

File type exclusion:

* .shd

* .spl

Folder exclusions. This folder specifies HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Control\ Print\ Printers\ DefaultSpoolDirectory in the following registry key

% system32%\ spool\ printers\ *

Process exclusions:

Spoolsv.exe

Web server exclusion

This section lists the folder and process exclusions that are automatically generated when the Web server role is installed.

Folder exclusion:

% SystemRoot%\ IIS Temporary Compressed Files

% SystemDrive%\ inetpub\ temp\ IIS Temporary Compressed Files

% SystemDrive%\ inetpub\ temp\ ASP Compiled Templates

% systemDrive%\ inetpub\ logs

% systemDrive%\ inetpub\ wwwroot

Process exclusions:

% SystemRoot%\ system32\ inetsrv\ w3wp.exe

% SystemRoot%\ SysWOW64\ inetsrv\ w3wp.exe

% SystemDrive%\ PHP5433\ php-cgi.exe

Windows Server

Update service exclusions

This section lists folder exclusions that are automatically generated when the Windows Server Update Services (WSUS) role is installed. The WSUS folder specifies HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Update Services\ Server\ Setup in the following registry key

% systemroot%\ WSUS\ WSUSContent

% systemroot%\ WSUS\ UpdateServicesDBFiles

% systemroot%\ SoftwareDistribution\ Datastore

% systemroot%\ SoftwareDistribution\ Download

Welcome to the official account of Wechat: Xiao Wen study Society.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.