Wednesday, September 9, 2009

Antivirus Process Exclusions for Exchange 2007 on SBS 2008 Standard Edition

I blogged about a mammoth list of file, folder, process and extension exceptions that are needful for Microsoft's Small Business Server 2008 Standard Edition over here. However, the process exclusions list for Exchange 2007 requires a more thorough treatment.

I use Kaspersky Antivirus for Windows Servers Enterprise Edition on the SBS 2008 machine and it requires me to feed it the actual executable file in order to exempt it from the real-time scanner. This posed something of a problem as I was then required to track down the path to each individual executable file. Here's the list of executables the need to be exempted and where you can find them. The list is broken into two categories: Those that I could find and those that I could not.

Executables that I could find:
•    edgetransport.exe  ( C:\Program Files\Microsoft\Exchange Server\Bin\ )
•    mad.exe ( C:\Program Files\Microsoft\Exchange Server\Bin\ )
•    Microsoft.Exchange.Antispamupdatesvc.exe ( C:\Program Files\Microsoft\Exchange Server\Bin\ )
•    Microsoft.Exchange.Cluster.Replayservice.exe ( C:\Program Files\Microsoft\Exchange Server\Bin\ )
•    Microsoft.Exchange.Edgesyncsvc.exe ( C:\Program Files\Microsoft\Exchange Server\Bin\ )
•    Microsoft.Exchange.imap4.exe (as per this article it can be found in C:\Program files\Microsoft\exchange server\clientaccess\popimap\ )
•    Microsoft.Exchange.imap4service.exe (see above)
•    Microsoft.exchange.pop3.exe ( C:\Program Files\Microsoft\Exchange Server\ClientAccess\PopImap\ )
•    Microsoft.exchange.pop3service.exe  (see above)
•    Microsoft.Exchange.Search.Exsearch.exe ( C:\Program Files\Microsoft\Exchange Server\Bin\ )
•    Microsoft.Exchange.Servicehost.exe ( C:\Program Files\Microsoft\Exchange Server\Bin\ )
•    Msexchangeadtopologyservice.exe ( C:\Program Files\Microsoft\Exchange Server\Bin\ )
•    Msexchangefds.exe ( C:\Program Files\Microsoft\Exchange Server\Bin\ )
•    Msexchangemailboxassistants.exe ( C:\Program Files\Microsoft\Exchange Server\Bin\ )
•    Msexchangemailsubmission.exe ( C:\Program Files\Microsoft\Exchange Server\Bin\ )
•    Msexchangetransport.exe ( C:\Program Files\Microsoft\Exchange Server\Bin\ )   
•    Msexchangetransportlogsearch.exe ( C:\Program Files\Microsoft\Exchange Server\Bin\ )
•    Msftefd.exe ( C:\Program Files\Microsoft\Exchange Server\Bin\ )
•    msftesql.exe ( C:\Program Files\Microsoft\Exchange Server\Bin\ )
•    oleconverter.exe ( C:\Program Files\Microsoft\Exchange Server\Bin\ )
•    PowerShell.exe ( C:\WINDOWS\System32\WindowsPowerShell\v1.0 )
•    transcodingservice.exe ( C:\Program Files\Microsoft\Exchange Server\ClientAccess\owa\bin\DocumentViewing\TranscodingService.exe )
•    store.exe ( C:\Program Files\Microsoft\Exchange Server\Bin\ )
•    w3wp.exe ( C:\Windows\System32\inetsrv\ )

Executables that I could not find:
•    cdb.exe (Symbolic debugger for Windows. This doesn't seem to be a big deal that I couldn't find it. In fact, it might be something that's not included with Windows but something that you have to download and add on.)
•    cidaemon.exe (cidaemon.exe is an indexing service which catalogues files on your computer to enable for faster file searches. According to what-is-exe.com it should be at c:\windows\system32\cidaemon.exe but it is not there on my installation of SBS)
•    cluster.exe (Seems to be only applicable if Exchange is in a cluster which, in my case, it is not so I didn't worry about it)
•     dsamain.exe (dsamain.exe is a AD/AM Active Directory Application Mode from Microsoft Corporation belonging to ADAM Active Directory Application Mode. This worries me a little bit that I can't it.)
•     edgecredentialsvc.exe (It keeps the track of any credential changes on ADAM. It will update the credential changes on Edge Transport. It's supposedly in C:\Program Files\Microsoft\Exchange Server\Bin\EdgeCredentialSvc.exe but it's not in my installation of SBS 2008 for some reason )
•    galgrammargenerator.exe (As per this KB article, it appears that it should be in the :\Program Files\Microsoft\Exchange Server\Bin folder but it's not for my installation)
•    microsoft.exchange.contentfilter.wrapper.exe (I have no idea what this is or where this is supposed to be)
•    microsoft.exchange.infoworker.assistants.exe (as per this thread it should be found at C:\Program Files\Microsoft\Exchange Server\Bin\ but I didn't see it on my installation. Closest thing I have is Microsoft.Exchange.InfoWorker.AssistantsClientResources.dll )
•    Microsoft.Exchange.Monitoring.Exe (C:\Program Files\Microsoft\Exchange Server\Bin)
•    sesworker.exe (As per this article it is involved in the speech server portion of exchange. I'm not sure if SBS can do that or not so I'm not sure if it would even exist on my installatoin. sesworker.exe.config files are in C:\Program Files\Microsoft\Exchange Server\UnifiedMessaging but no sign of the executable )
•    speechservice.exe (According to this KB article the speechservice.exe file is located in %Programfiles%\Microsoft\Exchange Server\UnifiedMessaging . It's not in that folder on my installation. )
•    umservice.exe (According to this thread it should be located at E:\Program Files\Exchange server\bin\umservice.exe but I couldn't find it there even though the UMService.exe.config was there. )
•    umworkerprocess.exe (According to this page The default location is at C:\Program Files\Microsoft\Exchange Server\bin but I can only find the UMWorkerProcess.exe.config file and not the actual exe )

Executables that are really, really weird: (Okay, I lied. There are three categories)
•    inetinfo.exe (inetinfo.exe is used primarily for debugging Microsoft Windows Server Internet Information Services is the IIS web server service. I was confused as to it's debugging properties as a result of some threads on the web. Thanks to commenter "Joe Webster" for pointing that out. As per this thread it appears that it should be in the following location: C:\WINDOWS\system32\inetsrv\inetinfo.exe In fact I did find the executable there [as per this page, it could also be in the following locations: C:\Windows\inetinfo.exe, C:\Windows\system32\inetinfo.exe, C:\Program files\%subfolder%\inetinfo.exe, C:\inetinfo.exe]. However, for some strange reason I cannot see the .exe file when I browse to it in the kaspersky MMC console's dialog box to add it to the process exclusion list. It can be seen in Windows Explorer, but not from within Kaspersky's application to browse to the file. It does not help to run the Kaspersky MMC snap-in as an administrator. )

2 comments:

  1. Just a note: inetinfo.exe is not a debugger, inetinfo.exe IS the web service. Also, if you look at the file info you'll see it's description is: Internet Information Services.

    ReplyDelete
  2. Thanks for the tip Joe! As you can tell, I'm an IIS neophyte. Actually, I'm worse than a neophyte... I'm a Nonaphyte. =)

    ReplyDelete