PVS and the forgotten antivirus exclusions

My fellow Citrite Dimitrios Samorgiannidis has written an excellent post on what the correct anti-virus exclusions are for a PVS environment. Here’s the first paragraph of his blog on the Citrix blogs.

It should be noted that there are some different file names for various OS, and that some files doesn’t exist for some versions. I have tried to document everything as good as possible based upon some notes that I have taken over the years – however I still recommend that you review the recommendation below so they actually match your system. It should also be noted that some of the exclusions depends for example on the setup used, default paths, operating systems in combination with product version etc.

A few recommended Server Side file exclusions.

C:WindowsSystem32driversCVhdBusP6.sys => (PVS 6.1)

C:WindowsSystem32driversCVhdBus2.sys => (PVS 5.6)

C:WindowsSystem32driversCFsDep2.sys => (PVS 5.6 and PVS 6.1)

C:Program FilesCitrixProvisioning ServicesBNTFTP.EXE => (PVS 5.6 and PVS 6.1)

C:ProgramDataCitrixProvisioning ServicesTftpbootARDBP32.BIN => (PVS 5.6 and PVS 6.1)

D:Store => ( i.e. local vdisk store)

Read the entire list of exclusions here.


VirusScan Enterprise 8.8 Patch 2 Now Available

VirusScan Enterprise 8.8 Patch 2 is now available. This release includes new features, fixes, and enhancements including:

  • Lotus      Notes compatibility for 8.5.x
  • Additional      logging during Patch installation
  • Various      fixes for field-reported issues, ranging from BSODs to Updates using      excessive bandwidth, and CPU spikes.

To download Patch 2, go to the McAfee downloads site.  A valid license agreement number is required to download this patch.

You can view the Release Notes here.

Update McAfee Endpoint Encryption for PC

McAfee hasreleased version 5.2.11 for Endpoint Encryption for PC. It is a maintenance release and is now available from the McAfee Downloads site.

For additional information, see the Release Notes documents below:

  • Endpoint Encryption Manager – PD23460
  • Endpoint Encryption for PC – PD23457
  • McAfee VSE8.7 patch5 released

    Hi guys,

    McAfee has REVISED AND REPOSTED VirusScan Enterprise 8.7i Patch 5 on the McAfee download site. 

    This patch is rated MANDATORY because it addresses product security vulnerabilities.

    Follow the steps below to asure you correctly install the patch. Continue reading “McAfee VSE8.7 patch5 released”

    McAfee released ePO 4.6.1

    Hi guys,

    McAfee has released version 4.6.1 today.

    McAfee ePolicy Orchestrator 4.6.1 is now available on the McAfee Download site (http://www.mcafee.com/us/download).

    The Release Notes for this patch are available in PD23464:

    See KnowledgeBase article KB72965 for post-release known issues:

    Hyper-V anti-virus exclusions

    Hi Guys,

    When you have Hyper-V servers running with an anti-virus product on the host server please take a look at the following recomendations to keep Hyper-V running as optimal as possible.

    • Default virtual machine configuration directory (C:ProgramDataMicrosoftWindowsHyper-V)
    • Custom virtual machine configuration directories
    • Default virtual hard disk drive directory (C:UsersPublicDocumentsHyper-VVirtual Hard Disks)
    • Custom virtual hard disk drive directories Continue reading “Hyper-V anti-virus exclusions”

    Forefront Endpoint Protection 2010 Update Rollup 1 :more info

    Hi guys,

    An Update Rollup for Forefront Endpoint Protection 2010 is now available here.

    In addition to hotfixes, this Update also includes some important changes to note:

    1. Support for Windows Embedded 7 platforms:  With this update, the FEP client software is supported on certain Windows Embedded 7 platforms and Windows Server 2008 Server Core.  For more information about the additional support, see Prerequisites for Deploying Forefront Endpoint
      Protection on a Client Computer
    2. Signature Update Automation Tool used with Configuration Manager Software
      :  This tool automates downloading FEP definition updates using Configuration Manager 2007 Software Updates.  This is a command line tool that uses Configuration Manager APIs to get new definitions from Microsoft Update via the Configuration Manager software update feature, distribute the content to distribution points, and deploy the updates to Endpoint Protection clients on a recurring schedule.  The automation of the tool is done through the Windows task scheduler. To download the tool:  Go here.
    3. Two new preconfigured policy templates for the following server

    a.  Microsoft Forefront Threat Management Gateway

    b.  Microsoft Lync 2010

    You can find more details in the “What’s New” document on the TechNet site.  Please check out this KB article for a full list of fixes included in this Update Rollup.

    Recommended exclusions for virusscanner on a Windows Domain Controller with Active Directory or File Replication Service.

    The following list is files and folders that do not need to be scanned. These files are not at risk of infection and might cause serious performance issues due to file locking, if included. Where a specific set of files is identified by name, exclude only those files instead of the whole folder. Sometimes the whole folder must be excluded. Do not exclude any of these based on the filename extension. Continue reading “Recommended exclusions for virusscanner on a Windows Domain Controller with Active Directory or File Replication Service.”

    File size Forefront Endpoint Protection 2010 Client Definitions

    The answer is it depends, this information is from a icrosoft presentation and the information may change without further notice.

    Microsoft reset the definition updates through a process they call ‘re-base’ – currently once a month as part of the engine release
    Today there are 4 types of packages which can be used to update FEP clients Continue reading “File size Forefront Endpoint Protection 2010 Client Definitions”