AntiVirus Solution Antimalware PC Safety. Antispyware XP. Antivirus Antivirus Plus. Antivirus Russian. Antivirus Action. Antivirus Anvi. Antivirus FakeXPA. Antivirus Live. Antivirus Master. Antivirus Number Antivirus PC installer full. Antivirus PC Antivirus Plasma. Antivirus Pro Antivirus Protection Fixed VM. Antivirus Scan. Antivirus Security Pro. Antivirus Security WinWebSec.
Antivirus Soft. Antivirus Studio Antivirus System Antivirus XP Pro. Attentive Antivirus Unpacked. Attentive Antivirus. Best Antivirus Software. Best Malware Protection. Best Virus Protection. Check Disk. Coreguard Antivirus Data Recovery 2. Data Recovery. Data Restore. Defence Center. Defense Center. Desktop Security Primary. Digital Protection. E-set Antivirus Earth Antivirus.
Easy Scan. Eclipse Antivirus. Eco Antivirus. ErrorSafe a WinFixer Variant. File Restore. FileFix Professional General Antivirus Vista. General Antivirus. Ghost Antivirus.
Green AV Full Archive. Guard Pro. HDD Control. HDD OK. HDD Plus. Hard Drive Diagnostic. Hoax Topantispyware DesktopHijack. Home Safety Essentials. Internet Antivirus 1. Internet Antivirus Internet Antivirus Pro. Internet Security Internet Security Essentials Eval. Internet Security Essentials. Internet Security Guard. Live Enterprise Suite. Live Protection Suite Live Security Suite Vista. Live Security Suite. Macatte Antivirus Malware Destructor Malware Destructor 4.
Malware Doctor FakeMaDoc. MalwareRemoval BOT. My Security Engine. Nortel Antivirus. Omega Antivir. PC Defender PC Defender English Crack. PC Live Guard. PC Protection Center PC Security Paladin Antivirus. Perfect Defender Personal Antivirus InternetAntivirus. Personal Internet Security Privacy Watcher. Protection Center. RST Antivirus Raze Desktophijack Danger Spyware. Registry Doktor 4. Safety Anti-Spyware. Security Security Central FakeSpyPro. Security Central. Security Defender Defmid.
Security Essentials Security Essentials Ultimate Pack. Security Guard Security Mechanic. Security Suite. Smart Anti-Malware Protection. Smart Antivirus FakeSmav. Smart Defender Pro. This file is located in the following folder:. Note If these files are not excluded, antivirus software may prevent appropriate access to these files, and security databases can become corrupted. Scanning these files can prevent the files from being used or may prevent a security policy from being applied to the files.
These files should not be scanned because antivirus software may not correctly treat them as proprietary database files. These are the recommended exclusions. There may be other file types that are not included in this article that should be excluded. Because domain controllers provide an important service to clients, the risk of disruption of their activities from malicious code, from malware, or from a virus must be minimized.
Antivirus software is the generally accepted way to reduce the risk of infection. Install and configure antivirus software so that the risk to the domain controller is reduced as much as possible and performance is affected as little as possible. The following list contains recommendations to help you configure and install antivirus software on a Windows Server domain controller.
Warning We recommend that you apply the following specified configuration to a test system to make sure that in your specific environment it does not introduce unexpected factors or compromise the stability of the system. The risk from too much scanning is that files are inappropriately flagged as changed. This causes too much replication in Active Directory. If testing verifies that replication is not affected by the following recommendations, you can apply the antivirus software to the production environment.
Note Specific recommendations from antivirus software vendors may supersede the recommendations in this article. Antivirus software must be installed on all domain controllers in the enterprise. Ideally, try to install such software on all other server and client systems that have to interact with the domain controllers. It is optimal to catch the malware at the earliest point, such as at the firewall or at the client system where the malware is introduced.
This prevents the malware from ever reaching the infrastructure systems that the clients depend on. Use a version of antivirus software that is designed to work with Active Directory domain controllers and that uses the correct Application Programming Interfaces APIs to access files on the server.
Older versions of most vendor software inappropriately change a file's metadata as the file is scanned. This causes the File Replication Service engine to recognize a file change and therefore schedule the file for replication. Newer versions prevent this problem. For more information, see the following article in the Microsoft Knowledge Base:.
Do not use a domain controller to browse the Internet or to perform other activities that may introduce malicious code. We recommend that you minimize the workloads on domain controllers. When possible, avoid using domain controllers in a file server role. This lowers virus-scanning activity on file shares and minimizes performance overhead. The location of these files is specified in the following registr subkey:.
Specifically, exclude the following files:. Exclude the Active Directory transaction log files. The location of these files is specified in the following registry subkey:.
Exclude the following files that exist in the folder:. Turn off scanning of files in the FRS Database Log files that are specified in the following registry subkey:.
Exclude the following files. Note Settings for specific file exclusions is documented here for completeness. By default, these folders allow access only to System and Administrators. Please verify that the correct protections are in place. This attribute contains the path to the actual location that DFS replication uses to stage files. Exclude the following files from this folder and all its subfolders:. Turn off scanning of files in the DFSR database and working folders.
The location is specified by the following registry subkey:. In this example, the path would contain "Domain System Volume. By default, DHCP files that should be excluded are present in the following folder on the server:. The location of DHCP files can be changed. In some scenarios, on a Windows Server based computer that has the Hyper-V role installed or on a Microsoft Hyper-V Server or on a Microsoft Hyper-V Server R2-based computer, it may be necessary to configure the real-time scanning component within the antivirus software to exclude files and entire folders.
0コメント