Antivirus software on Servers 
Introduction
For Installing Antivirus Software on Microsoft Servers needs some attention. Therefore, it has always been a long argument to install and configure different antivirus software on different Microsoft Server Platforms. Some IT consultants do not even recommend installing antivirus software on Critical Servers. Of course vendor documentation is very important and must be analyzed before installing any antivirus products to servers. But Microsoft has its own recommendations and Best Practices to take into consideration.
Below is a summary of Microsoft Articles that related to Antivirus Software.
Domain Controllers:
If your Server holds the domain controller role and there are DNS, DHCP services then read the Microsoft KB article http://support.microsoft.com/kb/822158 and exclude:
- %systemroot%\Sysvol folder (include all the sub-folders and files)
- %systemroot%\system32\dhcp folder (include all the sub-folders and files)
- %systemroot%\system32\dns folder (include all the sub-folders and files)
- %systemroot%\ntds
File Replication service (NTFRS):
If NTFRS is running on your system, make sure your Anti-Virus software is compatible.
Read the Microsoft KB article http://support.microsoft.com/kb/815263 and exclude:
- %systemroot%\ntfrs folder (include all the sub-folders and files)
- Files that have the .log and .dit extension
If you have IIS installed, exclude:
- The IIS compression directory (default compression directory is %systemroot%\IIS Temporary Compressed Files)
- %systemroot%\system32\inetsrv folder
- Files that have the .log extension
Refer to the following knowledge base articles for reference:
KB817442 - IIS 6.0: Antivirus Scanning of IIS Compression Directory May Result in 0-Byte File
KB821749 - Antivirus software may cause IIS to stop unexpectedly
SQL Servers:
If you have SQL installed, you may want to exclude the SQL folder and databases files (or database file types) from scanning for performance reasons.
The Microsoft KB article http://support.microsoft.com/kb/309422 guidelines for choosing antivirus software to run on the computers that are running SQL Server
Exchange servers:
If you have Exchange installed, perform the relevant file-based scanning exclusions listed in Knowledge Base articles:
KB328841 - Exchange and antivirus software
KB823166 - Overview of Exchange Server 2003 and antivirus software
KB245822 - Recommendations for troubleshooting an Exchange Server computer with antivirus software installed
Cluster services:
If you have Cluster services, make sure your Anti-Virus software is compatible:
Read the Microsoft KB article http://support.microsoft.com/kb/250355
If you have a SQL cluster, make sure that you exclude these locations from virus scanning:
- Quorum drive
- %systemroot%\Cluster
- SQL Server data files that have the .mdf extension, the .ldf extension, and the .ndf extension
Sharepoint:
If you have Sharepoint installed, you should exclude:
- %ProgramFiles%\SharePoint Portal Server
- %ProgramFiles%\Common Files\Microsoft Shared\Web Storage System
- <DRIVE>:\MSDEDatabases (particularly on SBS) (where <DRIVE> is the drive letter where you installed SharePoint Portal Server)
Refer to the following knowledge base articles for reference:
KB320111 - Random Errors May Occur When Antivirus Software Scans Microsoft Web Storage System
KB322941 - Microsoft's Position on Antivirus Solutions for Microsoft SharePoint Portal Server
System Management Server (SMS):
If you have a SMS installed, you should exclude folders:
- SMS\Inboxes
- SMS_CCM\ServiceData
Refer to the following knowledge base articles for reference:
KB327453 - Antivirus programs may contribute to file backlogs in SMS 2.0 and in SMS 2003
NOTE: If you exclude the SMS\Inboxes directory from virus scanning or remove the antivirus software, you may make the site server and all clients vulnerable to potential virus risks. The client base component files reside in the SMS\Inboxes directory
Microsoft Operations Manager (MOM):
If you have a MOM Server, you consider excluding:
- <DRIVE>:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Operations Manager (where <DRIVE> is the drive letter where profiles are located)
- %ProgramFiles%\Program Files\Microsoft Operations Manager 2005
Internet Security and Acceleration Server (ISA):
If you have an ISA Server, you should exclude the ISALogs folder. By default, the ISALogs folder is located in the folder where you installed ISA Server. Typically, this location is %ProgramFiles%\Microsoft ISA Server.
Refer to the following knowledge base articles for reference:
KB887311 - Event ID 5, event ID 14079, and event ID 14176 are logged in the Application log on your Internet Security and Acceleration Server 2000 computer
WSUS Server:
If you have a Windows Software Update Services (WSUS) Server role, you consider excluding:
- <DRIVE>:\MSSQL$WSUS
- <DRIVE>:\WSUS
(Where <DRIVE> is the drive letter where you installed Windows Software Update Services)
Also refer to the following knowledge base articles for reference:
KB900638 - Multiple symptoms occur if an antivirus scan occurs while the Wsusscan.cab file is copied
Additional information:
For More Information you can check the below links.
KB49500 - List of antivirus software vendors
KB129972 - Computer viruses: description, prevention, and recovery