Thanks Todd- That's much better than the previous recommendations I was able to find in the MSKB.
I had started a similar thread here back in July as well and we have been bugging our AV vendor for their best practices..The last I heard from our internal AV Product Manager was "I talked to an engineer and said they are trying to move away from file exclusions and work at process exclusions instead.If there is a AD domain controller we can run a small monitor on, we can find out what process is activating all the file scan requests and set it to be excluded." -----Original Message----- From: Myrick, Todd (NIH/CIT) [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 02, 2003 11:47 AM To: '[EMAIL PROTECTED]' Subject: [ActiveDir] Anti-Virus Software and AD A few months back I started a thread about installing AV software on Domain Controllers. There were a lot of good comments generated as part of the discussion with the recommendation to avoid software that triggered FRS replication, and recommendations to also exclude certain file types. Another trend that was reported was that some people were getting recommendations from Microsoft that they don't run AV software on DC's because their Firewalls and such protect them. Recently I have discovered two new KB's that seem to offer some definitive recommendations from Microsoft. Virus Scanning Recommendations on a Windows 2000 Domain Controller http://support.microsoft.com/default.aspx?scid=kb;en-us;822158 Antivirus, Backup, and Disk Optimization Programs That Are Compatible with the File Replication Service http://support.microsoft.com/default.aspx?scid=kb;EN-US;815263 Below is a summary of the MS recommendations Programs That Do Not Trigger FRS Replication The following programs do not modify files in a way that triggers FRS replication. Antivirus eTrust Antivirus build 96 or later with the "NTFS incremental scan" feature disabled McAfee/NAI NetShield 4.50 with the NetShield Hotfix Rollup Norton AntiVirus 7.6 or later File and System State Backup Legato Octopus/Replistor 5.2.1 Disk Optimization None currently reported Toddler List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
