not much risk until some malware writer takes advantage of this ... best practice is to exclude the extension within the known 'busy' target folder, and do as little *global* exceptions as possible. That said, it's still a safe practice today to exclude edb, ldf, mdf, pst, etc globally, but I shudder when I see software vendors specify the requirement to exclude *.tmp files ( without naming names, at least one video security application )
On Fri, Nov 18, 2011 at 1:26 PM, David Lum <[email protected]> wrote: > Going through Microsoft’s list of files to exclude from scanning, it > lists things like: > > **** > > Exclude the Active Directory transaction log files. The location of these > files is specified in the following registry key:**** > > HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NTDS\Parameters\Database > Log Files Path**** > > The default location is %windir%\Ntds. Specifically, exclude the following > files:**** > > EDB*.log **** > > Res*.log **** > > Res*.jrs**** > > ** ** > > Is there really much risk is excluding *.LOG globally and not just > specific paths? How about for the following: > *.JRS > *.EDB**** > > *.CHK**** > > *.POL**** > > *.DIT**** > > *.PAT**** > > *David Lum* > Systems Engineer // NWEATM > Office 503.548.5229 //* *Cell (voice/text) 503.267.9764**** > > ** ** > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
