Skip to main content

Anti-Virus Exclusions for VMware and Windows

Over the years I had come across a lot of issues around OS performance where part of culprit has been to do with Anti-Virus settings. Leaving them as default settings can cause a lot of pain and headache. Here are some of the useful information I have gather from a couple of kb articles from VMware and Windows to help you get a better grip of what to scan in the guest OS to avoid wasting compute cycles especially if you are using public IaaS platforms.

  • Exclude the folders from scanning for VMware tools or your installation of vCenter. Change the drive letter to reflect where you have installed the software :
    • Windows Server 2012 "C:\Program Files\VMware\"
    • Windows Server 2008 "C:\ProgramData\VMware\"
    • Windows Server 2003 "C:\Documents and Settings\All Users\Application Data\VMware\
  • Choose either to real-time scan on "Read" or "Write" try not to do both as you would waste processing power. My preferred option would be to real-time scan on "Write" as if during write you have scanned it then you could safety assume that the file was clean on writing to disk.
  • Turn off scanning of Windows Update or Automatic Update database file "Datastore.edb" which by default for windows is at %windir%\SoftwareDistribution\Datastore
  • Turn off scanning for logs files located in the following folder which by default is at %windir\SoftwareDistribution\Datastore\Logs specifically to exclude the following type of files edb*.jrs, edb.chk and tmp.edb
  • Turn off scanning for the following type of files *.edb, *sdb, *.log, *.chk and *.jrs in the following directory %windir\Security\Database
  • Exclude group policies settings files *.pol or to be specific they are within the following locations
    • %allusersprofile%\ specifically NTUser.pol
    • %SystemRoot%\System32\GroupPolicy\Machine\ specifically Registry.pol
    • %SystemRoot%\System32\GroupPolicy\User\ specifically Registry.pol
KBs Article Used


Comments

Popular posts from this blog

Rolling back a version of ESXi

There is an option in VMware where after you have performed an major upgrade of ESXi you can roll back to your previous version. The benefit of this is that you would not need to reinstall your ESXi and its configuration if you had issues with the new software. I had to do this on one occassion in my lab where I upgraded from 6.5 to 6.7 and my VMs would not run because the CPU was not supported in 6.7. Please remember if you are using ISO method to upgrade ESXi please ensure you select "Upgrade ESXi, preserve VMFS datastore". Selecting "Install ESXi, preserve VMFS datastore" does not mean preserving datastore means retaining ESXi as it will still do a clean install of ESXi. This method does not work for vSphere 7.0 as there are changes to the partitions on the boot device. Below are the steps to roll back to a previous version which is quite straight forward. As always perform an backup of your host configuration before you upgrade or rollback ( KB2042141 ). I have

Configuring ESXi 6 host to send logs to Syslog Server

In my previous post I talked about configuring VMware Syslog server for Windows which is installed and enabled by default on installation of vCenter 6 for Windows. I will now describe the basic configuration that is required on an ESXi 6 host to be able to send logs out to a syslog server using my vCenter as the example. 1) Navigate to your ESXi host within vCenter. Go to "Manage" tab and select "Settings" followed by "Advanced System Settings". Look for the settings "Syslog.global.loghost" and highlight this settings. Click the pencil icon to edit the configuration for this setting. 2) You can now add the host name or ip address of your syslog server/s. You can enter just hostname or IP address, use udp://hostname:514 or ssl://hostname:1514 to be more specific on the port and protocol to be used. If you have multiple hosts then you use the comma (,) to separate each server i.e. udp://192.168.0.1:514,udp://192.168.0.2:514 3)We n

Custom ESXi Image - ISO using PowerCLI

There comes a time when you have purchased a new hardware to run your ESXi software and discover that the installable base media provided by VMware does not include the drivers or the drivers are out of date. In the world of Windows (Plug and Play) it would discover the hardware and prompt you to provide the drivers so that Windows would install/update the drivers for the hardware. For ESXi if the drivers are not present during load time then the hardware will possibly not work. VMware uses VIB (vSphere Installation Bundle) as a way for vendors to distribute their drivers. To install these VIBs you can either use Update Manager or command line (esxcli). Now this is all good but it does mean you have to first install the base ESXi then use one of the steps above to install/update the drivers.   Some people might feel that it is OK to update the drivers using the above methods but what if it was the network card that was the new hardware and you needed new drivers. Without the net