I always use PowerShell to script an automation regarding this and its more convenient and quicker to do it this way rather than manually.There are some main criteria that you must exclude on a DPM or MABS server, those are:
- Default actions
- File extensions
- Paths
- Processes
When and if a DPM or MABS server finds a malicious code, it should by default remove it rather than anything else. To set that option via PowerShell you simply run the following PowerShell code:
Set-MpPreference -LowThreatDefaultAction
Remove
Set-MpPreference -ModerateThreatDefaultAction
Remove
Set-MpPreference -HighThreatDefaultAction
Remove
Set-MpPreference -SevereThreatDefaultAction
Remove
The file extensions that I always exclude from the realtime scanning is the .mdf and .ldf files using the following syntax:
Add-MpPreference -ExclusionExtension .mdf
Add-MpPreference -ExclusionExtension .ldf
I also
exclude the following paths:
Add-MpPreference -ExclusionPath C:\Windows\Microsoft.NET\Framework\v2.0.50727
Add-MpPreference -ExclusionPath D:\Program Files\Microsoft
System Center\DPM\DPM\bin
Add-MpPreference -ExclusionPath D:\Program Files\Microsoft
System Center\DPM\DPM\Temp\MTA
Add-MpPreference -ExclusionPath D:\Program Files\Microsoft
System Center\DPM\DPM\Temp
Add-MpPreference -ExclusionPath D:\Program Files\Microsoft
System Center\DPM\DPM\Volumes\Replica
Add-MpPreference -ExclusionPath D:\Program Files\Microsoft
System Center\DPM\DPM\Volumes\ShadowCopy
Add-MpPreference -ExclusionPath D:\Program Files\Microsoft
System Center\DPM\DPM\Volumes
Add-MpPreference -ExclusionPath D:\Program Files\Microsoft
System Center\DPM\DPM\XSD
Add-MpPreference -ExclusionPath E:\Program Files\Microsoft
SQL Server\MSSQL13.DPM\MSSQL\DATA
Add-MpPreference -ExclusionPath X:\
Where the
last part is the processes:
Add-MpPreference -ExclusionProcess dpmra.exe
Add-MpPreference -ExclusionProcess csc.exe
With this
base you are able to create a decent PowerShell script of your own altering the
paths and the volume letters.
Inga kommentarer:
Skicka en kommentar