Recommended ZCM Anti-Virus Exclusions

  • 7007545
  • 11-Jan-2011
  • 12-Jan-2018


Novell ZENworks 10 Configuration Management
Novell ZENworks 11 Configuration Management
Novell ZENworks Configuration Management 2017


The ZCM logon process can involve significant HDD I/O.
Anti-Virus scanning of all of this activity can sometimes significantly slow down computers during the logon process.

It can also cause hangs during install or system update.


Notice: The ACTUAL paths entered into your Anti-Virus Exclusion List should be the literal path and not use a variable, because many AV vendors intentionally do not resolve variables.
Please Exclude Activity of the Following ZENworks EXEs: (Variables are for Reference...Use literal values that match actual environment such as "c:\windows\" in lieu of %systemroot% if Windows is installed to c:\windows)
%ZENWORKS_HOME%\zapp\zapp.exe (New to ZCM 2017)
%ZENWORKS_HOME%\zpm\analyze.exe (This file does exist in two folders.)
%ZENWORKS_HOME%\zpm\cabarc.exe (This file does exist in two folders.)  
%ZENWORKS_HOME%\zpm\mcescan.exe (This file does exist in two folders.)
%ZENWORKS_HOME%\zpm\remediate.exe (This file does exist in two folders.)
%SystemRoot%\system32\secedit.exe (Used for GPO Processing)
%SystemRoot%\system32\winlogon.exe (Used for GPO Processing)
%SystemRoot%\system32\ZDPAServe.exe (Used for ZENworks Agent Deployment)
(Used for ZENworks Agent Deployment)
Please exclude the following files from being scanned: 
%ZENWORKS_HOME%\cache\zmd\*.appstate (valid up to ZENworks 11.2.x)
%ZENWORKS_HOME%\cache\zmd\*.applstate (valid since ZENworks 11.3)
%ZENWORKS_HOME%\cache\zmd\*.appdata (valid since ZENworks 11.3)
%ZENWORKS_HOME%\cache\zmd\AppDataLRUCache\*.* (valid since ZENworks 11.3)
(Include SubDirectories)
%WINSYSDIR%\drivers\{4bb8218c-aebf-4113-882f-b10ae15c8218} Note:  This directory is on system drive root folder in 11.2.1 and later and will be hidden and protected by agent self defense in 11.3 and later.
C:\Documents And Settings\All Users\Application Data\Novell\ZES - (winXP and win2k3 only)
C:\ProgramData\Novell\ZES - (Vista, Win7, Win2k8, newer)
If the anti-virus/anti-spyware/Internet Security software being used supports the exclusion of registry keys, then exclude the following:
HKLM\SYSTEM\CurrentControlSet\services\zesfw (Vista, Win7, Win2k8, newer)
HKLM\SYSTEM\CurrentControlSet\services\zeswifi (Vista, Win7, Win2k8, newer)
HKLM\SYSTEM\CurrentControlSet\services\zesndisim (winXP and win2k3 only)

For FDE install/update:


Note:  Each Anti-Virus package has different options that can be configured and different syntax used for exclusions.
Please be sure to review the documentation for the Anti-Virus package in use for the proper method and syntax.

Additional Information

In addition to AV Scanning Exclusions, Anti-Virus activity scheduled to occur at startup can also considerably slow down a device's initial logon.
These include but are not limited to the following:
Scheduling a HDD Scan during PC Boot.
Scheduling a HDD Scan on during PC Boot if a previously Scheduled scan is missed.
Scheduling Anti-Virus Software and Signature updates during Boot.
Scheduling Anti-Virus Software and Signature updates during Boot if a previously scheduled update is missed.
If these scheduled events are causing an issue consider the following options:
Delay missed updates until shortly after the device boots.
Schedule WOL events for devices for 30-60 minutes prior to normal device usage.
Performance issues have also been seen when Multiple Anti-Virus packages are installed on a device.
This has most often been seen when Microsoft Security Essentials is installed with another 3rd party Anti-Virus solution.

TrendMicro OfficeScan Exclusion document - 
Performance issues when OfficeScan clients scan machines installed with ZENworks - 1058273
Symantec 10 and 11 Document -