Environment
Security Manager 6.X
Situation
Do I need to exclude the queue and cache files from real time antivirus scanning?
Does NetIQ Technical Support have any recommended best practices concerning which files to exclude from virus checking?
Which files should not be virus scanned?
Resolution
NetIQ Technical Support recommends that you exclude the following files from antivirus scanning for Security Manager 6.X
Central Computers Agent Cache Files Exclusion:
(W2K3)
E.g.
%\Documents and Settings\All Users\Application Data\NetIQ\
Note: Exclude all subdirectories and files under this directory.
(W2K8)
E.g.
%:\programdata\netiq\security manager
Note: Exclude all subdirectories and files under this directory.
NOTE: In cases where the above path is not in the default location, type this environment variable: Start | Run | "%allusersprofile%\netiq\security manager" to find the correct path.
Central Computers Program Files Exclusion:
E.g
%:\Program Files\NetIQ Security Manager\OnePoint
Note: Exclude all subdirectories and files under this directory.
SQL Server data Files Exclusion:
Exclude the .MDF and .LDF Security Manager Database files. Most importantly the one point databases Eea_data.mdf and Eea_data.ldf files.
E.g.
%\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data
Log Archive Exclusion files Exclusion:
Exclude the entire log archive volume that will cover all of the daily archives, the CubeExport, and the index_Data directory.
E.g.
%:\NetIQSMLogArchive\
<Log_Archive_Directory>\index_data
<Log_Archive_Directory>\CubeExport
Note: By default the CubeExport and Index_data directory are located under the log archive volume but it is possible to change the location of those directories.
Cause
AV scanning the temporary queue and cache files, on any agent or central computer, can potentially create write contention to the files. This contention causes Security Manager to generate an unhandled exception.
In addition, AV scanning on the log archive server can potentially cause write contention as well, as a number of directories contain temporary files.
This includes anything in the index_data folder as well as the cubeexport folder.