ESET Online Help

Search English
Select the topic

Automatic exclusions

The developers of server applications and operating systems recommend excluding sets of critical working files and folders from malware scan for most of their products. Malware scan may have a negative influence on a server's performance, which may lead to conflicts and even prevent some applications from running on the server. Exclusions help minimize the risk of potential conflicts and increase the overall performance of the server when running Anti-Malware software. See the complete list of files excluded from scanning for ESET server products.

The automatic exclusions feature is enabled after you activate ESET Mail Security with a valid license and perform the initial update to include the latest modules.


note

Automatic exclusions for Microsoft SQL Server database files work for default location. If you have Microsoft SQL Server databases in different locations (other than the default), you have two options. Manually add the exclusions, or have the database files automatically excluded. For the automatic exclusion, ESET Mail Security needs read access to the Microsoft SQL Server instance to find what paths are used for database files. If ESET Mail Security displays an error message about insufficient rights, solve it by granting the NT_AUTHORITY\SYSTEM account View any definition permission to each Microsoft SQL Server instance you run on the server with ESET Mail Security.

For further details, see Knowledgebase article on how to Add permission to get database data locations to generate automatic exclusions for Microsoft SQL Server.

ESET Mail Security identifies critical server applications and server operating system files, and automatically adds them to the list of Exclusions. All automatic exclusions are enabled by default. You can disable/enable each server application exclusions using the slider bar with the following result:

When enabled, any of its critical files and folders will be added to the list of files excluded from scanning. Every time the server is restarted, the system performs an automatic check of exclusions and updates the list if there were system or application changes (for example when a new server application was installed). This setting ensures the recommended Automatic exclusions are always applied.

When disabled, automatically excluded files and folders will be removed from the list. Any user-defined exclusions entered manually will not be affected.

The Automatic exclusions for Exchange Servers are based on Microsoft's recommendations. ESET Mail Security applies "Directory/Folder exclusions" only ("Process exclusions" and "File extension exclusions" are not applied). See the following Microsoft Knowledge Base articles for details:

Update on the Exchange Server Antivirus Exclusions

Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows

File-Level Antivirus Scanning on Exchange 2010

Anti-Virus Software in the Operating System on Exchange Servers (Exchange 2013)

Running Windows antivirus software on Exchange 2016 servers


note

There are also Exchange database file exclusions for Active and Passive databases in DAG (Database Availability Group) hosted on local server. List of Automatic exclusions is updated every 30 minutes. If there is a new Exchange database file created, it will automatically get excluded regardless of its state, whether it is Active or Passive.

To identify and generate automatic exclusions, ESET Mail Security uses dedicated application eAutoExclusions.exe, located in the installation folder. No interaction is needed from your side, but you can use command line to list detected server applications on your system by executing eAutoExclusions.exe -servers. To display full syntax, use eAutoExclusions.exe -?.

Elevated permissions account

This feature allows ESET Mail Security to generate further exclusions to resources like network shares, Microsoft SQL Server database files locations, or Skype for Business file share storage. To extend the automatic exclusions functionality, enable the Elevated permissions account and enter the username and password of your domain or local administrator account. You can create a new dedicated account for this purpose if you desire, but ensure the account is a member of the domain's built-in Administrators (BA) group or the local Administrators group.