How to Monitor Changes to Antivirus Exclusions
Antivirus scans is one of those things
that happen on servers that can impact performance. So because of that, a lot of vendors will actually go and make recommendations for files and folders you’re supposed to exclude, always. Now that’s a slippery slope because if you exclude them for the vendor, who’s to say another program won’t come in and try to add additional exclusions that could be a security problem. So using SolarWinds Server Configuration Monitor, I’ll show you how to watch those. From the Orion homepage, go to server configuration and the summary. Then we’ll go to server configuration monitor settings, and we’ll create a new profile. We’ll call this one antivirus exclusions. And our configuration elements are of
type: PowerShell. We’ll call the element “AV Exclusions,” and then we’ll put in our script. This PowerShell script is going to look at the Windows Defender exclusions, so we’ll get the preferences and store them. Then, we will extract out the exclusion paths. Then, we will show those exclusion paths and sort them. Select the frequency, the timeout of the execution, and, optionally, put in a description. And that’s it. That is now in our profile. Now we just need to go ahead
and assign that to a couple of nodes. And that’s it. That’s all it takes. Now you
can be notified if changes happen to those exclusions. For more information, visit solarwinds.com.