Novell Home

My Favorites

Close

Please to see your favorites.

Recommended ZCM Anti-Virus Exclusions

This document (7007545) is provided subject to the disclaimer at the end of this document.

Environment

Novell ZENworks 10 Configuration Management
Novell ZENworks 11 Configuration Management

Situation

The ZCM logon process can involve significant HDD I/O.
Anti-Virus scanning of all of this activity can sometimes significantly slow down computers during the logon process.
It can also cause hangs during install or system update.

Resolution

Please Exclude Activity of the Following ZENworks EXEs:
%ZENWORKS_HOME%\bin\analyze.exe
%ZENWORKS_HOME%\bin\cabarc32.exe
%ZENWORKS_HOME%\bin\colw32.exe
%ZENWORKS_HOME%\bin\mcescan.exe
%ZENWORKS_HOME%\bin\nalwin.exe
%ZENWORKS_HOME%\bin\remediate.exe
%ZENWORKS_HOME%\bin\zenNotifyIcon.exe
%ZENWORKS_HOME%\bin\zenUserDaemon.exe
%ZENWORKS_HOME%\bin\zenWindowsDaemon.exe
%ZENWORKS_HOME%\bin\zenWorksWindowsService.exe
%ZENWORKS_HOME%\bin\Handlers\RMENF.exe
%ZENWORKS_HOME%\esm\zesservice.exe
%ZENWORKS_HOME%\esm\zesuser.exe
%ZENWORKS_HOME%\esm\zescommand.exe
 
%ZENWORKS_HOME%\zpm\analyze.exe (This file does exist in two folders.)
%ZENWORKS_HOME%\zpm\cabarc.exe (This file does exist in two folders.)  
%ZENWORKS_HOME%\zpm\LM.Detection.exe
%ZENWORKS_HOME%\zpm\LM.Detection_x64.exe
%ZENWORKS_HOME%\zpm\mcescan.exe (This file does exist in two folders.)
%ZENWORKS_HOME%\zpm\remediate.exe (This file does exist in two folders.)
%SystemRoot%\system32\secedit.exe (Used for GPO Processing)
%SystemRoot%\system32\winlogon.exe (Used for GPO Processing)
%SystemRoot%\system32\wuauclt.exe
%SystemRoot%\system32\ZDPAServe.exe (Used for ZENworks Agent Deployment)
%SystemRoot%\syswow64\ZDPAServe.exe
(Used for ZENworks Agent Deployment)
C:\WINDOWS\TEMP\{D6C5BB8D-8A3A-495F-8252-DF4E0731209B}\InstallHelper.exe (ideally this EXE anywhere it launches from if that is possible)  
 
Please exclude the following files from being scanned: 
%ZENWORKS_HOME%\cache\zmd\*.appstate
%ZENWORKS_HOME%\cache\zmd\zencache\metadata\objinfo.db
%ZENWORKS_HOME%\cache\zmd\zencache\metadata\fileinfo.db
%ZENWORKS_HOME%\esm\*.*
%ZENWORKS_HOME%\work\status\mdstatus.db
%ZENWORKS_HOME%\logs\*.logs 
(Include SubDirectories)
%SystemRoot%\system32\GroupPolicy\adm\*.adm
%SystemRoot%\system32\GroupPolicy\machine\*.pol
%SystemRoot%\system32\GroupPolicy\user\*.pol
%SystemRoot%\syswow64\GroupPolicy\adm\*.adm
%SystemRoot%\syswow64\GroupPolicy\machine\*.pol
%SystemRoot%\syswow64\GroupPolicy\user\*.pol  
%WINSYSDIR%\drivers\{4bb8218c-aebf-4113-882f-b10ae15c8218} Note:  This directory is on system drive root folder in 11.2.1 and later and will be hidden and protected by agent self defense in 11.3 and later.
C:\WINDOWS\TEMP\{D6C5BB8D-8A3A-495F-8252-DF4E0731209B}
C:\Documents And Settings\All Users\Application Data\Novell\ZES - (winXP and win2k3 only)
C:\ProgramData\Novell\ZES - (Vista, Win7, Win2k8, newer)
 
If the anti-virus/anti-spyware/Internet Security software being used supports the exclusion of registry keys, then exclude the following:
HKLM\SYSTEM\CurrentControlSet\ services\ zesservice
HKLM\SYSTEM\CurrentControlSet\ services\ zesuser
HKLM\SYSTEM\CurrentControlSet\ services\ zestdi
HKLM\SYSTEM\CurrentControlSet\ services\ zesdac
HKLM\SYSTEM\CurrentControlSet\ services\ zesdt
HKLM\SYSTEM\CurrentControlSet\ services\ zesds
HKLM\SYSTEM\CurrentControlSet\ services\ zesdisk
HKLM\SYSTEM\CurrentControlSet\ services\ zesocc
HKLM\SYSTEM\CurrentControlSet\services\zesfw (Vista, Win7, Win2k8, newer)
HKLM\SYSTEM\CurrentControlSet\services\zeswifi (Vista, Win7, Win2k8, newer)
HKLM\SYSTEM\CurrentControlSet\services\zesndisim (winXP and win2k3 only)
HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}
HKLM\ SYSTEM\CurrentControlSet\Control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}
HKLM\ SYSTEM\CurrentControlSet\Control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}
HKLM\ SYSTEM\CurrentControlSet\Control\Class\{36FC9E60-C465-11CF-8056-444553540000}
 
Note:  Each Anti-Virus package has different options that can be configured and different syntax used for exclusions.
Please be sure to review the documentation for the Anti-Virus package in use for the proper method and syntax.

Additional Information

In addition to AV Scanning Exclusions, Anti-Virus activity scheduled to occur at startup can also considerably slow down a device's initial logon.
These include but are not limited to the following:
 
Scheduling a HDD Scan during PC Boot.
Scheduling a HDD Scan on during PC Boot if a previously Scheduled scan is missed.
Scheduling Anti-Virus Software and Signature updates during Boot.
Scheduling Anti-Virus Software and Signature updates during Boot if a previously scheduled update is missed.
 
If these scheduled events are causing an issue consider the following options:
Delay missed updates until shortly after the device boots.
Schedule WOL events for devices for 30-60 minutes prior to normal device usage.
 
Performance issues have also been seen when Multiple Anti-Virus packages are installed on a device.
This has most often been seen when Microsoft Security Essentials is installed with another 3rd party Anti-Virus solution.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7007545
  • Creation Date:11-JAN-11
  • Modified Date:29-JAN-14
    • NovellZENworks Configuration Management

Did this document solve your problem? Provide Feedback