I'm working with a customer, designing a new installation.
They are going to use System Center Endpoint Protection.
This design will have a combination of the following server roles:
Virtual backup servers without proxy/repo
Physical backup servers with proxy/repo (Read from FC snapshots, write to local disk or HP StoreOnce via network or FC)
Physical backup proxies with repo (Read from FC snapshots, write to local disk or HP StoreOnce via network or FC)
Guest interaction proxies
Backup manager (VBR EM)
For exclusions in SCEP I have added:
Veeam folders
Installation
Repository
FLR
NFS
Catalog
Veeam files
.vmdk
.flat
SQL files
.mdf
.ndf
.ldf
.sql
.sqlaudit
.bak
.trn
sqlservr.exe as a process exclusion.
Is there any need to exclude the Veeam binaries as processes? If so, which processes on each server role?
The SCEP documentation I have found is so thin on the real time scan, that I have no idea how this actually works. Any links to deeper technical descriptions would be appreciated.
I dont think we'd have any dedicated documentation on ecluding certain Veeam file (especially the installation paths/binaries) given we'd normally lean on the endpoint protection vendor to determine most appropriate and comprehensive method of deploying exclusions.
From experience, I havent (personally) noticed any specific troubles running adjacent with SCEP and not excluding certain binaries.
Also, consider the Veeam backup files - you stated in your list .vmdk, (was this a typo) - you might want to look at considering the exclusion of our backup extensions in SCEP also.
The .vmdk was not a typo. I was following the guide in KB 1999, and the vbk/vib/vbm files are not in that list. I have added exclusions for the repository paths, but adding in the file extensions for the backup files might be a good extra protection. Maybe the KB needs an update?
The reason I'm asking about the processes is mainly because SCEP has horrible documentation on this, and if all data processed (in memory and/or to disk) for an included process is the way it works we'd probably see it grind to a halt.