Azure Azure Backup

Microsoft Azure Backup Server (MABS) v3: Antivirus Exclusions

Running a solid, constantly updated antivirus product on your servers, like your Microsoft Azure Backup Sever (MABS) v3, is a necessity to keep a healthy and secure server environment.

However, with installing an antivirus product, you also risk having issues with certain workloads and services on those severs. Just like System Center Data Protection Manager (SCDPM), MABS is compatible with most antivirus software products. Though, these antivirus products can also affect MABS performance and, if not configured properly, can cause data corruption of replicas and recovery points.

To avoid file conflicts and to minimize performance degradation between your MABS server and the antivirus software running on top of it, disable real-time monitoring by the antivirus software for the following processes and directories, which are all listed below.

MABS processes to exclude from antivirus real-time monitoring

For information about configuring real-time monitoring based on process name or folder name, see your antivirus documentation.

  • DPMRA.exe

(full path: C:\Program Files\Microsoft Azure Backup Server\DPM\DPM\bin\DPMRA.exe)

  • csc.exe (exclude when you experience degraded performance while using the MABS Administrator Console)

(full path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe) -> you can also exclude csc.exe in all the other Microsoft.NET Framework folders

  • cbengine.exe

(full path: C:\Program Files\Microsoft Azure Backup Server\DPM\MARS\Microsoft Azure Recovery Services Agent\bin\cbengine.exe)



MABS directories in the MABS Program Files folder to exclude from antivirus real-time monitoring

Be aware that when you installed MABS on another drive then “C:”, like in the example below, look under the correct drive for the folders to exclude

  • C:\Program Files\Microsoft Azure Backup Server\DPM\DPM\Temp\MTA\*
  • C:\Program Files\Microsoft Azure Backup Server\DPM\DPM\XSD\*
  • C:\Program Files\Microsoft Azure Backup Server\DPM\DPM\bin
  • C:\Progam Files\Microsoft Azure Backup Server\DPM\MARS\Microsoft Azure Recovery Services Agent\bin
  • C:\Program Files\Microsoft Azure Backup Server\DPM\DPM\Cache (*MABS scratch folder)



Delete infected files on the MABS server

You should configure to delete infected files by default on the MABS servers, rather than automatically cleaning or quarantining them. Automatic cleaning and quarantining can result in data corruption because these processes cause the antivirus software to modify files, making changes MABS cannot detect.


PowerShell Script to configure Windows Defender Antivirus exclusion for MABS v3

You can use the below PowerShell script to configure antivirus exclusions in Windows Defender antivirus for Microsoft Azure Backup Server (MABS) v3. To use the script copy and save it as Configure-WindowsDefenderAntivirus-Antivirus-Exclusions-MicrosoftAzureBackupServerv3.ps1 or download it from GitHub.


<#
.SYNOPSIS

A script used to configure antivirus exclusions in Windows Defender antivirus for Microsoft Azure Backup Server (MABS) v3.

.DESCRIPTION

A script used to configure antivirus exclusions in Windows Defender antivirus for Microsoft Azure Backup Server (MABS) v3.

.NOTES

File Name:      Configure-WindowsDefenderAntivirus-Antivirus-Exclusions-MicrosoftAzureBackupServerv3.ps1
Created:        23/08/2021
Last modified:  23/08/2021
Author:         Wim Matthyssen
PowerShell:     5.1 or above 
Requires:       -RunAsAdministrator
OS:             Windows Server 2019
Version:        3.0
Action:         Change variables were needed to fit your needs
Disclaimer:     This script is provided "As Is" with no warranties.

.EXAMPLE

.\Configure-WindowsDefenderAntivirus-Antivirus-Exclusions-MicrosoftAzureBackupServerv3.ps1

.LINK

https://tinyurl.com/8dpbwbne
#>

## ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## Variables

$global:currenttime= Set-PSBreakpoint -Variable currenttime -Mode Read -Action {$global:currenttime= Get-Date -UFormat "%A %m/%d/%Y %R"}
$foregroundColor1 = "Red"
$foregroundColor2 = "Yellow"
$writeEmptyLine = "`n"
$writeSeperatorSpaces = " - "

## ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
## Check if running as Administrator, otherwise close the PowerShell window
 
$CurrentPrincipal = New-Object Security.Principal.WindowsPrincipal([Security.Principal.WindowsIdentity]::GetCurrent())
$IsAdministrator = $CurrentPrincipal.IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
if ($IsAdministrator -eq $false) {
    Write-Host ($writeEmptyLine + "# Please run PowerShell as Administrator" + $writeSeperator + $currentTime)`
    -foregroundcolor $foregroundColor1 $writeEmptyLine
    Start-Sleep -s 5
    exit
}
  
## ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

## Add custom MABS v3 exclusions

Add-MpPreference -ExclusionProcess "DPMRA.exe"
Add-MpPreference -ExclusionProcess "csc.exe"
Add-MpPreference -ExclusionProcess "cbengine.exe"

Add-MpPreference -ExclusionPath "C:\Program Files\Microsoft Azure Backup Server\DPM\DPM\Temp\MTA"
Add-MpPreference -ExclusionPath "C:\Program Files\Microsoft Azure Backup Server\DPM\DPM\XSD\"
Add-MpPreference -ExclusionPath "C:\Program Files\Microsoft Azure Backup Server\DPM\DPM\bin"
Add-MpPreference -ExclusionPath "C:\Progam Files\Microsoft Azure Backup Server\DPM\MARS\Microsoft Azure Recovery Services Agent\bin"
Add-MpPreference -ExclusionPath "C:\Program Files\Microsoft Azure Backup Server\DPM\DPM\Cache"

Write-Host ($writeEmptyLine + "# Custom MABS v3 exclusions added" + $writeSeperatorSpaces + $currentTime)`
-foregroundcolor $foregroundColor1 $writeEmptyLine 

## ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------



Conclusion

There are a lot antivirus settings you should keep track of when running MABS v3. I have tried to list all of the exclusions, so hopefully it will help you with getting the most out of your MABS setup.

2 comments on “Microsoft Azure Backup Server (MABS) v3: Antivirus Exclusions

  1. Just a heads up that all your Azure Backup paths need to be updated:

    C:\Program Files\Microsoft Azure Backup

    … should be this:

    C:\Program Files\Microsoft Azure Backup Server

    Like

    • Hello Jason, thanks for the update. The original post was based on MABS v2, and that’s why a part of the full path used the “Microsoft Azure Backup” folder instead of “Microsoft Azure Backup Server” folder. I now have adjusted the blog post to MABS v3, and like you can see, the path is now like you say.

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: