Microsoft发布了一篇知识库^{(Knowledge Base)}文章，其中列出了在企业^(Enterprise)环境中运行防病毒扫描程序时提高Windows性能的建议。^(Windows)Microsoft 建议您不要使用防病毒扫描程序扫描以下文件和文件夹。^{(Microsoft recommends that you not scan the following files and folders with your antivirus scanner.)}这些文件没有被感染的风险。如果您扫描这些文件，可能会因为文件锁定而出现严重的性能问题。

在大多数情况下，我们的防病毒软件在使用自动^(Automatic)更新在您的计算机系统上安装Windows 更新^{(Windows Updates)}时不会产生问题。但是有时会发现某些安全软件会阻止某些系统关键文件或干扰Microsoft 更新^{(Microsoft Updates)}的顺利运行。

如果您觉得您的防病毒软件可能会干扰您的Windows 更新^{(Windows Update)}，您应该暂时禁用它。或者，您可以将一些文件添加到安全软件的排除^(Exclusion)列表中，以便根本不扫描这些与Windows 更新相关的系统文件。^{(Windows Update)}

您可以将防病毒软件设置为不扫描 %windir%SoftwareDistribution 文件夹中的文件。这些文件没有被感染的风险，因此如果您扫描这些文件，可能会出现问题，因为某些文件可能会被锁定。

在通过名称标识特定文件集的情况下，仅排除这些文件而不是整个文件夹。有时，必须排除整个文件夹。不要根据文件扩展名排除其中任何一项。

您可以从防病毒^(Antivirus)扫描中排除的文件

Microsoft Windows 更新^{(Microsoft Windows Update)}或自动更新^{(Automatic Update)}相关文件：

1) Windows 更新或自动更新数据库文件。^{(The Windows Update or Automatic Update database file.)}此文件位于以下文件夹中：

 %windir%\SoftwareDistribution\Datastore

排除Datastore.edb文件。

2)事务日志文件。^{(The transaction log files.)}这些文件位于以下文件夹中：

%windir%\SoftwareDistribution\Datastore\Logs

排除以下文件：

a) Edb*.log

b) Res1.log。对于Windows 10/8/7/Vista和Windows Server ，该文件名为Edbres00001.jrs。

c) Res2.log。对于Windows 10/8/7/Vista和Windows Server ，该文件名为Edbres00002.jrs。

d) Edb.chk

e) Tmp.edb

f)应将%windir%\security路径中的以下文件添加到排除列表中：

•  *.edb
• *.sdb
• *。日志
• *.chk

注意：^(Note:)如果不排除这些文件，则安全数据库通常已损坏，并且在您扫描文件夹时无法应用组策略。^{(Group Policy)}

组策略相关文件：^{(Group Policy related files:)}

1）组策略用户注册表信息^{(Group Policy user registry information)}。这些文件位于以下文件夹中：

%allusersprofile%\

排除以下文件：NTUser.pol

2)组策略客户端设置文件。^{(Group Policy client settings file. )}这些文件位于以下文件夹中：

%Systemroot%\system32\GroupPolicy\

排除以下文件：registry.pol

要了解Windows Windows^{(Windows Windows 11)} 11、10 、Windows 8、Windows 7 和Windows Server的所有此类文件，请访问KB822158。

不过，趋势科技并不完全认同：^{(However, TrendMicro does not agree with it completely:)}

Following the recommendations does not pose a significant threat as of now but it has a very big potential of being one. Cybercriminals may strategically drop or download a malicious file into one of the folders that are recommended to be excluded from scanning or use a file name extension that is also in the excluded list. We find it sensible for users to aim for better system performance. However, we also think that excluding certain file types or folders from anti virus scanning is not something novice users should tinker with. Doing so may expose the system to risks that can lead to an inconvenience far more severe than a slightly slower system. In line with this, we advise users to educate themselves fully about these recommendations before taking any action. We recommend users not to exclude any file unless there is a critical reason to do so and be aware of the risks entailed by such an action.

希望你觉得这篇文章有用！

Windows files and folders you may exclude from Antivirus scans

Microsoft has published a Knowledge Base article that lists down rеcommendations to improve рerformance in Windows in an Enterprіse environmеnt when runnіng antivirus scanners. Microsoft recommends that you not scan the following files and folders with your antivirus scanner. These files are not at risk of infection. If you scan these files, serious performance problems may occur because of file locking.

In most cases, our antivirus software does not create problems while using Automatic Updates to install Windows Updates on your computer system. But there have been times when some security software have been found to block some system-critical files or interfere with the smooth working of Microsoft Updates.

If you feel that your antivirus software may be interfering with your Windows Update, you should temporarily disable it. Or then you could add some files to the Exclusion list of your security software so that these Windows Update related system files are not scanned at all.

You may set your antivirus software to not scan the files in the %windir%\SoftwareDistribution folder. These files are not at risk of infection, and so if you scan these files, problems may occur because some files may get locked.

Where a specific set of files is identified by name, exclude only those files instead of the whole folder. Sometimes, the whole folder must be excluded. Do not exclude any one of these based on the file name extension.

Files you may exclude from Antivirus scans

Microsoft Windows Update or Automatic Update related files:

1) The Windows Update or Automatic Update database file. This file is located in the following folder:

 %windir%\SoftwareDistribution\Datastore

Exclude the Datastore.edb file.

2) The transaction log files. These files are located in the following folder:

%windir%\SoftwareDistribution\Datastore\Logs

Exclude the following files:

a) Edb*.log

b) Res1.log. The file is named Edbres00001.jrs for Windows 10/8/7/Vista and Windows Server.

c) Res2.log. The file is named Edbres00002.jrs for Windows 10/8/7/Vista and Windows Server.

d) Edb.chk

e) Tmp.edb

f) The following files in the %windir%\security path should be added to the exclusions list:

•  *.edb
• *.sdb
• *.log
• *.chk

Note: If these files are not excluded, security databases are typically corrupted, and Group Policy cannot be applied when you scan the folder.

Group Policy related files:

1) Group Policy user registry information. These files are located in the following folder:

%allusersprofile%\

Exclude the following file: NTUser.pol

2) Group Policy client settings file. These files are located in the following folder:

%Systemroot%\system32\GroupPolicy\

Exclude the following file: registry.pol

To know about all such files for Windows Windows 11, 10, Windows 8, Windows 7 and Windows Server visit KB822158.

However, TrendMicro does not agree with it completely:

Following the recommendations does not pose a significant threat as of now but it has a very big potential of being one. Cybercriminals may strategically drop or download a malicious file into one of the folders that are recommended to be excluded from scanning or use a file name extension that is also in the excluded list. We find it sensible for users to aim for better system performance. However, we also think that excluding certain file types or folders from anti virus scanning is not something novice users should tinker with. Doing so may expose the system to risks that can lead to an inconvenience far more severe than a slightly slower system. In line with this, we advise users to educate themselves fully about these recommendations before taking any action. We recommend users not to exclude any file unless there is a critical reason to do so and be aware of the risks entailed by such an action.

Hope you find this post useful!

Related posts

• 免费Bootable AntiVirus Rescue Disks Windows 10

• 免费的独立随需应变Antivirus Scanners为Windows 11/10

• VoodoShield：免费防可执行HIPS security软件Windows

• Online URL Scanners至Scan用于恶意软件，病毒，网络钓鱼等网站

• 检查您的计算机是否已被ASUS Update Malware感染

• AdwCleaner review和免费下载：Remove Adware，PUP，Toolbars等

• 使用ESET SysRescue Live Create可启动媒体

• Malwarebytes不会在Windows 11/10开始

• Download Microsoft Safety Scanner，免费on-demand antivirus tool

• Malwarebytes 4.0 Review and New Features：Windows的防恶意软件

• Panda Free Antivirus Windows 10

• Norascan是一个用于Windows PC的防恶意软件扫描仪

• 的Malwarebytes Support Tool：问题排查或卸载的Malwarebytes

• Antivirus阻塞Download，Website，Camera，Program，Internet等

• 如何使用Malwarebytes Anti-Malware删除Malware

• AntiVirus Removal Tools & Uninstallers为AntiVirus方案

• Windows Download McAfee Rootkit Remover Tool

• 早期推出Anti-Malware（ELAM）Windows 10 protection technology

• IObit Malware Fighter Free review & download

• Windows 10 Best Free AntiVirus software