For computers that are running Windows Server 2003, Windows 2000, Windows XP, Windows Vista or Windows 7
source: http://support.microsoft.com/kb/822158
Do not scan the following files and folders. These files are not at risk of infection. If you scan these files, serious performance problems may occur because of file locking. Where a specific set of files is identified by name, exclude only those files instead of the whole folder. Sometimes, the whole folder must be excluded. Do not exclude any one of these based on the file name extension. For example, do not exclude all files that have a .dit extension. Microsoft has no control over other files that may use the same extensions as the following files.
- Microsoft Windows Update or Automatic Update related files
- The Windows Update or Automatic Update database file. This file is located in the following folder:
%windir%\SoftwareDistribution\Datastore
Exclude the Datastore.edb file.
- The transaction log files. These files are located in the following folder:
%windir%\SoftwareDistribution\Datastore\Logs
Exclude the following files:
- Edb*.log
Note The wildcard character indicates that there may be several files.
- Res1.log. The file is named Edbres00001.jrs for Windows Vista and Windows Server 2008.
- Res2.log. The file is named Edbres00002.jrs for Windows Vista and Windows Server 2008.
- Edb.chk
- Tmp.edb
- Edb*.log
- You want to add the following files in the %windir%\security path to the exclusions. Otherwise, the scanning of the folder typically corrupts security databases and prevents group policy from applying. To do so, exclude all the following files:
- *.edb
- *.sdb
- *.log
- *.chk
Note The wildcard character indicates that there may be several files. Specifically, you must exclude the following files:
- Edb.chk
- Edb.log
- *.log
- Security.sdb in the <drive>:\windows\security\database folder
- The Windows Update or Automatic Update database file. This file is located in the following folder:
