Should i exclude MySQL and IIS?

greetings from Colombia, South America

from this:
http://kb.eset.com/esetkb/index?page=content&id=SOLN727

"database and backup software should be excluded from the real-time and On-demand scanners. When entering the directory paths, make sure that *.* is added to the end of each entry."

as far as i know, MySQL and IIS (we got these in a Windows 2003 Server R2 SP2 serving 100 workstations) should be excluded.... ¿right?

if so, how can i do that? (i mean, i know because of this tutorial: http://kb.eset.com/esetkb/index?page=content&id=SOLN560 but i wanna know exactly wich directories to exclude)

maybe somebody has any experiencie with this?

thanks a lot

 

The IIS directories you shouldn't need to exclude. As for MySQL, that really depends on where you placed the databases when you created them. You need to exclude the database and log files and the exact location and name of those could vary wildly depending on your environment.

 

IIS: I just tough that i had to because in the recommended settings for a Server they got an example of Exchange and say that %SystemRoot%System32Inetsrv*.* should be excluded.

MySQL: i got it right in C:\Program Files\MySQL Should i exclude all that directory and subdirectories?

thanks so much for answer

 

Set up exclusions for *.myd, *.myi, and *.log in the directory containing those files. I would advise against excluding the entire directory since an exploit that uses MySQL as a vector could easily use that directory to save and launch arbitrary executables and a global exclusion there would create a safe-haven for viruses to operate out of to compromise the system.

 

thank you very much, Smacky.