Without antivirus, there is always an uncertainty whether your system is completely safe or not. A user can lose all his data if it is not protected by valid antivirus. This article would help the user of a PC which is running any supported version of Windows to find the cause of instability on a computer by giving some recommendations when it is used with antivirus software in a managed business environment.

If you want to temporarily turn off the features of security on our computer or if you want to minimize the security settings, the recommendations which would be discussed would be of great help. Before implementing anything, first off all just evaluate the risk associated with it. Take some additional steps to protect your computer. Then only make the changes to know the root cause or type of any particular problem.

Virus Scanning Recommendations:

Here are some of the  following recommendations for  computers that are running Windows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows 2000, Windows XP, Windows Vista, or Windows 7:

1.   You should turn off the scanning of Automatic Update Database files.

2.   Log files scanning which are located in   %windir%\SoftwareDistribution\Datastore\Logs folder should be turned off, specially, the below mentioned files should be excluded.

  • Res*.log
  • Res*.jrs
  • Edb.chk
  • Tmp.edb

3.   You should also turn off the scan of windows security files. Certain files should be excluded on %windir%\Security\Database path which are:

  • *.edb
  • *.sdb
  • *.log
  • *.chk
  • *.jrs

Otherwise the antivirus software will not allow access these files properly and can corrupt the security databases. You may not use these files or apply the security policy on these files if they are they are scanned once.

4.   Files related to group policy should also not be scanned. Files  of user registry information are located in %allusersprofile%\ folder but NTUser.pol  must be excluded and files of Group Policy client settings are located in  %Systemroot%\System32\GroupPolicy\ but Registry.pol  must be excluded.


Through these recommendations you  can make your computer prone to attack by fraudulent users or software such as viruses. The risk associated with the exclusion of specific files from scanning cannot be calculated. a possibility that your system would be safe even if you do not exclude any files from scan.

There may be problems in the performance and operating system reliability while scanning these files which may be caused due to locking of files. Any file which is based on file name extension such as file with .dit extension should not be excluded.

This article has mentioned some files and folders. All these are protected by default permissions to allow only administrator access and contain only the components of operating system. It is easy to exclude an entire folder but excluding specific files based on file names would give more protection to your PC.