PATCH MY PC DOCS

Knowledge Base

We’re here to help if needed

Patch My PC – Recommended antivirus exclusions

This article outlines Microsoft’s recommended antivirus exclusions for Configuration Manager, WSUS, and Intune. It documents folders pertinent to content distribution, particularly those within Patch My PC’s scope of third-party updates. We’ve included links to relevant Microsoft documentation for a deeper dive into the topic.

Topics covered in this article:

Configuration Manager / WSUS

Server-side

Microsoft recommends quite a few antivirus exclusions when it comes to Configuration Manager (server-side). The Patch My PC Publisher interacts with the following folders:  
  • ContentLib_drive\SCCMContentLib – The location the content for the ConfigMgr apps will be published
  • %Systemroot%\WSUS\WSUSContent – The location the content for the WSUS updates will be published
  • %Systemroot%\WSUS\UpdateServicesPackages – The location 3rd party update content is staged before the cab is copied to the WSUSContent folder
  • %ProgramFiles%\Update Services\LogFiles\WSUSTemp – The location of the staging area for signing cab files for 3rd party content

More InformationNote:The WSUS folder is specified in the registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Update Services\Server\Setup

More info on the server-side exclusions Microsoft recommends for ConfigMgr can be found here and WSUS can be found here.

Client-Side

When it comes to clients, these folders should be excluded from antivirus scans:

  • C:\Windows\CCMCache – The SCCM cache folder stores temporary software packages for application execution
  • C:\Windows\Setup\Scripts – The location for custom scripts during Windows installation process
  • C:\Windows\SoftwareDistribution\DatastoreThe location for metadata for Windows Server Update Services clients
  • C:\Windows\SoftwareDistribution\Download The location for update content delivered via Windows Server Update Services

More info on the client-side exclusions Microsoft recommends for ConfigMgr can be found here.

Intune

For Win32 apps, Microsoft suggests excluding these folders from antivirus actions on the client side:

On x64 client machines:

    • C:\Program Files (x86)\Microsoft IntuneManagement Extension\Content – The location content is staged in and detection scripts are executed from.
    • C:\Windows\IMECache – The location installers are executed from.

On x86 client machines:

  • C:\Program Files\Microsoft Intune Management\Content – The location content is staged in and detection scripts are executed from.
  • C:\Windows\IMECache – The location installers are executed from.

More information on the exclusions Microsoft recommends for Intune can be found here.

Published On December 14, 2023