Splunk Enterprise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

General AV Exclusions on Windows Servers with Splunk

MSTM
New Member
‎08-10-2016 11:57 AM

Hello all,

I was hoping that someone might know where I can find the AV scan exclusions I would need to have AV on the same server as Splunk. In particular, I'm looking for the file, folder, process, and service exclusions that should be made in order to Splunk without issue.

Tags (1)
0 Karma
Reply

jaxjohnny2000
Builder
‎01-14-2019 01:21 PM

Both davbrooking and richgalloway are correct.

https://docs.splunk.com/Documentation/Splunk/7.2.3/ReleaseNotes/RunningSplunkalongsideWindowsantivir...

Reply

davebrooking
Contributor
‎08-11-2016 02:53 AM

The Release notes for the Enterprise version contains details of recommended AV exclusions

Dave

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎08-10-2016 01:12 PM

Splunk advises excluding all of $SPLUNK_HOME and $SPLUNK_DB from AV scans.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...