This may be a dumb question but it is not something I have thought about in some time since I have a policy that abides by the guidance that was published at the time I created the policy…   Does anyone know the latest Microsoft guidance on file and folder exclusions for Antivirus for Domain Controllers running 2012 R2 or 2016? I see an old article that references FRS exclusions, which makes me think there may be updated guidance on this topic. One thing in particular that we on my team are questioning is the exclusion for some of the SYSVOL files and folders. Wouldn’t it be possible for malware, if not detected, to be replicated in the SYSVOL by a malicious or naive GPO admin? We are not excluding the sysvol in our current real time protection profile and have flagged and quarantined some files that someone has tried to push to clients. They were in fact legitimate, and pertained to an EPIC upgrade, but the potential of malicious software or files seems to exist if not scanned by AV.       Brian Britt