Sorry, should have included these in my original message: Microsoft Windows recommended exclusions: http://support.microsoft.com/kb/822158 That should cover the main OS components like Domain Services, DNS, WINS, DHCP, and FRS/DFS. Exchange exclusions: http://support.microsoft.com/kb/823166 Basically you need to exclude the datastore, database, and log files from the real-time scanning engine since it will look like senseless garbage. Eset doesn't give guidelines for anything more specific than make sure database and log files are excluded from scanning. If you start encountering problems, I recommend you grab a copy of Process Monitor http://technet.microsoft.com/en-us/sysinternals/bb896645.aspx and filter down to file system activity coming from the ekrn.exe process. Look for files that are continuously being scanned (I've seen some odd ones like Thinkpad software that is continuously writing to a .log file causing problems) and set up additional exclusions if you are seeing something flood the log with excessive scanning activity. v4 has a statistics view that will tell you what is being accessed in the filesystem that may also help you diagnose these sorts of issues if you are on that version. I have heard some rumblings about issues with high-volume DFS shares and v4, though getting the exclusions set up correctly are among the most complex so I can't determine at this point if there is a problem with the product or just misconfiguration errors. Unfortunately I do not have a high-volume FRS environment to test it with personally.