This comes up all of the time for me and it is high time that I created a single place for me to see every antivirus exclusion that is necessary for production SharePoint 2010 and SQL 2008 R2 servers to run efficiently. If you don’t configure antivirus exclusions on your servers you can expect to see performance problems and mysterious errors at some point, especially when load starts getting high.
After the break, there’s a full table that lists out all of the necessary antivirus exclusions that should be configured for Windows servers that are running SharePoint 2010 and/or SQL 2008 R2:
(I’m sorry in advance for how unreadable this may be with the CSS I have right now. I don’t have time to fix it…)
|
Product |
Description |
Exclusion Type |
Location |
Comments |
|
Windows Server 2008 R2 |
Windows Update Datastore |
Folder |
%windir%\SoftwareDistribution\ |
|
|
Windows Update Logs |
File |
The following files located in %windir%\SoftwareDistribution\Datastore\Logs: Res*.log, Res*.jrs, Edb.chk, Tmp.edb |
For the files with the wildcared * character, there may be several files in that folder that fit the criteria. |
|
|
Windows Security Files |
File |
The following files located in %windir%\Security\Database: *.edb, *.sdb, *.log, *.chk, *.jrs |
From Microsoft: "If these files are not excluded, antivirus software may prevent proper access to these files, and security databases can become corrupted. Scanning these files can prevent the files from being used or may prevent a security policy from being applied to the files. These files should not be scanned because antivirus software may not correctly treat them as proprietary database files." |
|
|
Windows Group Policy Files |
File |
%allusersprofile%\NTUser.pol And %Systemroot%\System32\GroupPolicy\Registry.pol |
||
|
Domain Controllers |
Files and Folders |
See Comments |
SharePoint and SQL Server should not be installed on a domain controller but this is sometimes necessary to build development environments. If your SharePoint server is a domain controller, additional AD related antivirus exclusion are listed here: MS Support KB822158 |
|
|
SharePoint Foundation 2010 |
Core Files |
Folder |
Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions |
Can optionally just do ".\14\Logs" and ".\14\Data\Applications" |
|
.NET Temp |
Folder |
Drive:\Windows\Microsoft.NET\ |
||
|
WebTemp |
Folder |
Drive: \Users\service account\AppData\Local\ |
||
|
Folder |
Drive:\ProgramData\ |
|||
|
Folder |
Drive:\Users\the account that the search service is running as\AppData\Local\Temp |
The search account creates a folder in the "gthrsvc_spsearch4 Temp" folder to which it periodically needs to write. |
||
|
Log Files |
Folder |
Drive:\WINDOWS\system32\LogFiles And/Or Drive:\Windows\Syswow64\LogFiles |
On 64 Bit Windows 2008 Server with 64 Bit Product, the location is Drive:\Windows\ Syswow64\LogFiles |
|
|
Service Account Temp Files |
Folder |
Drive:\Users\Each App Pool Service Account\AppData\Local\Temp And Drive:\Users\Default\AppData\ |
||
|
SharePoint Server 2010 (in addition to the above) |
Index and Query Files |
Folder |
Drive:\Program Files\Microsoft Office Servers\14.0\Data |
This folder is used for the indexing and/or query process. If the Index files are configured to reside in a different folder, you also have to exclude that location. |
|
Enterprise Services Logs |
Folder |
Drive:\Program Files\Microsoft Office Servers\14.0\Logs |
||
|
Enterprise Services Binaries |
Folder |
Drive:\Program Files\Microsoft Office Servers\14.0\Bin |
||
|
FIM for User Profile Service |
Folder |
Drive:\Program Files\Microsoft Office Servers\14.0\Synchronization Service |
||
|
RBS BLOB Store |
Folder |
Any location where BLOB data is stored |
See this TechNet link for more info: MS Office Library on SharePoint BLOB storage |
|
|
SQL 2008 R2 |
Data Files |
Extension |
.mdf, .ldf, .ndf |
|
|
Backup Files |
Extension |
.bak, .trn |
||
|
Full-Text Catalog Files |
Folder |
Default instance: Drive:\Program Files\Microsoft SQL Server\MSSQL\FTDATA Or… Named instance: Drive:\Program Files\Microsoft SQL Server\ |
||
|
Trace Files |
Extension |
.trc |
||
|
SQL Audit Files |
Extension |
.sqlaudit |
For more info see: MSDN SQLAudit Info |
|
|
SQL Query Files |
Extension |
.sql |
||
|
SSAS Data and Temp Folder |
Folder |
Default: Drive:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Data |
This could be different and in separate places based on the configuration. |
|
|
SSAS Backup Folder |
Folder |
Default: Drive:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Backup |
This could be different based on the configuration. |
|
|
SSAS Log Folder |
Folder |
Default: Drive:\Program Files\Microsoft SQL Server\MSSQL.X\OLAP\Log |
This could be different based on the configuration. |
|
|
SSAS additional folders |
Folder |
Any extra folders added for SSAS in addition to what’s above. |
||
|
SQL Server Database Engine |
Process |
%ProgramFiles%\Microsoft SQL Server\MSSQL10_50.<Instance Name>\MSSQL\Binn\SQLServr.exe |
||
|
SQL Server Reporting Services |
Process |
%ProgramFiles%\Microsoft SQL Server\MSSQL10_50.<Instance Name>\Reporting Services\ReportServer\ |
||
|
SQL Server Analysis Services |
Process |
%ProgramFiles%\Microsoft SQL Server\MSSQL10_50.<Instance Name>\OLAP\Bin\MSMDSrv.exe |
||
|
SQL Clustering |
Folder |
Q:\ (Your Quorum Drive) C:\Windows\Cluster |
If you’re running antivirus on a SQL cluster, make sure the Antivirus product and version is cluster-aware. |
References:
- Microsoft Support KB822158 – "Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows": http://support.microsoft.com/kb/822158
- Microsoft Support KB952167 – "Certain folders may have to be excluded from antivirus scanning when you use a file-level antivirus program in SharePoint": http://support.microsoft.com/kb/952167
- Microsoft Support KB309422 – "How to choose antivirus software to run on computers that are running SQL Server": http://support.microsoft.com/kb/309422
Another great resource is the TechNet wiki at http://social.technet.microsoft.com/wiki/contents/articles/953.windows-anti-virus-exclusion-list-en-us.aspx. Someone was kind enough to put together a page that links to all of the relevant KBs for a number of MS products.
Thanks, Scott. That link is definitely bookmarkable.
Pingback: Antivirus Exclusions for SharePoint 2010 and SQL Server 2012 | SharePoint MMMan