Best Practice: SharePoint Server Antivirus Exclusions

Posted by

There are a number of SharePoint Server related paths that should be excluded from being scanned by the server Antivirus.

Web Server Extensions

You may have to configure your antivirus software to exclude the following folders and subfolders from antivirus scanning:

  • Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions

If you do not want to exclude the whole Web Server Extensions folder from antivirus scanning, you can exclude only the following two folders:

  • Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\Logs
  • Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\Data\Applications

Note The Applications folder must be excluded only if the computer is running the SharePoint Foundation Search service. If the folder that contains the index file is located elsewhere, you must also exclude that folder.

.NET Framework

  • Drive:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files
  • Drive:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config

Log Files

  • Drive:\WINDOWS\System32\LogFiles
  • Drive:\Windows\Syswow64\LogFiles
  • Drive:\WINDOWS\System32\LogFiles
  • Drive:\Windows\Syswow64\LogFiles
  • Drive:\Users\ServiceAccount\AppData\Local\Temp
  • Drive: \Users\ServiceAccount\AppData\Local\Temp\WebTempDir
  • Drive:\Users\Default\AppData\Local\Temp
  • Drive:\Users\account that the search service is running as\AppData\Local\Temp
NOTE: The search account creates a folder in the Gthrsvc_spsearch4 Temp folder to which it periodically has to write.

Inetpub

  • Drive:\inetpub\wwwroot\wss\VirtualDirectories\ and all the folders under Drive:\inetpub\temp\IIS Temporary Compressed Files\.
  • Drive:\ProgramData\Microsoft\SharePoint
  • Drive:\Program Files\Microsoft Office Servers

If you do not want to exclude the whole Microsoft Office Servers folder from antivirus scanning, you can exclude only the following folders:

  • Drive:\Program Files\Microsoft Office Servers\15.0\Data
  • Drive:\Program Files\Microsoft Office Servers\15.0\Logs
  • Drive:\Program Files\Microsoft Office Servers\15.0\Bin
  • Drive:\Program Files\Microsoft Office Servers\15.0\Synchronization Service

BLOB Cache

  • <BlobCache Drive>:\<BlobCache Directory>

Search Index

  • <Index File Drive>:\<Index File Directory>

SQL Server Exclusions

When you configure your antivirus software settings, make sure that you exclude the following files or directories (as applicable) from virus scanning. Doing this improves the performance of the files and helps make sure that the files are not locked when the SQL Server service must use them. However, if these files become infected, your antivirus software cannot detect the infection.

SQL Server data files

These files usually have one of the following file-name extensions:

  • .mdf
  • .ldf
  • .ndf

SQL Server backup files

These files frequently have one of the following file-name extensions:

  • .bak
  • .trn

Full-Text catalog files

  • Default instance: Program Files\Microsoft SQL Server\MSSQL\FTDATA
  • Named instance: Program Files\Microsoft SQL Server\MSSQL$instancename\FTDATA

Trace files

These files usually have the .trc file-name extension. These files can be generated either when you configure profiler tracing manually or when you enable C2 auditing for the server.

  • SQL audit files (for SQL Server 2008 or later versions)

These files have the .sqlaudit file-name extension. For more information, see the following topic in SQL Server Books Online: Audits (General Page)

SQL query files

These files typically have the .sql file-name extension and contain Transact-SQL statements.

Processes

SQL Server 2016

  • %ProgramFiles%\Microsoft SQL Server\MSSQL13.<Instance Name>\MSSQL\Binn\SQLServr.exe
  • %ProgramFiles%\Microsoft SQL Server\MSRS13.<Instance Name>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
  • %ProgramFiles%\Microsoft SQL Server\MSAS13.<Instance Name>\OLAP\Bin\MSMDSrv.exe

SQL Server 2014

  • %ProgramFiles%\Microsoft SQL Server\MSSQL12.<Instance Name>\MSSQL\Binn\SQLServr.exe
  • %ProgramFiles%\Microsoft SQL Server\MSRS12.<Instance Name>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
  • %ProgramFiles%\Microsoft SQL Server\MSAS12.<Instance Name>\OLAP\Bin\MSMDSrv.exe

SQL Server 2012

  • %ProgramFiles%\Microsoft SQL Server\MSSQL11.<Instance Name>\MSSQL\Binn\SQLServr.exe
  • %ProgramFiles%\Microsoft SQL Server\MSRS11.<Instance Name>\Reporting Services\ReportServer\Bin\ReportingServicesService.exe
  • %ProgramFiles%\Microsoft SQL Server\MSAS11.<Instance Name>\OLAP\Bin\MSMDSrv.exe

Helpful Links

Here are some helpful links related to the topics covered in this article: