SP2010: antivirus exclusions = performance++

Of course every server in your farm should be equipped with antivirus. But without properly configuring your antivirus program, it could become a serious danger to the performance of your SharePoint farm. There are some exclusions you can or rather should make to make sure that antivirus won’t come in the way of performance.

To begin with, your SharePoint installation will use the installed antivirus application to scan files being uploaded to SharePoint. This is default behaviour which can be configured in Central Administration, but the default settings are ok (check if your antivirus is compatible!).

On your different servers, you should make some exclusions for antivirus scanning, based on the roles the server has. A good place to start is KB952167 which lists the directories to exclude. This is a combination of IIS and SharePoint folders which are being accessed frequently. When your scanner scans the files everytime they get loaded, this will seriously affect performance.

The most important folder to exclude are:

  • %ProgramFiles%\Microsoft Office Servers\14.0\Data
  • %ProgramFiles%\Microsoft Office Servers\14.0\Logs
  • %ProgramFiles%\Microsoft Office Servers\14.0\Bin
  • %ProgramFiles%\Microsoft Office Servers\14.0\Synchronization Service
  • %ProgramFiles%\Common Files\Microsoft Shared\Web Server Extensions
  • %windir%\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files
  • %systemroot%\system32\inetsrv

Should you (or your system administrator) feel uncomfortable excluding entire directories, you can also exclude the most important processes from scanning. These are w3wp.exe, owstimer.exe, mssearch.exe, inetinfo.exe.

So that’s the front-ends. Now onto the SQL servers. Not much of a surprise that scanning your *.mdf and *.ldf files is rather useless, so you should exclude those. If you’ve got all your databases in a central directory (we have), you could exclude that directory or at least all of the mdf and ldf files inside it. Same goes for your back-up folder.

That’s it. Some simple exclusion configuration will increase performance of your farm. Make sure to make the changes on every SharePoint server in your farm. For Kaspersky users (I don’t know about other), there’s an export / import button in the exclusion window so you don’t have to make the same changes over and over again. Store the file somewhere (I’d recommend SharePoint ;)) so you can reuse it later on for newly added servers.

Leave a Reply

Your email address will not be published. Required fields are marked *