My Books recommendations

Tuesday, April 22, 2008

Anti Virus and MOSS 2007

Today, I was having this issue with a client, who has Forefront Real time client installed on their MOSS 2007 Server and were having issues with the replication. During working on this issue I found following information, which can be helpful as general guidelines for using Anti Virus with MOSS 2007.

The generic consideration will be given in the context of a MOSS 2007 platform is installed.
As MOSS 2007 installation requires pre-requisites software, the document will describe as well exclusions for those software.

Windows server 2003
The %systemroot% is normally the C:\WINDOWS or C:\WINNT directory depending on your OS
· %systemroot%\System32\Spool (and all the sub-folders and files)
· %systemroot%\SoftwareDistribution\Datastore
· Any Network Drives that are mapped

Refer to the following article for information:
KB822158 - Virus scanning recommendations for computers that are running Windows Server 2003, Windows 2000, or Windows XP

Internet Information Server
· The IIS compression directory (default compression directory is %systemroot%\IIS Temporary Compressed Files)
· %systemroot%\system32\inetsrv folder
· Files that have the .log extension

Refer to the following knowledge base articles for reference:
KB817442 - IIS 6.0: Antivirus Scanning of IIS Compression Directory May Result in 0-Byte File
KB821749 - Antivirus software may cause IIS to stop unexpectedly

SQL Server

· Exclude .MDF, .LDF, .NDF, .TRN, .BAK and .SLS
· Exclude sqlmangr.exe and sqlservr.exe
· SQL folder and databases files (or database file types) from scanning for performance reasons:

KB309422 - Guidelines for choosing antivirus software to run on the computers that are running SQL Server

WSS3.0 / MOSS 2007
· Drive:\Program Files\Microsoft Office Servers\12.0
· Drive:\Program Files\Common Files\Microsoft Shared\web server extensions\12
· Drive:\WINDOWS\Temp\WebTempDir\*
· Drive:\Documents and Settings\\\Local Settings\Temp\*
· Drive:\WINDOWS\system32\LogFiles
· W3wp.exe, cbd.exe, cidaemon.exe, owstimer.exe (WSS)
(where Drive: is the drive letter where you installed SharePoint Portal Server)

Also, ‘c:\windows\temp\contentdeployment’ to temporarily store deployment files (.cab). This should perhaps be excluded as well.

· Drive:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Operations Manager
· Drive:\Program Files\Microsoft Operations Manager 2005
where Drive: is the drive letter where profiles are located

Trend Micro
Trend Micro(TM) PortalProtect(TM) 1.7 for Microsoft(TM) SharePoint(TM) 2007
· Temp folder: C:\Program Files\Trend Micro\PortalProtect\temp
· Quarantine folder, whose default location is:
Drive:\Program Files\Trend Micro\PortalProtect\Quarantine
· Backup folder, whose default location is:
Drive:\Program Files\Trend Micro\PortalProtect\Backup

Just to make you aware that there is a SharePoint version of Forefront Security available from Microsoft. To know more about Forefront for Sharepoint please visit:
Hope this helps. Any comments welcome.