FileHold Server - Antivirus Settings - Best Practices

This article discusses how to configure Antivirus software on the FileHold Server (such as McAfee, Trend Micro, AVG, Nod32, Kaspersky, Symantec, etc.) so it does not perform real time threat/file activity analysis on specific folders and processes.

Real-time threat analysis can impair or interfere with the operation of IIS, and the FileHold Application Server. Sometimes it can interfere with MS SQL Databases as well, although FileHold has not seen this happen within the context of any known system. We mention it so that you are aware of the possibility.

Any system that generates heavy file I/O activity can be interfered with by Antivirus or Security suite software.

Please note that for many FileHold customers, the focus is better placed on antivirus systems for Email servers, Gateways, Network scanning, Desktop OS security, and other areas.

IMPORTANT: Whatever Antivirus software you install on the FileHold Server must be capable of alerting IT personnel if a file is removed from FileHold with specific path and file name and date / time stamp. The FileHold Server application routinely checks the server for consistency and logs a generic message that a missing or duplicate file issue has been found with the Document Repository.

If a file is removed, you must place the same file name, extension and a placeholder or recovered file back into the same location of the FileHold repository - from where it was originally removed.

FileHold support does not provide free assistance with the recovery of missing file(s), but has tools that help with this recovery that we will use to assist in the rare case that this happens. In a 6 year history, this has only happend a couple of times, and was due to hardware failure of a single hard drive on a server becoming corrupted, and someone intentionally introducing a virus laden file into FileHold to see what might happen, which voided their support agreement for that specific incident. We will charge for support on a time/material basis in the case of disaster recovery.

Please refer to the backup and recovery guide for more information on backups and recovery  - FileHold recommend that you retain backups of FileHold databases, and the FileHoldData directory for a period of time that allows for a somewhat lengthy (14, 30 or 60+ days?) recovery, especially if you are not running FileHold on a RAID capable server, or NAS or SAN type system.

To modify the antivirus software settings for Windows 2008 and FileHold 09 (and newer versions)

1. Add the fileholdadm.exe as an exception from low threat process / real time threat analysis via a Centralized exception setting change.

   • This file is located here C:\Program Files\FileHold Systems\Application Server\fileholdadm

2. Add inetinfo.exe as a low threat process / exception from real time threat analysis

   • This file is located here C:\Windows\System32\inetsrv\

3. Add sqlservr.exe as a low threat process / exception from real time threat analysis

   • This file is located within the Binn directory of your SQL Server installation where SQL was installed. The following location is an example only:

   • C:\Program Files\Microsoft SQL Server\MSSQL10_50.MSSQLSERVER\MSSQL\Binn

4. Also set an exception for the three (3) working folder structure(s) used by FileHold - generally these are all contained within the FileHoldData folder

   • DocumentRepository

   • FullTextSearch

   • FHURMBackups

See Also:

FileHold Desktop Client Antivirus Guide

FDA Troubleshooting Guide

Technical Troubleshooting and Installation Guides

FileHold Backup and Recovery Guide