FileHold server antivirus settings best practices

This article provides some recommendations for configuring antivirus software on the FileHold Server (such as McAfee, Trend Micro, AVG, Nod32, Kaspersky, Symantec, etc.). There are some specific folders and processes that should be excluded from real time threat and file activity analysis to ensure FileHold operates correctly and with good performance.

Real-time threat analysis can impair or interfere with the operation of Internet Information Server (IIS) and the FileHold Application Server. It may also interfere with SQL Server and other related systems. Any system that generates heavy file I/O activity can be interfered with by antivirus or security suite software.

Best practices for preventing malware include antivirus protection for email servers, gateways, networks, and desktop operating systems.

Whatever antivirus software you install on the FileHold Server must be capable of alerting IT personnel if a file is removed from FileHold with specific path and file name and date time stamp. The FileHold Server application routinely checks the server for consistency and logs a generic message that a missing or duplicate file issue has been found with the Document Repository. If a file is removed from the repository you must replace it in the same location with the same name and extension. Ideally this will be an uninfected version of the file, but in the worst case it should be a place holder file that includes information about the loss of the original file.

The FileHold professional services team can assist with the recovery of missing files and we have tools that help with this recovery. Recovery of files lost due to third party applications or systems is not included in FileCare.

Please refer to the backup and recovery guide for more information on backups and recovery. FileHold recommends that you retain backups of FileHold databases and the FileHold data directories to allow for recovery at a number of periods back in time as issues may not be discovered until long after they occurred.

Modify antivirus software settings for Windows OS and FileHold software

We recommend exceptions to your low threat process or real time threat analysis for the following applications:

  • C:\Program Files\FileHold Systems\Application Server\fileholdadm\fileholdadm.exe
  • C:\Windows\System32\inetsrv\inetinfo.exe
  • C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe

The location of the sqlservr.exe will vary slightly depending on your version and instance name of SQL Server. The example is for SQL Server 2016 without a specific instance name. This list is not exhaustive for non-FileHold executables. We recommend you review the Microsoft antivirus exclusion list for a more complete overview.

We further recommend setting exceptions for the document repository and full text search index folders that were configured during installation.