SharePoint 2013 On-Prem AntiVirus exceptions and IP Offloading

Hi all, today I bring some recommendations for configuring Antivirus in SharePoint 2013.

Firstly, the recommendations for Antivirus, that include Search for SharePoint:

Confirm that AntiVirus exceptions for the entire Search farm as well as the crawl component temp directories.

This is the list of directories and processes that should be excluded:

SharePoint Foundation 2013

You may have to configure your antivirus software to exclude the following folders and subfolders from antivirus scanning:

  • C:Program FilesCommon FilesMicrosoft SharedWeb Server Extensions

    If you do not want to exclude the whole Web Server Extensions folder from antivirus scanning, you can exclude only the following two folders:

    • C:Program FilesCommon FilesMicrosoft SharedWeb Server Extensions15Logs
    • C:Program FilesCommon FilesMicrosoft SharedWeb Server Extensions15DataApplications
  • C:WindowsMicrosoft.NETFramework64v4.0.30319Temporary ASP.NET Files
  • C: UsersServiceAccountAppDataLocalTempWebTempDir

    Note The WebTempDir folder is a replacement for the FrontPageTempDir folder.

  • C:ProgramDataMicrosoftSharePoint
  • C:Usersaccount that the search service is running asAppDataLocalTemp

    Note The search account creates a folder in the Gthrsvc_spsearch4 Temp folder to which it periodically has to write.

  • Drive:WINDOWSSystem32LogFiles
  • Drive:WindowsSyswow64LogFiles

    Note If you use a specific account for SharePoint services or application pools identities, you may also have to exclude the following folders:

    • C:UsersServiceAccountAppDataLocalTemp
    • C:UsersDefaultAppDataLocalTemp

SharePoint Server 2013

You may have to configure the antivirus software to exclude the Drive:Program FilesMicrosoft Office Servers folder from antivirus scanning for SharePoint Server 2013. If you do not want to exclude the whole Microsoft Office Servers folder from antivirus scanning, you can exclude only the following folders:

  • C:Program FilesMicrosoft Office Servers15.0Data

    (This folder is used for the indexing process. If the index files are configured to be located in a different folder, you also have to exclude that location.)

  • C:Program FilesMicrosoft Office Servers15.0Logs
  • C:Program FilesMicrosoft Office Servers15.0Bin
  • C:Program FilesMicrosoft Office Servers15.0Synchronization Service
  • Any location in which you decided to store the disk-based binary large object (BLOB) cache (for example, C:Blobcache).
  • C:Program FilesCommon FilesMicrosoft SharedWeb Server Extensions15Data (and sub directories)
  • C:Program FilesMicrosoft Office Servers15.0SearchRuntime1.0noderunner.exe (NodeRunner process exclusion)
  • C:Users[Search Service Account]AppDataLocalTemp
  • If you Index data -RootDirectory is customized separately from SharePoint data directory, also exclude (this is where the Index lives)

You could also just exclude the entire Office 15 hive if that is easier for your AV software.

Some more info is on TechNet but it isn’t aimed at Search

http://support.microsoft.com/kb/952167/en-us

Secondly, the recommendations for IP Offloading:

netsh int ipv4 show global | findstr “Task Offload”

netsh int ipv6 show global | findstr “Task Offload”

There are also some more in depth instructions for nic cards with more options to ensure that IP Offloading is completely off. The instructions below are for the FAST Search product but hold true for SP2013 as well.

http://support.microsoft.com/kb/2570111

Hope that helps!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s