CrowdStrike is great, your customer made a good choice.
I wrote this in response to a similar question we got internally a few months ago. You may consider it semi-official guidance:
Customers should not configure AV exclusion rules for Laserfiche except in the following three circumstances:
- There is a specific Laserfiche issue in the environment reasonably believed to have an AV component.
In this scenario we recommend (very) temporarily disabling AV to test whether doing so resolves the issue, and if so, re-enabling AV and putting in a targeted exclusion for the relevant area.
- During migrations where you’re moving large volumes of known good files. AV often becomes a primary bottleneck to bulk file transfers and downloads and it’s appropriate to disable it or add relevant exclusions until the file/volume migration is complete.
- In ongoing high-volume, performance sensitive scenarios involving Workflow and Quick Fields, it may be appropriate to exclude the Workflow and Quick Fields working directories for performance reasons.
Modern endpoint security (“AV”) solutions like CrowdStrike are much lighter weight with significantly lower performance impacts than antivirus agents of the past. These rely more on behavior-based heuristics for malware detection than traditional “match file signature against malware signature database” methods. That isn't to say that the modern endpoint security solutions can't cause issues, but rather that they seem to do so less frequently, and that customers should not preemptively add AV exclusions.
Cheers,
Sam