You are viewing limited content. For full access, please sign in.

Question

Question

Antivirus

Administration Search and Retrieval
Updated December 3, 2018
asked on January 23, 2014

Dear community,

We use an Anti-Virus with a built in real time scanning module. I've noticed that items with our Repository are being scanned by said software.

Is there any advise officially or otherwise about Anti-Virus exclusion rules for Repositories, Databases, Audit locations or others?

Thanks

Adam 

0 0

Answer

APPROVED ANSWER
replied on January 23, 2014 Show version history

As a rule of thumb your antivirus for Clients should avoid scanning the following (as per Miruna):

 

Here are the names of the scan engine EXEs:

  1. ScanConnectClient.exe (ScanConnect)
  2. FileScanClient.exe (Universal Capture)
  3. WIAScanClient.exe (WIA)
  4. LFTwainClient.exe (TWAIN)
  5. LFKofaxClient.exe

They're located in C:\Program Files (x86)\Common Files\Laserfiche\Batch Processor. For older versions, the file names don't contain the "Client" part.

 

Other files you should create exceptions for are: BPSessionClient.exe (also in C:\Program Files (x86)\Common Files\Laserfiche\Batch Processor), BPOMniOCR82.exe (C:\Program Files (x86)\Common Files\Laserfiche\Batch Processor\BPOmniOCR164) and ThumbnailGenerator.exe (in the Scanning install folder, usually C:\Program Files (x86)\Laserfiche\Client\Scanning\Utilities). For LF 9.1 and higher, the OCR executable is called LFOmniOCR.exe and is located in C:\Program Files (x86)\Common Files\Laserfiche\Batch Processor\BPOmniOCR185.

 

I have heard of problems with real time scanning as well, so you may want to disable that feature on the server so that every file being written is being scanned and becoming a bottleneck.

3 0

Replies

replied on January 23, 2014

That said, we use real-time protection as part of our Endpoint protection strategy.

 

I don't have any Laserfiche-specific rules.  We scan any infectible file types in real time, on all access types. The same rules for AV apply to the workstations and the servers.

 

And we've never had any issues.  (We use Sophos.)

 

 

I always urge caution when working with AV policies - Malware is pretty scary nowadays.  (Can you imagine getting a cryptolocker variant on your Laserfiche server?)  I would only add exceptions where absolutely necessary - when problems were actually experienced - and those exceptions should be as narrow as possible.

 

We are now looking at enabling active blocking of suspected malicious code detected through heuristics instead of just signatures.  The amount of zero-day malware in the wild is amazing.

 

The only issue I've seen with other software interfering with Laserfiche files had to do with backups and the index files.  If the backup software can lock the index files, Laserfiche will not like it.  I assume if some AV software locked files as it scanned you could see similar problems.

1 0
replied on January 23, 2014

I would think the biggest thing would be the sheer volume of the repository. And possibly issues with the search index.

 

As a general rule I try to disable it from looking at the search index, mostly because I've had helpdesk calls about it before. :)

 

I would think for the main repository that you'd only want to have it scan on the original write and not be part of whole-drive scans. Mostly because of the sheer number of so many small files. 

 

The only issue I've ever had personally with the antivirus components is with the search index. The built in "auto protection" firewall components? That's another other topic. angry

0 0
replied on December 3, 2018

Any updates for the recommended exclusions.  I agree with Michael Wells on only excluding when necessary but I do take into consideration the recommended list and depending on how you use the product you may or maynot have to exclude everything.  Microsoft products get a bit over zealous on their recommended exclusions but their recommendations are if you are using every bit of the software's capability and most of us do not so you tailor as needed.

Just wanted to check to see if anyone has experience in or have recommendation other than this original posts list as I do my tailoring of exclusions.

Thanks!!!

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...