Wednesday, January 8, 2020

Certain folders may have to be excluded from antivirus scanning when you use file level antivirus software in sharepoint

This article includes information about folders that may have to be excluded from antivirus scanning in the following SharePoint applications:

  • Microsoft SharePoint Server 2019

  • Microsoft SharePoint Server 2016

  • Microsoft SharePoint Foundation 2013

  • Microsoft SharePoint Server 2013

  • Microsoft SharePoint Foundation 2010

  • Microsoft SharePoint Server 2010

  • Windows SharePoint Services 3.0

  • Microsoft Office SharePoint Server 2007

These folders may have to be excluded from antivirus scanning when you use file-level antivirus software in SharePoint. If these folders are not excluded, you may see unexpected behavior. For example, you may receive "access denied" error messages when files are uploaded.

Folders that may have to be excluded from antivirus scanning in SharePoint

Note: In the following sections, the placeholder Drive represents the letter of the drive on which you have your SharePoint application installed. Typically, this drive letter is C.

SharePoint Server 2019, SharePoint Server 2016

You may have to configure your antivirus software to exclude the following folders and subfolders from antivirus scanning:

  • Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions

    If you do not want to exclude the whole Web Server Extensions folder from antivirus scanning, you can exclude only the following folders:

    • Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16

    • Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\16\Logs

  • Drive:\Program Files\Microsoft Office Servers\16.0\Data\Office Server\Applications

    (This folder is used for the indexing process. If the index files are configured to be located in a different folder, you also have to exclude that location.)

  • Drive:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files

  • Drive:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config

  • Drive: \Users\ServiceAccount\AppData\Local\Temp\WebTempDir

    Note: The WebTempDir folder is a replacement for the FrontPageTempDir folder.

  • Drive:\ProgramData\Microsoft\SharePoint

  • Drive:\Users\account that the search service is running as\AppData\Local\Temp

Note: The search account creates a folder in the Gthrsvc_spsearch4 Temp folder to which it periodically must write.

  • Drive:\WINDOWS\System32\LogFiles

  • Drive:\Windows\Syswow64\LogFiles

Note: If you use a specific account for SharePoint services or application pools identities, you may also have to exclude the following folders:

  • Drive:\Users\ServiceAccount\AppData\Local\Temp

  • Drive:\Users\Default\AppData\Local\Temp

  • Any location in which you decided to store the disk-based binary large object (BLOB) cache (for example, C:\Blobcache).

You should also exclude all the virtual directory folders under Drive:\inetpub\wwwroot\wss\VirtualDirectories and all the folders under Drive:\inetpub\temp\IIS Temporary Compressed Files.

SharePoint Server 2013

You may have to configure the antivirus software to exclude the Drive:\Program Files\Microsoft Office Servers folder from antivirus scanning for SharePoint Server 2013. If you do not want to exclude the whole Microsoft Office Servers folder from antivirus scanning, you can exclude only the following folders:

  • Drive:\Program Files\Microsoft Office Servers\15.0\Data

    (This folder is used for the indexing process. If the index files are configured to be located in a different folder, you also have to exclude that location.)

  • Drive:\Program Files\Microsoft Office Servers\15.0\Logs

  • Drive:\Program Files\Microsoft Office Servers\15.0\Bin

  • Drive:\Program Files\Microsoft Office Servers\15.0\Synchronization Service

Any location in which you decided to store the disk-based binary large object (BLOB) cache (for example, C:\Blobcache).

Note If you have SharePoint Server 2013, these folders should be excluded in addition to the folders that are listed in the "SharePoint Foundation 2013" section.

SharePoint Foundation 2013

You may have to configure your antivirus software to exclude the following folders and subfolders from antivirus scanning:

  • Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions

    If you do not want to exclude the whole Web Server Extensions folder from antivirus scanning, you can exclude only the following two folders:

    • Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\Logs

    • Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\15\Data\Applications

      Note: The Applications folder must be excluded only if the computer is running the SharePoint Foundation Search service. If the folder that contains the index file is located elsewhere, you must also exclude that folder.

  • Drive:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files

  • Drive:\Windows\Microsoft.NET\Framework64\v4.0.30319\Config

  • Drive: \Users\ServiceAccount\AppData\Local\Temp\WebTempDir

    Note: The WebTempDir folder is a replacement for the FrontPageTempDir folder.

  • Drive:\ProgramData\Microsoft\SharePoint

  • Drive:\Users\account that the search service is running as\AppData\Local\Temp

    Note: The search account creates a folder in the Gthrsvc_spsearch4 Temp folder to which it periodically has to write.

  • Drive:\WINDOWS\System32\LogFiles

  • Drive:\Windows\Syswow64\LogFiles

    Note: If you use a specific account for SharePoint services or application pools identities, you may also have to exclude the following folders:

    • Drive:\Users\ServiceAccount\AppData\Local\Temp

    • Drive:\Users\Default\AppData\Local\Temp

      You should also exclude all the virtual directory folders under Drive:\inetpub\wwwroot\wss\VirtualDirectories\ and all the folders under Drive:\inetpub\temp\IIS Temporary Compressed Files\.

SharePoint Foundation 2010

You may have to configure your antivirus software to exclude the following folders and subfolders from antivirus scanning:

  • Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions


If you do not want to exclude the whole Web Server Extensions folder from antivirus scanning, you can exclude only the following two folders:

    • Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Logs

    • Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\14\Data\Applications

      Note: The Applications folder must be excluded only if the computer is running the SharePoint Foundation Search service. If the folder that contains the index file is located elsewhere, you must also exclude that folder.

  • Drive:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files

  • Drive:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config

  • Drive: \Users\ServiceAccount\AppData\Local\Temp\WebTempDir

    Note: The WebTempDir folder is a replacement for the FrontPageTempDir folder.

  • Drive:\ProgramData\Microsoft\SharePoint

  • Drive:\Users\account that the search service is running as\AppData\Local\Temp

    Note: The search account creates a folder in the Gthrsvc_spsearch4 Temp folder to which it periodically has to write.

  • Drive:\WINDOWS\system32\LogFiles

  • Drive:\Windows\Syswow64\LogFiles

    Note: If you use a specific account for SharePoint services or application pools identities, you may also have to exclude the following folders:

    • Drive:\Users\ServiceAccount\AppData\Local\Temp

    • Drive:\Users\Default\AppData\Local\Temp

      You should also exclude all the virtual directory folders under Drive:\inetpub\wwwroot\wss\VirtualDirectories\ and all the folders under Drive:\inetpub\temp\IIS Temporary Compressed Files\.

SharePoint Server 2010

You may have to configure your antivirus software to exclude the Drive:\Program Files\Microsoft Office Servers folder from antivirus scanning for SharePoint Server 2010. If you do not want to exclude the whole Microsoft Office Servers folder from antivirus scanning, you can exclude only the following folders:

  • Drive:\Program Files\Microsoft Office Servers\14.0\Data

    (This folder is used for the indexing process. If the Index files are configured to be located in a different folder, you also have to exclude that location.)

  • Drive:\Program Files\Microsoft Office Servers\14.0\Logs

  • Drive:\Program Files\Microsoft Office Servers\14.0\Bin

  • Drive:\Program Files\Microsoft Office Servers\14.0\Synchronization Service

  • Any location in which you decided to store the disk-based binary large object (BLOB) cache (for example, C:\Blobcache)

    For more information about the binary large object cache, go to the following Microsoft website:

    Disk-based BLOB caching

Note: If you have SharePoint Server 2010, these folders should be excluded in addition to the folders that are listed in the "SharePoint Foundation 2010" section.

Windows SharePoint Services 3.0

You may have to configure your antivirus software to exclude the following folders and subfolders from antivirus scanning:

  • Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions

    If you do not want to exclude the whole Web Server Extensions folder from antivirus scanning, you can exclude only the following two folders:

    • Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\Logs

    • Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\Data\Applications

      Note: The Applications folder must be excluded only if the computer is running the Windows SharePoint Services Search service. If the folder that contains the index file is located elsewhere, you must also exclude that folder.

  • Drive:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files

  • Drive:\Windows\Microsoft.NET\Framework\v2.0.50727\Config

    Note: If you are running a 64-bit version of Windows, you should also include the following directory:

    • Drive:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files

    • Drive:\Windows\Microsoft.NET\Framework64\v2.0.50727\Config

  • Windows Server 2003: Drive:\Documents and Settings\All Users\Application Data\Microsoft\SharePoint\Config

  • Windows Server 2008 and later versions: Drive:\ProgramData\Microsoft\SharePoint\Config

  • Drive:\Windows\Temp\WebTempDir

    Note: The WebTempDir folder is a replacement for the FrontPageTempDir folder.

  • Drive:\Documents and Settings\account that the search service is running as\Local Settings\Temp\

  • Drive:\Users\the account the search service is running as\Local\Temp\

    Note: The search account creates a folder in the "gthrsvc Temp" folder to which it periodically has to write.

  • Drive:\WINDOWS\system32\LogFiles

  • Drive:\Windows\Syswow64\LogFiles

    Note: If you use a specific account for SharePoint services or application pools identities, you may also have to exclude the following folders:

    • Drive:\Documents and Settings\ServiceAccount\Local Settings\Application Data

    • Drive:\Users\ServiceAccount\Local

    • Drive:\Documents and Settings\ServiceAccount\Local Settings\Temp

    • Drive:\Users\ServiceAccount\Local\Temp

  • Drive:\Documents and Settings\Default User\Local Settings\Temp

  • Drive:\Users\Default\AppData\Local\Temp

SharePoint Server 2007

You may have to configure your antivirus software to exclude the Drive:\Program Files\Microsoft Office Servers folder from antivirus scanning for SharePoint Server 2007. If you do not want to exclude the whole Microsoft Office Servers folder from antivirus scanning, you can exclude only the following folders:

  • Drive:\Program Files\Microsoft Office Servers\12.0\Data.

    (This folder is used for the indexing process. If the index files are configured to be located in a different folder, you also have to exclude that location.)

  • Drive:\Program Files\Microsoft Office Servers\12.0\Logs

  • Drive:\Program Files\Microsoft Office Servers\12.0\Bin

  • Any location in which you decide to store the disk-based binary large object (BLOB) cache (for example, C:\Blobcache)

    For more information about the binary large object cache, go to the following Microsoft website:

    Configure disk-based cache settings

Note: If you have SharePoint Server 2007, these folders should be excluded in addition to the folders that are listed in the "Windows SharePoint Services 3.0" section.

Note: When you install SharePoint Server 2007 or apply a hotfix to an existing installation of SharePoint Server 2007, you may have to disable the real-time option of the antivirus software. Or, you may have to exclude the Drive:\Windows\Temp folder from antivirus scanning if this is required.

More information

For more information about error messages that may occur when antivirus software scans occur in SharePoint Portal Server 2001 and in SharePoint Portal Server 2003, see the following articles in the Microsoft Knowledge Base:

910449 Troubleshooting common permissions and security-related issues in ASP.NET

No comments:

Post a Comment