Anti-virus

These requirements apply to your ENPS Primary and Buddy Servers and the servers that will be running NOMWebService.

Introduction

The following sections on this page outline our general advice and recommended settings for antivirus and endpoint protection on ENPS servers. Failure to follow this advice may significantly impact client and server performance.

General Advice

Scan Frequency

Set the anti-virus software to perform scheduled scans of the ENPS drives instead of real-time scans.

Search/Indexing

If you experience frequent Search or indexing problems while running anti-virus software you may need to disable or uninstall the anti-virus software while you troubleshoot.

Windows Updates

To reduce your servers' vulnerability to viruses and spyware, keep servers up-to-date with all critical updates from Microsoft. You do not need to wait for AP approval.

IE Enhanced Security Configuration (all Users and Admins)

Recommended Setting

Turn off.

Alternative Setting

None.

Tool-specific Settings

Windows Defender Firewall

Called Windows Firewall in older versions of Windows Server.

Recommended Setting

Create an exception for ENPS.

Alternative Setting

Disable the firewall for servers inside of the DMZ.

Windows Defender Antivirus

Recommended Setting

If you must do real-time scans then exclude the following locations.

If you have any groups homed to the Buddy Server please Contact Us about additional exclusions.

  • Index drive (E):

    • E:\Search Server\server\logs

    • E:\Search Server\server\solr\enps

    • E:\Search Server\server\tmp

    • E:\SearchServer

  • Work drive (F):

    • F:\%COMPUTERNAME%

    • <Buddy Server Name Folder>

      This is required if a group is homed to the Buddy server.

      This exception needs to be made on every ENPS server in an enterprise and cannot be pushed by a Group Policy.

    • F:\Common

    • F:\ENPS

    • F:\NOM

    • F:\NWS

  • Work drive processes (F):

    • F:\NOM\buddy.exe

    • F:\NOM\maint.exe

    • F:\NOM\nom.exe

    • F:\NOM\nwp.exe

Alternative Settings

Turn off real-time protection.

Crowdstrike Sensor Visibility Exclusions (SVEs)

Recommended Settings

With the help of Crowdstrike support via the Crowdstrike Portal make the following exclusions:

  • F:\NOM\buddy.exe

  • F:\NOM\maint.exe

  • F:\NOM\nom.exe

  • F:\NOM\watch.exe

  • F:\NOM\nwp.exe

Alternative Settings

None.

Other Endpoint Protection or Live Detection Software

Your site may use Endpoint Protection or Live Detection software different from Windows Defender and Crowdstrike. Core anti-virus functionality and endpoint protection is largely the same regardless of vendor.

Contact Us if you have questions about settings.

Next Steps

Continue to the steps in User Account Control Settings.