Anti-virus

These requirements apply to your ENPS Primary and Buddy Servers and the servers that will be running NOMWebService.

Introduction

The Associated Press recommends against using anti-virus software with real-time scanning on ENPS Server. Doing so may result in the following issues:

• The anti-virus software may have kernel-level conflicts with Microsoft's Index Server or the Windows Search Service, which the ENPS Client uses for its Search functionality.

• When new material is added to the server it may take significantly longer to add it to the index and therefore will not be available through Search as quickly.

• The index may be corrupted frequently. If it is corrupted, re-indexing will take significantly longer to complete. The Index Server may attempt to repair itself from a conflict by re-scanning the indexed drives which can significantly degrade server speed.

• Unscheduled Master Merges may occur several times a day. This can also decrease server performance.

These risks can be severe but they do not always occur. If you accept the potential consequences of running anti-virus software on an ENPS Server following these steps to reduce the likelihood of encountering problems:

• If you must do real-time scans then exclude the following locations:

  • ENPS data drive(s), which are usually D: on a single-partition system and F:, G: and H: on a multi-partition system.

  • (Index Drive):\Search Server\server\logs

  • (Index Drive):\Search Server\server\solr\enps

  • (Index Drive):\Search Server\server\tmp

• Set the anti-virus software to perform scheduled scans instead of real-time scans.

If you experience frequent Search or indexing problems while running anti-virus software you may need to disable or uninstall the anti-virus software while you troubleshoot.

To reduce your servers' vulnerability to viruses and spyware you should take the following precautions:

• Keep servers updated with all of the critical updates from Microsoft. AP recommends installing all critical updates from Microsoft right away. You do not need to wait for our approval. AP will post compatibility notes in release notes provided with each ENPS software update.

Apply Settings

Open Windows Server Manager and select the Local Server tab. Apply the following settings:

		Settings per Windows Server version
Component	Sub-setting(s)	2016	2019 / 2022
Windows Defender Firewall Open Windows Server Manager. Select the Local Server tab. Click Windows Defender Firewall in the Properties pane. Apply settings in the popup.	-	-	Off
IE Enhanced Security Configuration (all Users and Admins) Open Windows Server Manager. Select the Local Server tab. Click IE Enhanced Security Configuration in the Properties pane. Apply settings in the popup.	-	Off	Off
Windows Defender Antivirus Open Windows Server Manager. Select the Local Server tab. Click Windows Defender Antivirus in the Properties pane. Apply settings in the popup.	Real-time protection Cloud-based protection	-	Off
Windows Firewall Open Windows Server Manager. Select the Local Server tab. Click Windows Firewall in the Properties pane. Apply settings in the popup.	-	Off	-
Windows Defender active scanning Open Windows Server Manager. Select the Local Server tab. Click Windows Defender in the Properties pane. Apply settings in the popup.	Real-time protection Cloud-based protection	Off	-

Next Steps

Continue to the steps in User Account Control Settings.