Anti-virus

These requirements apply to your ENPS Primary and Buddy Servers and the servers that will be running NOMWebService.

Introduction

The Associated Press recommends against using antivirus software with real-time scanning and/or live detection scanning on ENPS servers. Doing so may significantly impact client performance and frustrate end-users.

The following sections on this page outline our general advice and recommended settings per security tool. Each tool has additional tweaks such as excluding specific folders from scans, should you accept the potential consequences of running anti-virus software on an ENPS server.

General Advice

Scan Frequency

Set the anti-virus software to perform scheduled scans of the ENPS drives instead of real-time scans.

Search/Indexing

If you experience frequent Search or indexing problems while running anti-virus software you may need to disable or uninstall the anti-virus software while you troubleshoot.

Windows Updates

To reduce your servers' vulnerability to viruses and spyware, keep servers up-to-date with all critical updates from Microsoft. You do not need to wait for AP approval.

Tool-specific Settings

Windows Defender Firewall

Called Windows Firewall in older versions of Windows Server.

Recommended Setting

Create an exception for ENPS.

Alternative Setting

Disable the firewall for servers inside of the DMZ.

Windows Defender Antivirus

Recommended Setting

If you must do real-time scans then exclude the following locations.

If you have any groups homed to the Buddy Server please Contact Us about additional exclusions.

  • Index drive (E):

    • E:\Search Server\server\logs

    • E:\Search Server\server\solr\enps

    • E:\Search Server\server\tmp

    • E:\SearchServer

  • Work drive (F):

    • F:\%COMPUTERNAME%

    • <Buddy Server Name Folder>

      This is required if a group is homed to the Buddy server.

      This exception needs to be made on every ENPS server in an enterprise and cannot be pushed by a Group Policy.

    • F:\Common

    • F:\ENPS

    • F:\NOM

    • F:\NWS

  • Work drive processes (F):

    • F:\NOM\buddy.exe

    • F:\NOM\maint.exe

    • F:\NOM\nom.exe

    • F:\NOM\nwp.exe

Alternative Settings

Turn off real-time protection.

Crowdstrike Sensor Visibility Exclusions (SVEs)

Recommended Settings

With the help of Crowdstrike support via the Crowdstrike Portal make the following exclusions:

  • F:\NOM\buddy.exe

  • F:\NOM\maint.exe

  • F:\NOM\nom.exe

  • F:\NOM\watch.exe

  • F:\NOM\nwp.exe

Alternative Settings

None.

Other Endpoint Protection or Live Detection Software

Your site may use Endpoint Protection or Live Detection software different from Windows Defender and Crowdstrike. Core anti-virus functionality and endpoint protection is largely the same regardless of vendor.

Contact Us if you have questions about settings.

IE Enhanced Security Configuration (all Users and Admins)

Recommended Setting

Turn off.

Alternative Setting

None.

Next Steps

Continue to the steps in User Account Control Settings.