A topic that comes up every so often is how to best handle anti-virus applications with Microsoft Dynamics CRM. This is actually a great question as performance can be impacted negatively depending on how this has been configured. Virus scanning can even lock certain files making them inaccessible to other applications. Since Dynamics CRM can touch multiple servers and multiple areas in an environment, the overall guidance for anti-virus software can be far reaching and bring many areas into consideration. Anti-virus software can have an effect on the application servers, SQL Server, AD servers, Reporting servers, and client machines.
The following is a list of files and folders that we feel should be considered to be excluded from anti-virus scanning in order to minimize performance impact. This is not an exhaustive list, but instead a list built from observing and working with various customer environments. Keep in mind, however, that each environment requires a thoughtful decision on what to include and exclude, and there is always a possibility that excluding files from scans can lead to unwanted consequences. This list should be used alongside your well planned internal IT management policies.
If using other anti-virus software, make sure the CRM website URL is included in the trusted zone for the virus scanning and switch off on-access scanning for the CRM website. See your specific anti-virus application documentation for more details.
If a trace is being run, the trace file as configured in the emailagent.xml can also be excluded.
Updating with a few additional exclusions, thanks to Jeff Reiser.
· Turn off scanning of Windows Update or Automatic Update related files
o Turn off scanning of the Windows Update or Automatic Update database file (Datastore.edb). This file is located in the following folder:
o Turn off scanning of the log files that are located in the following folder:
o Specifically, exclude the following files:
· The wildcard character (*) indicates that there may be several files.
· Turn off scanning of Windows Security files
o Add the following files in the %windir%\Security\Database path of the exclusions list:
· Turn off scanning of Group Policy related files
o Group Policy user registry information. These files are located in the following folder:
o Specifically, exclude the following file:
o Group Policy client settings file. This file is located in the following folder:
· For additional information on the above exclusions and for information regarding Domain Controllers please visit the following KB Article
Great information, thank you!
There's actually a typo in the SQL exclusions here - the data file extensions should be .mdf and .ldf, not .md and .ld, as per the linked SQL article... other than that, great article - thanks!