Search

GlobalSCAPE Knowledge Base

WAFS v4.x Antivirus Settings

Karla Marsh
WAFS and CDP

THE INFORMATION IN THIS ARTICLE APPLIES TO:

  • WAFS version 4.0 and later
For WAFS v3.7.1 and earlier, refer to KB article #10326.

DISCUSSION

Your antivirus configuration can affect file-access performance when using the system. This section describes how to optimize your antivirus setup for use with WAFS.

Choose from the following antivirus configurations based on your particular needs, in order from most to least recommended:

  1. Antivirus at each end-user's workstation - If each of your end-users' workstations are protected, the possibility of an infected file is eliminated and there is no need to run antivirus on the computer running an Agent. This is the most effective level.

  2. Protection at the Vault - All files move through the Vault. You can, therefore, run antivirus software on the Vault and scan the Vault's root before propagating files to the Agents.

  3. Protection at the computer running the Agent - Instead of managing antivirus software on each user's workstation, some IT managers prefer to run antivirus software on the computers that run the Agents. When not done properly, this can affect the performance of user file access. Refer to Recommendations for Directories, Drives, and Processes to Exclude in Your Antivirus Software, below, for important exclusion setup notes.

Running antivirus software on an Agent can degrade the performance if not properly configured. The performance hit is caused by the antivirus software thinking that multiple copies of a file are opening. It may scan the same file up to 3 times when a user opens the file once. It may also perform background scans that appear as regular CPU cycles (Norton, E-Trust, NOD32, etc), as well as process scans of the application. If the file is in a linked folder, then the antivirus software scans the file from the original location upon open, AND from inside the replicate drive (e.g., F:\_MySrv\MyVol). Finally, the file is seen internal to the engine (e.g., C:\WINDOWS\AVMF or D:\AVMF), and scanned again.

In addition to on-the-fly scan when a file is changed, some antivirus software includes a daily scan. In this case, if it is necessary to do this daily scan, it might be useful to do it when the Agent is offline. For example, you can schedule the Agent so that it is online 22 hours a day, and offline for two hours during times when users are less likely to use the Agent. During that time, the computer running the Agent can do backups, virus scans, and so on.

Recommendations for Directories, Drives, and Processes to Exclude in Your Antivirus Software

Antivirus applications typically allow directories to be excluded from the antivirus scan (often called "exclusions"). When available, you should exclude directories AVM0 and AVMF. All data mirrored on the C drive will be in C:\Windows\AVMF and all data on any other drive will be in <drive_Letter>:\AVMF (e.g., D:\AVMF). Exclude the entire Vault Data drive (e.g., F:\_MyServer). If your antivirus scans processes (especially E Trust, Innoculan, Symantec Tamper Protection, Trend Micro OfficeScan/Server protect), always exclude WAFSAgentManager.exe.

Below is a list of files and locations, and exclusion suggestions for firewalls:

On the Agent computer:
  • C:\Program Files (x86)\GlobalSCAPE

  • <Drive(s) with AVMF>:\AVMF

  • <Drive with AVM0>:\AVM0

  • Vault drive letter

  • C:\Program Files (x86)\GlobalSCAPE\WAFS Agent\AgentConsole.exe

  • C:\Program Files (x86)\GlobalSCAPE\WAFS Agent\AgentService.exe

  • C:\Program Files (x86)\GlobalSCAPE\WAFS Agent\WafsAgentManager.exe

On the Vault computer:
  • <Drive with AD>:\AD or <Drive with Vault Data>:\Vault Data

  • C:\Program Files (x86)\GlobalSCAPE

  • C:\Program Files (x86)\GlobalSCAPE\WAFS Vault\VaultConsole.exe

  • C:\Program Files (x86)\GlobalSCAPE\WAFS Vault\VaultService.exe

  • C:\Program Files (x86)\GlobalSCAPE\WAFS Vault\WafsVaultMonitor.exe

Regarding Firewalls:
  • Exclude any ports / additional channels that the WAFS Vault and WAFS Agents use

  • Exclude the IP address of the WAFS Vault and WAFS Agents from monitoring / stateful packet inspection

 

Some local server antivirus applications in corporate environments, like McAfee, are controlled by a central monitor service run by your IT at headquarters. Exclusions must be specified at that central console; the console then pushes them out. The exclude list you see at each remote site is ignored in these hierarchical topologies. If slowness persists for user access to CAD files, exclude the CAD file extension from the workstation antivirus, and check the performance again.

Details
Last Modified: 7 Years Ago
Last Modified By: GlobalSCAPE 5
Type: HOWTO
Article not rated yet.
Article has been viewed 21K times.
Options
Also In This Category
Tags