What are the Antivirus Exceptions required for ControlSuite?
What are the exceptions required to ensure that Anti-Virus software does not interfere with ControlSuite Communications
The installation path depends on the location where ControlSuite was installed on the server. If you installed ControlSuite services on another drive letter or at another location
altogether, substitute that drive letter and path in the paths listed above.
Common symptoms if anti-virus software is running without exceptions in place:
- Workstation Client Pop-Ups not working
- Slow performance
- Authentication time outs
- High server resource usage (CPU, Disk, Network, etc.)
- File locking
- Print jobs not printing
- Dialog boxes missing
- Loss of accounting information
- Incomplete installation (if left on during installation)
Server Folders to Exclude
2.1.1 ControlSuite Core
The folder and sub-folders containing ControlSuite.
- C:\Program Files\Kofax\Shared Services (Prior to ControlSuite 1.2 folder is C:\Program Files\Nuance\Shared Services)
Kofax recommend that you exclude the following server folders from virus scanning:
- The folder and sub-folders containing Equitrac.
- The SPOOL folder that the Windows spooler service is configured to use. The default location for all printer spool files: %SystemRoot%\System32\Spool\Printers
- C:\Users\%accountname%\AppData\Local\Equitrac (For all account names who are running at least one Equitrac service).
On a cluster, also exclude cache folders on any shared disks used by Equitrac components, including the spool folders used by print spooler shared disks (for server components only).
Client Folders to Exclude
Kofax recommend that you exclude the following workstation folders from virus scanning:
- The folder and sub-folders containing Equitrac.
- %SystemRoot%\SysWOW64\config\systemprofile\AppData\Local\Equitrac (EQShared Engine)
- %SystemRoot%\System32\config\systemprofile\AppData\Local\Equitrac (only if DRC/IQueue is installed).
Exclude the following files locations from anti-virus scanning and backup (if possible). If the file
location is changed manually, make sure to adjust the file path accordingly.
- located in the %APPDATA% tree of the account that installed AutoStore. For example, "C:\Users\%USERPROFILE%\AppData\Roaming\Notable Solutions, Inc\"
Work and Input folders:
- Task work directory (default value for work directory root, where each task has a separate subfolder):
- The work and input folders for the capture components are standardized, however can be modified within the capture components:
- C:\Canon MEAP Web
- Process Folders / Knowledge Packages:
- Reference pool directories (customer defined)
- Any working paths defined by process components
- Destination Folders:
- Locations where your captured documents are saved. These are typically for 'Scan to Folder' or 'MultiRouter' workflows and can be local disk locations or network locations.
- Destination folders in one task may be input sources for other tasks, in workflows utilizing Knowledge Packages. These directories will contain image data as well as metadata files.
Root path default installation folder: "C:\Program Files\Nuance\AutoStore". This directory has been modified with newer versions for example ContolSuite 1.2 to : "C:\Program Files\Kofax\AutoStore".
Some AutoStore capture components are Web Server based. For these the following guideline is recommended.
Establish an exclusion for the web site folder and all sub folders.
- Xerox EIP
- Exclude C:\Program Files\Nuance\AutoStore\ASXeroxEIPWeb20 or C:\Program Files\Kofax\AutoStore\ASXeroxEIPWeb20 and all of its sub folders.
- Konica Minolta iOption
- Exclude C:\Program Files\Nuance\AutoStore\KonicaPanelClient C:\Program Files\Kofax\AutoStore\KonicaPanelClient and all of its sub folders.
Additional information can be found here: https://support.microsoft.com/enus/help/3126034/folders-to-exclude-from-antivirus-scanning-in-asp.net-apps
*Since ASP.NET 4.5, it is now possible to add a web.config setting that turns off file/folder monitoring by ASP.NET. You can do this by adding the fcnMode="Disabled" attribute to the
- For example, the Xerox EIP Connect capture component has the following in its web.config:
- <!-- <httpRuntime fcnMode="Disabled" requestValidationMode="2.0" maxRequestLength="2097151"/> use fcnMode if you suspect a virus scanner is recycling your website-->
- Change it to:
- <httpRuntime fcnMode="Disabled" requestValidationMode="2.0" maxRequestLength="2097151"/>
Note, this change will prevent the PrivateMemoryCheck setting from working since it relies on the mechanism that is being disabled.
2.1.4 Output Manager
Recommended Exclusions for Antivirus Software when used with Output Manager
If Output Manager is installed on the C: drive, the following folders need to be excluded. If Output Manager is installed to different drive(s) please use the listings below as an example
and adjust appropriately.
- C:\Program Files\NSi\Output Manager\
- C:\FileStore (\\serverName\OmFileStore) this folder is likely a shared folder. If there are multiple Output Manager file stores, all are listed in the Output Manger Console> Administration> System Health > Document file stores grid. All file store folders/shares should be excluded.
- Any folders that are watched by Output Manager; these would be folders defined in Output Manager sources (Network Folder and FTP types).
Microsoft Windows Printing:
- Microsoft SQL Server: The SQL server folders need to be excluded from the virus scan.
2.1.5 Device Registration Service:
- C:\Program Files\Kofax\Device Registration Service\* (1.2 and above) or C:\Program Files\Nuance\Device Registration Service\* (1.1)
2.1.6 Business Connect
- %ProgramData%\Kofax\BusinessConnect (1.2 and above) or %ProgramData%\Nuance\BusinessConnect
2.1.7 Device Web Service
Services to Exclude
2.2.1 ControlSuite Core
- Kofax Licensing Service (Prunsrv.exe) - In Services console as NDILSvc
- Kofax Cassandra Service (NuanceDDBCassandraService)
- Core Accounting Service (EQCASSrv)
- Device Control Engine (EQDCESrv)
- Document Routing Engine (EQDRESrv)
- Device Monitoring Engine (EQDMESrv)
- Device Web Service (EQDWSSrv)
- Service Location Protocol (EQSLPSrv)
- Scheduler (EQSchSrv)
- Scan Processing Engine (EQSPESrv)
- Workstation Client (EQSharedEngine)
- Device Control Service (DCS)
- Device Registration Service (DRS)
- AutoStore Box Route WebAuthorization Service
- AutoStore ControlSuite Service
- AutoStore Dropbox WebAuthorization Service
- AutoStore General Services Broker
- AutoStore GoogleDocs WebAuthorizationService
- AutoStore OneDrive WebAuthorizationService
- OmniPage OCR Service
2.2.4 Output Manager
- Output Manager DBM Service (OM_dbm)
- Output Manager Input Service (OM_input)
- Output Manager Output Service (OM_Output)
- Output Manager Rules Agent (OM_RulesAgent)
- Output Manager SNMP Service (OM_snmp
2.2.5 Business Connect
- KBC Support Service
- KBC Web Server Service (If not using IIS)
File Extensions to Exclude
Exclude the following file extensions from virus scanning:
- database files (mdf, ldf)
- trace log files (log)