Does this site look plain?

This site uses advanced css techniques

Steve Friedl's Evolution™ Resources

Antivirus on the Evolution Middle Tier

• Home
• Contact
• About
• TechTips
• Tools&Source
• Evo Payroll
• CmdLetters
• Research
• AT&T 3B2
• Advisories
• News/Pubs
• Literacy
• Calif.Voting
• Personal
• Tech Blog
• Evo Blog

Many users of the Evolution™ payroll service-bureau software run one kind of antivirus software or another, but this can sometimes have undue impact on system operation, so there are usually a few settings that can be tuned for better performance.

We don't really recommend running A/V on the middle tier systems, as they should not be used for the kinds of activities that get a computer into trouble, but it can provide some peace of mind that we are hard pressed to advise against.

There are several general reasons for changing the antivirus settings to suppress processing in certain Evolution areas:

• Some file in the Evolution system cannot be opened properly by the A/V scanner: the version ZIP files are protected with a password (which Evolution itself knows how to open), and this generates a warning from some A/V software. Though these messages are benign, they clutter the event log and may detract for other log entries that do require attention.
• Some directories have a great deal of file activity, and this is particularly the case with the package servers using temporary files. Many antivirus systems have a realtime scanner which must inspect each file as it's read or written, and this can have a substantial impact on performance. By excluding the directories holding these files, the I/O can run at full speed.
• In some cases, there could be file-locking conflicts where Evolution and the A/V attempt to access the same file in incompatible ways. This can't be helpful.

Directories to exclude

Our usual practice is to exclude several key directories from the A/V system in both the realtime and full-system scanning systems, in order to avoid these problems.

C:\Program Files\Evolution\VersionDirectoryService\Versions\

This directory contains the large version ZIP file with the executable code components of the system, but they are password protected, and some antivirus programs will issue warnings if they are unable to scan a ZIP file.

Excluding this directory will suppress these messages (and some SBs choose to exclude the entire C:\Program Files\Evolution\ directory to suppress the scanning of the Version ZIP used in the Deployment Service - this is a fair approach too).

This need only be done on the single machine running the Version Service.

the Evo Queue directory

The Queue directory is used by the Registration Daemon to hold tasks, and its location is specified in the EEC. Some of these files can be quite large, and used in realtime, so this may have a performance impact.

This is only found on the machine that has the Registartion Daemon.

C:\WINDOWS\Temp\ISystems\

This directory is used by the various daemons to store temporary files, and in the case of the Package Server, these come and go very quickly. Excluding this directory from realtime scanning may improve performance during payroll processing.

Some Evo SBs choose to exclude the entire C:\Program Files\Evolution\ directory from scanning, as there are other unscannable ZIP in this hierarchy, and it's a practice we follow as well. But this does exclude a large area from scanning, and some might find this objectionable.

We don't believe that individual Evolution workstations need to have this treatment, nor should Evo Remote customers be concerned with it.

Instructions for specific A/V systems

We'll include brief instructions on how to exclude the Evolution areas from antivirus systems as we learn about them (contributions welcome). Note that we are not attempting to make this a tutorial: some familiarity with your antivirus system is assumed.

Symantec Antivirus

These instructions apply to Symantec Antivirus, Corporate Edition, and it does not seem possible to perform these exclusions from the centralized A/V control panel (with version 10.1, at least), so this process must be run manually on each system.

• Launch Symantec AntiVirus
• Nav to Configure » File System Auto-Protect
  • Click Exclusions
  • Click Files/Folders
  • Navigate to and click each folder to exclude from realtime scanning
  • Close dialog boxes and return to the top-level Symantec A/V window
• Nav to Scan » Full Scan
  • Click Options
  • Check the Exclude files and folders checkbox
  • Click the Exclusions button
  • Click Files/Folders
  • Navigate to and click each folder to exclude from a full system scan
  • Close the dialog boxes and return to the top-level A/V window
• Close the Symantec AntiVirus window
• Repeat as necessary for each middle-tier Windows machine

First published: 2007/10/21