Many users of the Evolution™ payroll service-bureau software run
one kind of antivirus software or another, but this can sometimes have
undue impact on system operation, so there are usually a few settings
that can be tuned for better performance.
We don't really recommend running A/V on the middle tier systems, as they
should not be used for the kinds of activities that get a computer into
trouble, but it can provide some peace of mind that we are hard pressed
to advise against.
There are several general reasons for changing the antivirus settings
to suppress processing in certain Evolution areas:
- Some file in the Evolution system cannot be opened properly
by the A/V scanner: the version ZIP files are protected with a
password (which Evolution itself knows how to open), and this
generates a warning from some A/V software. Though these messages
are benign, they clutter the event log and may detract for
other log entries that do require attention.
-
Some directories have a great deal of file activity, and this is
particularly the case with the package servers using temporary
files. Many antivirus systems have a realtime scanner which must
inspect each file as it's read or written, and this can have a
substantial impact on performance. By excluding the directories
holding these files, the I/O can run at full speed.
-
In some cases, there could be file-locking conflicts where Evolution
and the A/V attempt to access the same file in incompatible ways.
This can't be helpful.
Directories to exclude
Our usual practice is to exclude several key directories from the
A/V system in both the realtime and full-system scanning systems,
in order to avoid these problems.
- C:\Program Files\Evolution\VersionDirectoryService\Versions\
- This directory contains the large version ZIP file with the
executable code components of the system, but they are password
protected, and some antivirus programs will issue warnings if they
are unable to scan a ZIP file.
-
Excluding this directory will suppress these messages (and some SBs choose
to exclude the entire C:\Program Files\Evolution\ directory to suppress
the scanning of the Version ZIP used in the Deployment Service - this is a
fair approach too).
-
This need only be done on the single machine running the Version
Service.
- the Evo Queue directory
-
The Queue directory is used by the Registration Daemon to hold tasks, and its
location is specified in the EEC. Some of these files can be quite large, and
used in realtime, so this may have a performance impact.
-
This is only found on the machine that has the Registartion Daemon.
- C:\WINDOWS\Temp\ISystems\
- This directory is used by the various daemons to store temporary
files, and in the case of the Package Server, these come and go very
quickly. Excluding this directory from realtime scanning may improve
performance during payroll processing.
Some Evo SBs choose to exclude the entire C:\Program Files\Evolution\
directory from scanning, as there are other unscannable ZIP in this hierarchy,
and it's a practice we follow as well. But this does exclude a large area from
scanning, and some might find this objectionable.
We don't believe that individual Evolution workstations need to have this treatment,
nor should Evo Remote customers be concerned with it.
Instructions for specific A/V systems
We'll include brief instructions on how to exclude the Evolution areas
from antivirus systems as we learn about them (contributions welcome).
Note that we are not attempting to make this a tutorial: some
familiarity with your antivirus system is assumed.
Symantec Antivirus
These instructions apply to Symantec Antivirus, Corporate Edition, and it does not
seem possible to perform these exclusions from the centralized A/V control panel
(with version 10.1, at least), so this process must be run manually on each
system.
- Launch Symantec AntiVirus
- Nav to Configure » File System Auto-Protect
- Click Exclusions
- Click Files/Folders
- Navigate to and click each folder to exclude from realtime scanning
- Close dialog boxes and return to the top-level Symantec A/V window
- Nav to Scan » Full Scan
- Click Options
- Check the Exclude files and folders checkbox
- Click the Exclusions button
- Click Files/Folders
- Navigate to and click each folder to exclude from a full system scan
- Close the dialog boxes and return to the top-level A/V window
- Close the Symantec AntiVirus window
- Repeat as necessary for each middle-tier Windows machine
First published: 2007/10/21