A topic that comes up every so often is how to best handle anti-virus applications with Microsoft Dynamics CRM.  This is actually a great question as performance can be impacted negatively depending on how this has been configured.  Virus scanning can even lock certain files making them inaccessible to other applications.  Since Dynamics CRM can touch multiple servers and multiple areas in an environment, the overall guidance for anti-virus software can be far reaching and bring many areas into consideration.  Anti-virus software can have an effect on the application servers, SQL Server, AD servers, Reporting servers, and client machines to name a few. 

The following is a list of files and folders that we feel should be considered to be excluded from anti-virus scanning in order to minimize performance impact.  This is not an exhaustive list, but instead a list built from observing and working with various customer environments.  Keep in mind however that each environment requires a thoughtful decision on what to include and exclude, and there is always a possibility that excluding files from scans can lead to unwanted consequences.  This list should be used alongside your well planned internal IT management policies.

CRM Servers

  • The following directory should be excluded:
    • %SystemDrive%\inetpub\temp\IIS Temporary Compressed File
    • %systemroot%\system32\inetsrv
  • Ensure any script-scanning functionality in your anti-virus software is turned off on the CRM Server(s)
  • The following KB articles provide additional information on anti-virus software used with IIS

SQL Server

  • SQL Server data files. These files usually have the following file name extensions:
    • .md
    • .ld
    • .ndf
  • SQL Server backup files. These usually have the following file name extensions:
    • .ba
    • .trn
  • Full-Text catalog files
  • The directory that holds Analysis Services data
  • If a SQL Server failover cluster is being used, the following should also be excluded:
    • Q:\ (Quorum drive
    • c:\Windows\Cluster
  • mssql.exe
  • sqlagent.exe
  • For further information on SQL Server see the following KB article:

Dynamics CRM Client

  • Check for any interference from desktop security software.  Some anti-virus programs include a feature called ScriptScan which can affect performance in Dynamics CRM.  Most programs have functionality to disable scanning on certain web sites.  Make sure the Dynamics CRM URL has been added to this list.  For McAfee specifically see the following KB articles for this setting:

  • If using other anti-virus software, make sure the CRM website URL is included in the trusted zone for the virus scanning and switch off on-access scanning for the CRM website.  See your specific anti-virus application documentation for more details.

Virtual Servers

  • If virtual servers are used in the deployment, make sure the directory on the host machine containing the virtual hard drive files is excluded from scanning.
  • For Hyper-V specifically, the following processes should be excluded:
    • Vmms.ex
    • Vmswp.exe
    • Vmwp.exe
  • Additional information:

Email Router

  • If the email router is being used, the following files should be excluded from scanning: (these files are by default in the C:\Program Files\Microsoft CRM Email\Service folder)
    • microsoft.crm.tools.email.management.exe
    • microsoft.crm.tools.emailagent.exe
    • microsoft.crm.tools.emailproviders.dl
    • Microsoft.Exchange.WebServices.dl
    • Microsoft.Crm.Passport.IdCrl.dl
    • Microsoft.Crm.Tools.EmailAgent.Configuration.bi
    • Microsoft.Crm.Tools.EmailAgent.xm
    • Microsoft.Crm.Tools.EmailAgent.SystemState.xml
    • If a trace is being run, the trace file as configured in the emailagent.xml can also be excluded.