Späť na prehľad

BMD: Recommended settings for antivirus software

Antivirus software is essential for protecting IT systems. However, antivirus programs should not hinder the users and are supposed to run in the background, if possible unnoticed. Many antivirus programs cause the system to slow down or can sometimes even completely overload it. For this reason, it is important to configure them correctly and set process and folder exceptions accordingly.


1. BMD NTCS

To improve performance, database directories should always be excluded from antivirus real-time protection.

For details, please refer to: https://learn.microsoft.com/en-us/troubleshoot/sql/database-engine/security/antivirus-and-sql-server

 

The BMD NTCS archive directory, however, should not be excluded from real-time protection, since it is where the documents of the users are saved.


1.1. Exclusions on the server

  • In the LOG directory of the share BMDNTCS_PGMDATA (\\<SERVERNAME>\BMDNTCS_PGMDATA\LOG) *.txt + *.log
    • usually under %Public%\Documents\BMDSOFTWARE\BMDNTCS\LOG
  • BMDDataBase
  • BMD NTCS installation directory

1.2. Exclusions on the client

As of version 24.02, the following files and directories:

  • C:\Program Files (x86)\BMDNTCSClients\“Servername“\BMDNTCS.exe
  • C:\Program Files (x86)\BMDNTCSClients\“Servername“\BMDNTCS.x64.exe
  • C:\Program Files (x86)\BMDNTCSClients\“Servername“\BMDNetclient.exe
  • \\<SERVERNAME>\BMDNTCS_PGMDATA\LOG\*.log
  • \\<SERVERNAME>\BMDNTCS_PGMDATA\LOG\*.txt

 

Or alternatively the respective directories without restrictions:

  • C:\Program Files (x86)\BMDNTCSClients\"Servername"\*.*
  • C:\Program Files (x86)\BMDNetClients\"file servername"\x64\*.*
  • \\<SERVERNAME>\BMDNTCS_PGMDATA\LOG\*.log
  • \\<SERVERNAME>\BMDNTCS_PGMDATA\LOG\*.txt

1.3. Behaviour monitoring

If some sort of behaviour monitoring (e.g. Windows Defender Exploit Guard, ransomware protection, IPS) is active, it is often necessary to define an additional process exception for BMDNTCS.exe, BMDNTCS.x64.exe und BMDNetclient.exe.


1.4. Exclusions on the web server

To maintain security, no exclusions should be configured on a web server.

If Windows Defender is used, note the following information:

https://learn.microsoft.com/en-us/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus#important-notes-about-automatic-exclusions-on-windows-server

https://learn.microsoft.com/en-us/defender-endpoint/configure-server-exclusions-microsoft-defender-antivirus#web-server-exclusions


2. BMD 5.5

The BMD 5.5 directories generally do not need to be excluded from antivirus scans. Configure exclusions only when necessary.


2.1. Exclusions on the server

You have to exclude the BMD 5.5 program directory (“BMD”) and any existing BMD 5.5 data directory (“BMDDAT”, “BMD_DATA”, “BMDDaten” etc.) from real-time protection. Not doing so may cause file locks or problems when accessing files. Furthermore, you should exclude the process bmdw.exe from real-time protection on the server.


2.2. Exclusions on the client

Netspeed Client program directory:

C:\ProgramData\BMDClients or for older installations C:\Program Files (x86)\BMDClients