Home
%3CLINGO-SUB%20id%3D%22lingo-sub-621198%22%20slang%3D%22en-US%22%3ESkype%20for%20Business%20Client-Side%20Anti-Virus%20Scanning%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-621198%22%20slang%3D%22en-US%22%3E%0A%20%26lt%3Bmeta%20http-equiv%3D%22Content-Type%22%20content%3D%22text%2Fhtml%3B%20charset%3DUTF-8%22%20%2F%26gt%3B%3CSTRONG%3EFirst%20published%20on%20TECHNET%20on%20Feb%2006%2C%202018%20%3C%2FSTRONG%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20by%20Steve%20Schiemann%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20Microsoft%20has%20found%20that%20some%20client-side%20issues%20can%20arise%20because%20of%20anti-virus%20interference%20with%20normal%20operations.%20These%20issues%20include%20but%20are%20not%20limited%20to%20downloading%20the%20address%20book%2C%20response%20problems%20when%20performing%20various%20tasks%2C%20or%20outright%20crashes.%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20To%20ensure%20that%20the%20antivirus%20scanner%20does%20not%20interfere%20with%20the%20operation%20of%20Skype%20for%20Business%20(SfB)%20clients%2C%20customers%20should%20exclude%20client%20tracing%2Fprofile%20directories%2C%20and%20the%20Office%20installation%20directories%20on%20each%20workstation%20on%20which%20you%20run%20a%20file-level%20antivirus%20scanner.%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CB%3ENote%3A%20%3C%2FB%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20Folder%20and%20file%20locations%20listed%20below%20are%20the%20default%20locations%20for%20various%20client%20installations.%20For%20any%20locations%20for%20which%20you%20did%20not%20use%20the%20default%2C%20exclude%20the%20locations%20you%20specified%20for%20your%20installation%20instead%20of%20the%20default%20locations%20specified%20in%20this%20writing.%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CB%3EImportant%3A%20%3C%2FB%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20Please%20note%20that%20some%20antivirus%20programs%20may%20need%20absolute%2C%20not%20relative%20paths%2C%20for%20their%20exclusion%20list.%20%3CBR%20%2F%3E%3CH3%20id%3D%22toc-hId-1564464096%22%20id%3D%22toc-hId-1564465119%22%3EClient%20Tracing%20%2F%20Profile%20Directories%3C%2FH3%3E%3CBR%20%2F%3E%20Office%202016%3A%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%25userprofile%25%5CAppData%5CLocal%5CMicrosoft%5COffice%5C16.0%5CLync%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20Office%202013%3A%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%25userprofile%25%5CAppData%5CLocal%5CMicrosoft%5COffice%5C%20%3CB%3E%2015.0%20%3C%2FB%3E%20%5CLync%20%3CBR%20%2F%3E%3CH5%20id%3D%22toc-hId--1380719875%22%20id%3D%22toc-hId--1380718852%22%3EOffice%202016%20Installation%20Directories%3C%2FH5%3E%3CBR%20%2F%3E%3CH5%20id%3D%22toc-hId-362090460%22%20id%3D%22toc-hId-362091483%22%3EClick-to-Run%3A%3C%2FH5%3E%3CBR%20%2F%3E%20C%3A%5CProgram%20Files%20(x86)%5CMicrosoft%20Office%5Croot%5COffice16%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20MSI-based%20Installations%3A%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%C2%B7%2064-bit%20Office%20on%2064-bit%20Windows%3A%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20C%3A%5CProgram%20Files%5CMicrosoft%20Office%5COffice16%5C%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%C2%B7%2032-bit%20Office%3A%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20C%3A%5CProgram%20Files%20(x86)%5CMicrosoft%20Office%5COffice16%5C%20%3CBR%20%2F%3E%3CH5%20id%3D%22toc-hId-2104900795%22%20id%3D%22toc-hId-2104901818%22%3EOffice%202013%20Installation%20Directories%3C%2FH5%3E%3CBR%20%2F%3E%20%C2%B7%2064-bit%20Office%20on%2064-bit%20Windows%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20C%3A%5CProgram%20Files%5CMicrosoft%20Office%5COffice15%5C%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%C2%B7%2032-bit%20Office%3A%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20C%3A%5CProgram%20Files%20(x86)%5CMicrosoft%20Office%5COffice15%5C%20%3CBR%20%2F%3E%3CH3%20id%3D%22toc-hId--54229156%22%20id%3D%22toc-hId--54228133%22%3EMust%20I%20Exclude%20These%20Directories%3F%3C%2FH3%3E%3CBR%20%2F%3E%20The%20short%20answer%20is%20no%2C%20but%20please%20take%20into%20consideration%20that%20we%20in%20Microsoft%20Customer%20Service%20and%20Support%20have%20resolved%20many%20issues%20by%20simply%20taking%20A%2FV%20scanning%20out%20of%20the%20picture.%20This%20happens%20both%20server-%20and%20client-side.%20Often%20customers%20push%20back%20when%20asked%20to%20remove%20A%2FV%20software%2C%20or%20simply%20disable%20it%20for%20testing%20purposes.%20We%20understand%20your%20concerns%2C%20but%20this%20software%20can%20be%20very%20intrusive.%20Even%20if%20disabled%2C%20hooks%20are%20left%20in%20place%20which%20can%20interfere%20with%20Skype%20for%20Business%20clients.%20For%20another%20perspective%2C%20please%20see%20this%20this%20%3CA%20href%3D%22https%3A%2F%2Fblogs.msdn.microsoft.com%2Fialonso%2F2012%2F09%2F10%2Fanother-dirty-trick-played-by-an-antivirus%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3E%20blog%20%3C%2FA%3E%20.%20Here%20is%20an%20excerpt%3A%20%3CI%3E%20%E2%80%9CAV%20or%20security%20software%20manufacturers%20tend%20to%20understand%20%E2%80%9CDisabled%E2%80%9D%20as%20a%20%E2%80%9CI%E2%80%99ll%20continue%20with%20all%20my%20intrusive%20way%20of%20doing%2C%20only%20that%20if%20I%20detect%20something%20suspicious%20I%20won%E2%80%99t%20tell%20anyone.%20But%20I%20can%20keep%20being%20the%20cause%20of%20performance%20problems%2C%20memory%20leaks%2C%20or%20memory%20corruptions.%20%E2%80%9C%20%3C%2FI%3E%20%3CBR%20%2F%3E%3CH3%20id%3D%22toc-hId-1688581179%22%20id%3D%22toc-hId-1688582202%22%3EEicar%20Test%3C%2FH3%3E%3CBR%20%2F%3E%20The%20Eicar%20(European%20Institute%20for%20Computer%20Antivirus%20Research)%20test%20allows%20anyone%20to%20see%20if%20a%20certain%20folder%20on%20their%20machine%20is%20being%20scanned.%20Simple%20copy%2Fpaste%20the%2068-byte%20ASCII%20text%20into%20notepad%2C%20and%20save%20it%20locally.%20Your%20scanner%20should%20pick%20up%20this%20innocuous%20file%20and%20flag%20it%20as%20a%20threat.%20I%20did%20this%2C%20and%20saved%20it%20to%20my%20Lync%2FSfb%20profile%20folder%2C%20and%20immediately%20was%20informed%20of%20a%20%E2%80%9Csevere%E2%80%9D%20thread%20by%20Windows%20Defender.%20If%20I%20suspected%20A%2FV%20of%20causing%20issues%20with%20SfB%2C%20I%20would%20have%20excluded%20this%20folder%20from%20scanning.%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20Grab%20the%20Eicar%20test%20and%20details%20from%20%3CA%20href%3D%22http%3A%2F%2Fwww.eicar.org%2F86-0-Intended-use.html%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%20http%3A%2F%2Fwww.eicar.org%2F86-0-Intended-use.html%3C%2FA%3E%20%3CBR%20%2F%3E%3CH3%20id%3D%22toc-hId--863575782%22%20id%3D%22toc-hId--863574759%22%3EConclusion%3C%2FH3%3E%3CBR%20%2F%3E%20In%20most%20SfB%20client%20cases%2C%20A%2FV%20software%20runs%20fine%20without%20any%20special%20configuration%20and%20does%20not%20interfere%20with%20SfB%20functionality.%20If%20you%20have%20read%20this%20page%20however%2C%20you%20understand%20why%20customers%20might%20be%20asked%20to%20exclude%20certain%20directories%20from%20scanning%2C%20or%20to%20disable%2C%20or%20remove%20A%2FV%20software%20for%20testing%20purposes.%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CB%3ENote%3A%20%3C%2FB%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20We%20are%20not%20aware%20of%20a%20risk%20of%20excluding%20the%20specific%20files%20or%20folders%20that%20are%20mentioned%20in%20this%20article%20from%20scans%20that%20are%20made%20by%20your%20antivirus%20software.%20However%2C%20your%20system%20may%20be%20safer%20if%20you%20do%20not%20exclude%20any%20files%20or%20folders%20from%20scans.%20%3CBR%20%2F%3E%3CH3%20id%3D%22toc-hId-879234553%22%20id%3D%22toc-hId-879235576%22%3EResources%3C%2FH3%3E%3CBR%20%2F%3E%20Antivirus%20scanning%20exclusions%20for%20Lync%20Server%202013%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CA%20href%3D%22https%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fdn440138(v%3Docs.15).aspx%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3E%20https%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fdn440138(v%3Docs.15).aspx%20%3C%2FA%3E%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20Plan%20antivirus%20scanning%20for%20Outlook%202013%20%3CBR%20%2F%3E%20%3CBR%20%2F%3E%20%3CA%20href%3D%22https%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fdn769141.aspx%3Ff%3D255%26amp%3BMSPPError%3D-2147217396%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3E%20https%3A%2F%2Ftechnet.microsoft.com%2Fen-us%2Flibrary%2Fdn769141.aspx%3Ff%3D255%26amp%3BMSPPError%3D-2147217396%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-TEASER%20id%3D%22lingo-teaser-621198%22%20slang%3D%22en-US%22%3EFirst%20published%20on%20TECHNET%20on%20Feb%2006%2C%202018%20%26nbsp%3Bby%20Steve%20SchiemannMicrosoft%20has%20found%20that%20some%20client-side%20issues%20can%20arise%20because%20of%20anti-virus%20interference%20with%20normal%20operations.%3C%2FLINGO-TEASER%3E%3CLINGO-LABS%20id%3D%22lingo-labs-621198%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3Eantivirus%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ENextHop%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESkype%20for%20Business%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
Microsoft
First published on TECHNET on Feb 06, 2018


by Steve Schiemann

Microsoft has found that some client-side issues can arise because of anti-virus interference with normal operations. These issues include but are not limited to downloading the address book, response problems when performing various tasks, or outright crashes.

To ensure that the antivirus scanner does not interfere with the operation of Skype for Business (SfB) clients, customers should exclude client tracing/profile directories, and the Office installation directories on each workstation on which you run a file-level antivirus scanner.

Note:

Folder and file locations listed below are the default locations for various client installations. For any locations for which you did not use the default, exclude the locations you specified for your installation instead of the default locations specified in this writing.

Important:

Please note that some antivirus programs may need absolute, not relative paths, for their exclusion list.

Client Tracing / Profile Directories


Office 2016:

%userprofile%\AppData\Local\Microsoft\Office\16.0\Lync

Office 2013:

%userprofile%\AppData\Local\Microsoft\Office\ 15.0 \Lync
Office 2016 Installation Directories

Click-to-Run:

C:\Program Files (x86)\Microsoft Office\root\Office16

MSI-based Installations:

· 64-bit Office on 64-bit Windows:

C:\Program Files\Microsoft Office\Office16\

· 32-bit Office:

C:\Program Files (x86)\Microsoft Office\Office16\
Office 2013 Installation Directories

· 64-bit Office on 64-bit Windows

C:\Program Files\Microsoft Office\Office15\

· 32-bit Office:

C:\Program Files (x86)\Microsoft Office\Office15\

Must I Exclude These Directories?


The short answer is no, but please take into consideration that we in Microsoft Customer Service and Support have resolved many issues by simply taking A/V scanning out of the picture. This happens both server- and client-side. Often customers push back when asked to remove A/V software, or simply disable it for testing purposes. We understand your concerns, but this software can be very intrusive. Even if disabled, hooks are left in place which can interfere with Skype for Business clients. For another perspective, please see this this blog . Here is an excerpt: “AV or security software manufacturers tend to understand “Disabled” as a “I’ll continue with all my intrusive way of doing, only that if I detect something suspicious I won’t tell anyone. But I can keep being the cause of performance problems, memory leaks, or memory corruptions. “

Eicar Test


The Eicar (European Institute for Computer Antivirus Research) test allows anyone to see if a certain folder on their machine is being scanned. Simple copy/paste the 68-byte ASCII text into notepad, and save it locally. Your scanner should pick up this innocuous file and flag it as a threat. I did this, and saved it to my Lync/Sfb profile folder, and immediately was informed of a “severe” thread by Windows Defender. If I suspected A/V of causing issues with SfB, I would have excluded this folder from scanning.

Grab the Eicar test and details from http://www.eicar.org/86-0-Intended-use.html

Conclusion


In most SfB client cases, A/V software runs fine without any special configuration and does not interfere with SfB functionality. If you have read this page however, you understand why customers might be asked to exclude certain directories from scanning, or to disable, or remove A/V software for testing purposes.

Note:

We are not aware of a risk of excluding the specific files or folders that are mentioned in this article from scans that are made by your antivirus software. However, your system may be safer if you do not exclude any files or folders from scans.

Resources


Antivirus scanning exclusions for Lync Server 2013

https://technet.microsoft.com/en-us/library/dn440138(v=ocs.15).aspx

Plan antivirus scanning for Outlook 2013

https://technet.microsoft.com/en-us/library/dn769141.aspx?f=255&MSPPError=-2147217396