What known issues may occur when running Locator with antivirus software on the same host?

As per https://ayfie-dev.atlassian.net/wiki/spaces/VPKB/pages/433750345 , it is not recommended to use antivirus software in a server environment where Ayfie Locator is installed.
If your IT policy requires you to run antivirus software on the same system as a Locator installation, it is required to whitelist Locator’s Program Files and ProgramData directories. By default, these are:

• C:\Program Files\ayfie\Locator

• C:\ProgramData\ayfie\Locator

Thre are several reasons for this requirement, each of which has been observed in the wild previously at least once:

• Given that the data folder is written to on a constant basis during fetch and indexing, antivirus software scanning it will result in very high CPU usage and consequently a massive negative impact on the overall server performance.

• AV software may lock files for exclusive access while scanning them. When this happens with the index and/or database, it may lead to file lock conditions that cause index corruption, and data loss.

• AV software may interfere in operation of or communication between component Locator services, rendering installations seemingly “defective”

  • If you experience unusual, reproducible behavior from your Locator installation, test if the behavior remains reproducible after disabling the antivirus and restarting all Locator services.

• AV software may remove component Locator services, rendering installations partially or completely nonfunctional.

  • In case of Connector services, reinstalling the Connector in question should fix it

  • In case of core Locator services such as Authority, Index or Zookeeper service, the service can be https://ayfie-dev.atlassian.net/wiki/spaces/VPKB/pages/1798930499

• AV software may remove executables of component Locator services, rendering installations partially or completely nonfunctional.

  • In some cases this can be fixed by replacing the executables using ones copied from another installation of the exact same Locator build number (we do not support mixing and matching system components from different Locator builds in the same installation)

  • If the above is unsuccsessful or not an option for any reason, the alternative is backing up the index and database following the steps described in https://ayfie-dev.atlassian.net/wiki/spaces/VPKB/pages/433750583 , reinstalling Locator and then restoring the index and database from backup.

• AV software may remove or block Locator files during an upgrade, resulting in defunct installations.

  • If this happens, the recommended solution is backing up the index and database following the steps described in https://ayfie-dev.atlassian.net/wiki/spaces/VPKB/pages/433750583 , reinstalling Locator and then restoring the index and database from backup.

We are aware that a number of AV programs labels components of Locator - both service executables and services themselves - as malicious and aggressively removes them. Those are false positive detections caused by a service wrapper ( NSSM ) that isused in the product. As we are compiling it from the source code, the wrapper could not be signed by its' original supplier; at the same time, as it is third-party code, signing it with our own certificate (while considered) has been dismissed as a possible course of action for multiple reasons.

As stated in the Software Requirements: Assuming all of your data servers and sources are well protected against virus attacks, excluding the Locator server is not a security risk as all documents will have already been checked for viruses before Locator attemps to access them for indexing.

Further, Locator does not “execute” any macros or active content embedded in the indexed documents - it only extracts their text content. Thus, even if a data source contains a document with a malicious form of such material, your Locator server would not be under any risk of infection or compromise from it.