When Kerio Connect is installed on a Windows® operating system alongside Microsoft Defender or a 3rd-party Antivirus or Backup software, it is important to exclude certain folders from the real-time scanning engines. Improper settings of these 3rd-party programs may lead to issues with Webmail/Webadmin loading and file access, along with performance and data corruption problems.
The common 3rd-party Antivirus software includes Symantec Endpoint Protection, Kaspersky, ESET, etc. Certain files can be mistakenly marked as suspected or put on quarantine by Antivirus.
Directories to be excluded
The following directories are to be excluded from antivirus scanning. Defaults are:
- Kerio Connect Installation directory:
- Kerio Connect Mailstore directory:
- Kerio Connect Archive directory:
- Kerio Connect Backup directory:
- Kerio Connect Offline Connector (default locations on client machine - could be different if you changed it during installation):
C:\Program Files (x86)\Kerio\Outlook Connector (Offline Edition)
C:\Program Files (x86)\Kerio\UpdaterService
- For the store directory, navigate to Administration Console > Configuration > Advanced Options > Store Directory.
- For the Archive directory, navigate to Administration Console > Configuration > Archiving and Backup > Archiving.
- For the Backup directory, navigate to Administration Console > Configuration > Archiving and Backup > Backup.
How to add exclusions
Please refer to the corresponding vendor for details on how to add the exclusions in the antivirus or backup software.
- Symantec instructions
- Kaspersky guide
- ESET procedure
- Microsoft Defender: Add an exclusion to Windows Security
This article provides guidance on setting up antivirus exclusions for Kerio Connect to avoid issues with the software's functionality and data integrity. If exclusions are not configured, the 3rd party antivirus may tamper with the Kerio Connect files and lead to functional issues.
Why is it important to exclude these directories?
Excluding these directories prevents antivirus software from incorrectly marking files as suspicious or placing them in quarantine, which can disrupt Kerio Connect's operation.
What is a specific example of the 3rd party antivirus tampering with the Kerio Connect files?
For example, if you have the Kerio Connect BitDefender engine licensed and enabled, the 3rd party antivirus may detect a file which is currently scanned by the integrated AV engine (in \tmp\<subfolder>\avfile.tmp) as malicious , and lock it. This prevents the integrated BitDefender AV engine to properly work, thus potentially impacting overall functionality and mailflow.
Can these exclusions pose a security risk to my system?
Properly configuring exclusions is a balance between security and functionality. While it's crucial to exclude these directories for Kerio Connect's optimal performance, ensure your system is protected in other ways, like regular updates and comprehensive security practices.
Antivirus seems to check each file multiple times - states that Bitdefender actions will be logged in the Debug log, and explains that the Bitdefender plugin creates a temporary copy of the file for scanning purposes.