Antivirus Exclusions for YSoft SafeQ

YSoft SafeQ is I/O-intensive system working with print jobs, documents, rendered images and log files. Any false positive detection resulting in denial of file accesses will influence user experience and may lead to service interruption. A specific set of exclusions is recommended for seamless operations.

Server Exclusions

It is recommended to exclude the following folders and file types from real-time content inspection (such as anti-virus on-access scans):

Folder Content

Folders

File Extensions

embedded PostgreSQL database executable and data directory
(exclude if used)

\SafeQ6\Management\PGSQL-data

*.*

PostgreSQL database (exclude if used)

c:\Program Files\PostgreSQL\9.4\data (example location)

*.*

MS-SQL database (exclude if used)

\MSSQLServer

Please see Microsoft documentation for detailed guide if you do not want to exclude whole directory.

*.*

Spooler Controller cache

\SafeQ6\SPOC\SpoolCache

*.log
*.odb
*.odb$

\SafeQ6\SPOC\SpoolCache\replicator

*.db
*.lg

Terminal Server cache

\SafeQ6\SPOC\terminalserver\DS9DB

* (No file extension)
*.rhp
*.rol

\SafeQ6\SPOC\terminalserver\etcd\TS-<IP>\member\snap (example location)

*.snap

\SafeQ6\SPOC\terminalserver\etcd\TS-<IP>\member\wal (example location)

*.wal

Folders for log files

\SafeQ6\FSP\logs

\SafeQ6\Management\logs (only on Management Server)

\SafeQ6\MPS\logs (optional feature)

\SafeQ6\SPOC\logs

\SafeQ6\SPOC\terminalserver\logs

\SafeQ6\SPOC\EUI\logs

\SafeQ6\WPS\logs

\SafeQ6\YPS\logs (optional feature)

*.[0-9][0-9]
*.log
*.txt
*.zip

Other locations which may be considered for exclusion:

Folder Content

Folders

File Extensions

Windows spooler

\Windows\system32\spool

*.*

Folder for print job data storage

\SafeQ6\FSP\Service\JobStore

*.controller
*.job
*.jobinfo
*.png

Please note that .job files store the print job payload, which may contain Adobe PostScript, Adobe PDF and other data formats which may carry viruses and exploits. They should not be exempted from scanning unless the impact on performance is too significant and the threat is deemed acceptable.


Workstation Exclusions

If the YSoft SafeQ FlexiSpooler is installed on workstation, it is recommended to exclude the following folders and file types from real time content inspection (such as anti-virus on-access scans):

Folder Content

Folders

File Extensions

Folders for log files

\SafeQ6\FSP\logs

*.[0-9][0-9]
*.log
*.txt
*.zip

Other locations which may be considered for exclusion:

Folder Content

Folders

File Extensions

Folder for print job data storage

\SafeQ6\FSP\Service\JobStore

*.controller
*.job
*.jobinfo
*.png


If JobStore is configured to other location (example: %ProgramData%\JOBSTORE), then the other location shall be excluded.

Please note that .job files store the print job payload, which may contain Adobe PostScript, Adobe PDF and other data formats which may carry viruses and exploits. They should not be exempted from scanning unless the impact on performance is too significant and the threat is deemed acceptable.