Skype for Business Client-Side Anti-Virus Scanning


 

by Steve Schiemann

Microsoft has found that some client-side issues can arise because of anti-virus interference with normal operations. These issues include but are not limited to downloading the address book, response problems when performing various tasks, or outright crashes.

To ensure that the antivirus scanner does not interfere with the operation of Skype for Business (SfB) clients, customers should exclude client tracing/profile directories, and the Office installation directories on each workstation on which you run a file-level antivirus scanner.

Note:

Folder and file locations listed below are the default locations for various client installations. For any locations for which you did not use the default, exclude the locations you specified for your installation instead of the default locations specified in this writing.

Important:

Please note that some antivirus programs may need absolute, not relative paths, for their exclusion list.

Client Tracing / Profile Directories

Office 2016:

%userprofile%\AppData\Local\Microsoft\Office\16.0\Lync

Office 2013:

%userprofile%\AppData\Local\Microsoft\Office\15.0\Lync

Office 2016 Installation Directories
Click-to-Run:

C:\Program Files (x86)\Microsoft Office\root\Office16

MSI-based Installations:

· 64-bit Office on 64-bit Windows:

C:\Program Files\Microsoft Office\Office16\

· 32-bit Office:

C:\Program Files (x86)\Microsoft Office\Office16\

Office 2013 Installation Directories

· 64-bit Office on 64-bit Windows

C:\Program Files\Microsoft Office\Office15\

· 32-bit Office:

C:\Program Files (x86)\Microsoft Office\Office15\

Must I Exclude These Directories?

The short answer is no, but please take into consideration that we in Microsoft Customer Service and Support have resolved many issues by simply taking A/V scanning out of the picture. This happens both server- and client-side. Often customers push back when asked to remove A/V software, or simply disable it for testing purposes. We understand your concerns, but this software can be very intrusive. Even if disabled, hooks are left in place which can interfere with Skype for Business clients. For another perspective, please see this this blog. Here is an excerpt: “AV or security software manufacturers tend to understand “Disabled” as a “I’ll continue with all my intrusive way of doing, only that if I detect something suspicious I won’t tell anyone. But I can keep being the cause of performance problems, memory leaks, or memory corruptions. “

Eicar Test

The Eicar (European Institute for Computer Antivirus Research) test allows anyone to see if a certain folder on their machine is being scanned. Simple copy/paste the 68-byte ASCII text into notepad, and save it locally. Your scanner should pick up this innocuous file and flag it as a threat. I did this, and saved it to my Lync/Sfb profile folder, and immediately was informed of a “severe” thread by Windows Defender. If I suspected A/V of causing issues with SfB, I would have excluded this folder from scanning.

Grab the Eicar test and details from http://www.eicar.org/86-0-Intended-use.html

Conclusion

In most SfB client cases, A/V software runs fine without any special configuration and does not interfere with SfB functionality. If you have read this page however, you understand why customers might be asked to exclude certain directories from scanning, or to disable, or remove A/V software for testing purposes.

Note:

We are not aware of a risk of excluding the specific files or folders that are mentioned in this article from scans that are made by your antivirus software. However, your system may be safer if you do not exclude any files or folders from scans.

Resources

Antivirus scanning exclusions for Lync Server 2013

https://technet.microsoft.com/en-us/library/dn440138(v=ocs.15).aspx

Plan antivirus scanning for Outlook 2013

https://technet.microsoft.com/en-us/library/dn769141.aspx?f=255&MSPPError=-2147217396

Comments (1)

  1. Petri X says:

    How about if you could open these issues a bit more for readers?
    – When AV product blocks the address book download, can you see on the AV logs this is the case?
    – What do you mean by the “response problems”? Troubles to responce calls, chats or something else?
    – And what does really means “performing various tasks”
    – How Outlook 2013 AV planning fits to Skype ? 😉

    With this you basically leave everything open, and we could blame AV products basically all kind of troubles with Skype. Would it be better to exclude certain file paths instead of the whole director (like lets shoot by shutgun as the problem is around there).

Skip to main content