Below is a list of Best Practice settings when setting up, and configuring Symantec Protection for SharePoint Servers 5.x,
- Make sure there is a Symantec Protection for SharePoint Servers console installed on every Web Front End Server. It can also be installed on a backend Server as well, and this install can be used for scheduled scans to reduce load on the front end server(s).
- The Symantec Protection for SharePoint Servers console needs to run as a Domain User that has full access rights to the SharePoint Data farms, the easiest way to obtain this is to make this user a local admin on the SharePoint Server. This user also has to have read/write access to all of the SharePoint content within the SQL Database. Again the easiest way to obtain this is to make this user a local admin on the SQL Server (Note this is not the case for SQL 2008).
- Make sure that each Symantec Protection for SharePoint Servers console has at least two scanners (Symantec Scan Engine) registered with it. Just to clarify, this does not mean each console needs two individual scanners dedicated to it. The consoles can share scanners. We recommend this for redundancy purposes, just in case one scanner goes down. Though your total number of scanners should be close to your total number SPSS consoles running, if not greater than.
- For real-time scan settings, we recommend scanning both uploads and downloads. This is technically set under Operations > Antivirus. For real-time scanning if the scanners become busy or offline, and are not accessible the Symantec Protection for SharePoint Servers console can be configured to fail open, or fail close. We suggest configuring the SPSS console to fail open, with the option “Bypass scanning when all scan engines are busy or offline”, and “Scan all content was bypassed when all scan engines were offline or busy.”. (Operations > Symantec Protection 5.1 for SharePoint Servers > Manual scan and scheduled scan settings)
- If manual or scheduled scans will be regularly performed, we suggest running the manual/scheduled scan during off hours to help with the extra load. Also might want to consider installing a Symantec Protection for SharePoint Servers console on one of the backend SharePoint Servers, and bringing up a dedicated off-box scanner to configure with that backend SPSS console. This would reduce the load to the front end SharePoint Servers. As far as the number of threads to use for a scheduled/manual scan, if it is going to occur around a busy time use a smaller number like 3-6 threads. If the manual/scheduled scan is going to occur during a non busy time go ahead and use 10+ threads. It is optional but we would also suggest not scanning all file versions in a document library. By default it is disabled. (Operations > SPSS 5.1 > Manual scan and scheduled scan settings)
- Do not enable real-time scanning for uploads or downloads until each console on each front-end server has at least one registered scanner.
Additionally, below are some Best Practice settings for Symantec Scan Engine when used with Symantec Protection for SharePoint Servers,
- In the Scan Engine UI, https://:8004, under Configuration > Resources, set Maximum RAM used for in-memory file system to 512MB (Default is 16MB). Also set Maximum file size stored within the in-memory file system to 10MB (Default is 3MB). These two settings should help a little with performance.
- For situations where there will be a high load on the front-end SharePoint Servers, install Scan Engine on their own dedicated Servers. Instead of running them on the same server as the SPSS console. This is not necessary, but in high load situations it can help since it will get the extra scanning load added by Scan Engine off of the already heavily utilized SharePoint box.
- Take a look at the Scan Engine Filter settings, Policies > Filtering > Container Handling/Files. There is no specific recommendation here, just make sure you are aware of them, and how Scan Engine will react to such things as encrypted files, or malformed files, etc.
Please contact Support for more information or any questions.