M-Files and Virus Scanning

M-Files is compatible with all commonly used virus scanning products.

Make sure that the virus scanners on the users' computers do not do scheduled scanning for the virtual M-Files drive (the M: drive by default). A scheduled scan for the M-Files drive loads all the content from the M-Files server to the user's client and unnecessarily puts strain on the network and the server.

For best performance, disable real-time scanning for the M-Files drive and the M-Files installation folder (C:\Program Files\M-Files\ by default) on the server and clients computers. This prevents unnecessary system load and possible conflicts between M-Files and the anti-virus software.

Important: If you use McAfee security products, also refer to this article.

Excluding the M-Files drive and installation folder from virus scanning

To exclude the M-Files drive and the installation folder from virus scanning, add their paths to the correct exclusion lists or exception lists in the anti-virus software. For example, with Symantec Endpoint Protection Manager (SEPM), this is done with an "exceptions policy". Other commonly used anti-virus software products can use terminology such as "excluded items list", "exclude objects", or "exclude from scanning".

There are usually separate exclusion lists for scheduled scanning and real-time scanning.

Excluding the M-Files Client process from virus scanning

If your anti-virus software lets you exlude processes by name, it can be a good idea to exclude MFClient.exe from real-time scanning on the client computers. It can improve performance because it makes sure that the virus scanner does not scan the same files twice: once when the application opens the file and a second time when MFClient.exe does an internal Open operation on the same file.

The default path to MFClient.exe is C:\Program Files\M-Files\<version>\Bin\x64\MFClient.exe. If you use SEPM, refer to the Symantec knowledge base article How to create an application exception in the Symantec Endpoint Protection Manager.

Excluding M-Files server processes and vault data from virus scanning

Note: If the processes and folders given in this section are not excluded from virus scanning on the M-Files server machine, users can experience poor vault performance. This can also cause faulty backups of vault data.

On the M-Files server machine, make sure that these processes are excluded from real-time virus scanning:

Process name Default location
MFServer.exe C:\Program Files\M-Files\<version>\Bin\x64\
MFServerAux.exe C:\Program Files\M-Files\<version>\Bin\x86\
MFIndexer.exe C:\Program Files\M-Files\<version>\Bin\x64\
MFIndexingManager.exe C:\Program Files\M-Files\<version>\Bin\x64\
MFDataExport.exe C:\Program Files\M-Files\<version>\Bin\x64\
mf-grpc-web-server.exe C:\Program Files\M-Files\<version>\Server\Web\GRPC\
Make also sure that these folders are excluded:
  • The M-Files installation folder (C:\Program Files\M-Files\ by default)
  • The vault data folder (C:\Program Files\M-Files\Server Vaults\ by default)

Excluding other processes

The exclusion of the pdfSaver.exe process from real-time virus scanning can improve performance when the user converts documents to PDF. Its default location is C:\Program Files\PDF-XChange\PDF-XChange Standard.

Antimalware support

M-Files Server supports antimalware checks on Microsoft Windows Server 2016 and later. Files uploaded to the M-Files server can be scanned for viruses and malware before they are saved in the repository. To do this, you must use an anti-virus software that is compatible with Windows Antimalware Scan Interface (AMSI). For example, Microsoft Windows Defender. Real-time scanning must also be enabled.

To take the antimalware checks into use, add these Microsoft Windows registry settings on the M-Files Server computer:

Key HKEY_LOCAL_MACHINE\SOFTWARE\Motive\M-Files\<version>\Server\MFServer
Value name EnableAntimalwareScanner
Value type REG_DWORD
Value 1
Description Enables antimalware scanning on Microsoft Windows 10, Microsoft Windows Server 2016, and later.
Key HKEY_LOCAL_MACHINE\SOFTWARE\Motive\M-Files\<version>\Server\MFServer
Value name TreatAntimalwareScannerErrorsAsTransferBlockingErrors
Value type REG_DWORD
Description Specifies whether file transfers to M-Files Server are blocked if the antimalware software is not available or has not been correctly configured. The default value is 0.
Value 0 Do not block file transfers if antimalware software is not available or is misconfigured.
1 Block file transfers if antimalware software is not available or is misconfigured.
For the changes to take effect, you must restart the M-Files Server service.