The aim of this post is to shed light on why you need an antivirus for SharePoint. This post could be served as you ‘business case’ for an antivirus to pass on to your Security team / management.
Here are some of my notes gathered from various blogs that I have read, discussions and presentations that I have had:
ForeFront antivirus for SharePoint 2010 wont work for SharePoint 2013 (not supported by Microsoft) Microsoft is discontinuing support for ForeFront antivirus for SharePoint 2010 – there are no replacement products except third part vendors. Lots of from MS customers. We can apply the extension period so that we have additional time to migrate to an alternative solution for SharePoint 2010 protection but its important to note there is no protection from Microsoft for SharePoint 2013. Documents uploaded into SharePoint can of course contain malware Once documents are in a SharePoint database, file system antivirus engines cannot understand / detect malware, infected files found in SharePoint content databases Antivirus for SharePoint prevents SharePoint from becoming a repository of infected files by scanning and cleaning files stored in SharePoint which are not accessible to endpoint AV solutions Antivirus for SharePoint detects, removes viruses, spyware, malware and other threats infiles uploaded to and downloaded from SharePoint servers While your own organisations workstations and antivirus are properly implemented and maintained, there is a risk that your customers/suppliers/federated partners files & content may contain threats. The risk is your own organisation has no control over what content is uploaded into and downloaded from your SharePoint farms, depending on how your SharePoint sites are consumed. You might not have the opportunity to clean files being uploaded to a SharePoint site if the end users (in federated partner scenario) has an out-dated laptop containing malware. Antivirus for SharePoint is the only defense we have against this risk of malware in SharePoint content databases. It is advisable to install the file system Antivirus in addition to a SharePoint antivirus. Note you must exclude certain folders from being scanned by the file system antivirus.
SharePoint 2013 introduces NO CHANGES to the SharePoint Antivirus API (a.k.a SharePoint Portal Server Virus Scanning Application Programming Interface (VS API)). Source:
Documents can of course contain malware but it’s just not the most common vector. Source:
Prevents your SharePoint server from becoming a repository of infected files by scanning and cleaning files stored in SharePoint which are not accessible to endpoint AV solutions. Source:
Symantec Protection for SharePoint Servers detects and removes viruses, spyware, and other threats in files uploaded to and downloaded from your SharePoint server(s). Source:
MSMS interfaces with SharePoint using the recommended security architecture via the SharePoint VirusScan API and SharePoint Object Model. Source:
What are the options for SharePoint 2013 Antivirus?
Symantec Protection for SharePoint Servers
- Familiar vendor to a lot of environements
- Can be used with Symantec Enterprise Vault for SharePoint and Symantec Backup Exec for SharePoint to deliver a comprehensive security, archiving, and data recovery solution.
ESET® Security for Microsoft SharePoint Server
- First engine for SharePoint 2013 – very customisable / powerful.
- Very light and efficient antivirus
Kaspersky Security for Collaboration (SharePoint)
- Light and well known vendor, well trusted security solution
McAfee Security for Microsoft SharePoint
Sophos SharePoint Security
TrendMicro PortalProtect SharePoint Security
If you have experience in any of the above, I’ll be happy to hear from you.