Submit a ticketCall us

Solarwinds & Cisco Live! Barcelona
Join us from the 29th of January to the 2nd of February at Cisco Live 2018 in Barcelona, where we will continue to show how monitoring the network with SolarWinds will keep you ahead of the game. At our booth (WEP 1A), we will demonstrate how SolarWinds network solutions can help. As a bonus, we are also hosting a pre-event webinar - Blame the Network, Hybrid IT Edition with our SolarWinds Head Geek™, Patrick Hubbard on January 24th - GMT (UTC+0): 10:00 a.m. to 11:00 a.m. There's still time to RSVP.

Home > Success Center > Network Performance Monitor (NPM) > NPM 12.2 Administrator Guide > SolarWinds NPM requirements > Antivirus directory exclusions for NPM

Antivirus directory exclusions for NPM

Created by Lori Krell_ret, last modified by Magdalena.Markova on Mar 09, 2017

Views: 2,483 Votes: 11 Revisions: 5
Created by Interspire Import, last modified by Su-Lyn Rosenberry-ret on Oct 23, 2017

Views: 17,655 Votes: 20 Revisions: 36

Last Updated: February 17, 2017


To run SolarWinds products, you may need to exclude certain files, directories, and ports from anti-virus protection. This topic also lists service accounts that should be added for optimal performance and to allow all Orion products  the access to required files.


  • All Orion Platform products
  • Network Performance Monitor (NPM)
  • Server & Application Monitor (SAM)
  • Network Configuration Manager (NCM)
  • NetFlow Traffic Analyzer (NTA)
  • VoIP and Network Quality Manager (VNQM)
  • Enterprise Operations Console (EOC)
  • IP Address Manager (IPAM)
  • Orion Failover Engine (FOE)
  • User Device Tracker (UDT)


For SolarWinds products, exclude the following items from antivirus protection.

Your Windows Operating System hosting the Orion server might require you to exclude further files to prevent the system instability, performance problems and unexpected behavior caused by file locks.


  • Exclude whole folders, including subdirectories.
  • Volume:\ is the default install volume.

Windows Server 2003 and Windows XP

  • Volume:\Documents and Settings\All Users\Application Data\SolarWinds\
  • Volume:\Inetpub\SolarWinds\
  • Volume:\Program Files\Common Files\SolarWinds\
  • Volume:\Program Files\Microsoft SQL Server\
  • Volume:\Program Files\SolarWinds\
  • Volume:\Windows\Microsoft.NET\Framework\v2.50727\Temporary ASP.NET Files
  • Volume:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files
  • Volume:\Windwos\Microsoft.NET\Framework64\v2.0.5072\Temporary ASP.NET Files
  • Volume:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files 

Windows Server 2016, 2012, Windows Server 2008, Windows Vista, and Windows 7

  • Volume:\Inetpub\SolarWinds\
  • Volume:\ProgramData\SolarWinds\
  • Volume:\Program Files (x86)\Common Files\SolarWinds\
  • Volume:\Program Files (x86)\Microsoft SQL Server\
  • Volume:\Program Files (x86)\SolarWinds\
  • Volume:\Windows\Temp\SolarWinds\
  • Volume:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files
  • Volume:\Windows\Microsoft.NET\Framework\v4.0.30319\Temporary ASP.NET Files 
  • Volume:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files 
  • Volume:\Windows\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files
  • Volume:\Windows\System32\config\systemprofile\AppData\Local\assembly


If you are using NetFlow Traffic Analyzer, also exclude the following directiories from antivirus protection:

  • NTA Flow Storage Database directory
  • NTA Flow Storage backup directory
  • If the NTA Flow Storage SWAP file was moved from its default location at C:Windows\Temp, exclude also the directory where the SWAP file is located.

SQL Server

The SQL server should be hosted in a separate server. Make sure the following locations on the SQL server are excluded from antivirus protection:

  • Volume:\Program Files\Microsoft SQL Server\
  • Volume:\Program Files (x86)\Microsoft SQL Server\

If you do not exclude the above the Microsoft SQL Server directories from antivirus protection, your database and transaction log could be locked up as they might be located in the directory.

Service Accounts

The following are LOCAL accounts and not domain. Verify that the Location is changed to ServerName (not your domain) in the AD box where you add these accounts.

  • IUSR
  • Authenticated Users


The Antivirus program must not restrict any of the following ports:

  •  IIS web (TCP/80)
  • SNMP ports (UDP/161, UDP/162)
  • MS SQL database cconnections (TCP/1433, TCP/1434)
  • SolarWinds Information Service (TCP/17777)

For more information, refer to SolarWinds Port Requirements.


Additional Resources:



Last modified