Real-time anti-virus scanners

Hello all. Our company’s Information Security & Risk Manager is asking a question.

Here is the question that hopefully someone can answer:

Could you reach out to the developers of the Scada software, and ask them if any files and/or folders are recommended to be excluded from real-time anti-virus scanners? Oftentimes applications that use databases need to be excluded from the on-access antivirus software, so that it doesn’t lock up database files or impact performance of the app.


Recommended is a tricky word, but in broad terms, I’ll say that Ignition doesn’t actually do a lot with the filesystem, in comparison to DBs or other services that are constantly synchronizing back to the disk. That said, there are two exceptions:

  1. The config.idb file, location in ${ignitionInstallDirectory}/data/db. This file is a SQLite database; it’s constantly being opened and written to while the gateway is running. If your AV is particularly invasive, it may hold locks on this file that cause issues for the gateway service.
  2. If you’re on 8.0 or higher, projects are stored as resources on disk. They’ll be in ${ignitionInstallDirectory}/data/projects/ - if you’re going to whitelist a directory, it would be this one. Ignition will need to create directories and files within those directories at minimum for each project update saved in the designer. We’re also constantly scanning the project directories here, so that in case something changes on disk it updates your project(s) appropriately.

Thanks Paul. I’ll pass this info along.

In addition to @PGriffith’s list above:

  1. Is there any reason not to whitelist ${ignitionInstallDirectory}/data/db instead of just config.idb file within it?
  2. Is there any reason not to whitelist ${ignitionInstallDirectory}/logs?