Folders to exclude from antivirus scanning in ASP.NET applications
This article helps you resolve the problem that the AppDomain
in ASP.NET applications might be unloaded when some folders aren't excluded by antivirus software.
Original product version: ASP.NET, .NET Framework 4.8, 4.7, 4.6, 4.5.2, 3.5 Service Pack 1
Original KB number: 3126034
Summary
In ASP.NET applications, certain folders should be excluded from antivirus scanning. If they are not, the scan could cause inadvertent AppDomain
unloads, and this causes performance issues.
ASP.NET uses the ReadDirectoryChangesW
Win32 function to monitor directories and files. In the following scenarios, the ASP.NET AppDomain
class is unloaded:
The application's physical root path and all of its subdirectories are monitored for subdirectory name changes or deletions. The
AppDomain
is unloaded if any of these changes.The
bin
,App_Code
,App_WebReferences
,App_GlobalResources
, andApp_Browsers
subdirectories of the application root folder are monitored for creation, deletion, renaming, ACL changes, changes to the last-write time, and changes to the size. If any of these things change, theAppDomain
is unloaded.The
machine.config
and root web.config files are monitored for changes. A change to either of these files will unload theAppDomain
.The web.config file of parent applications is monitored. A change to this file will unload the
AppDomain
.The web.config file in the application root is monitored. A change to this file will unload the
AppDomain
.The
hash.web
file that's located in the hash subdirectory of the Temporary ASP.NET Files folder is monitored. This monitoring was added to support development scenarios in which both theClientBuildManager
and the runtimeBuildManager
are updating the application files. Because there are two build managers, there was a need to keep them in sync, and thehash.web
file is used for that purpose.The web.config file in any subdirectory of the application is monitored. A change to this file will unload the
AppDomain
.The
App_LocalResources
subdirectory of each virtual subdirectory is monitored for creation, deletion, renaming, ACL changes, changes to the last-write time, and changes to the size. If any of these things change, theAppDomain
is unloaded.
Based on the files and folders that are monitored, the following directories are recommended for exclusion from antivirus scanning:
- The root directory and all of its subdirectories for the ASP.NET application.
- The .NET Framework config files directory. This varies by the version of .NET Framework and on whether the ASP.NET application is running in 32-bit or 64-bit processes.
- The root directory of the ASP.NET application's parent application.
- The Temporary ASP.NET Files folder.
We also recommend that the following IIS directories be excluded from antivirus scans in ASP.NET applications:
%systemroot%\System32\inetsrv\config
%systemdrive%\inetpub\temp
More information
To avoid AppDomain
unloads, disable FCNMode
(FCN stands for File Change Notification). For information about how to disable FCNMode
, see ASP.NET 2.0-connected applications on a website may appear to stop responding. However, disabling FCNMode is not recommended.