Summary

1. In order to avoid any problem with your Antivirus software, temporary files should not be replicated with Neverfail Engine.

2. The Antivirus software running on the Primary server must be the same as the Antivirus software which runs on the Secondary and Tertiary (if existing) server. In addition, the Antivirus must be running on both Active and Passive machines. Neverfail considers the Antivirus as a part of the operating system itself so it's ok for this to run on all servers in a Neverfail cluster. 

3. For getting virus definition updates on a Passive machine, Neverfail recommends using a management IP address. If a centralized AV server is used then the Neverfail Management Name feature can be configured to get the virus definitions on the Passive server too. For configuring Management Name, please see the following KB article https://support.neverfail.com/portal/en/kb/articles/how-to-enable-neverfail-engine-management-name-for-passive-node-management. Virus definitions can also be added manually on the Passive server.

4. After installation of Neverfail Continuity Engine, any changes made to the configuration of the Antivirus software on the Active server must be repeated manually on the Passive server.

5. The following services should be whitelisted (added to trusted list) in the Antivirus software:

            Neverfail Engine Service

            Neverfail Engine Web Services 

            Scope Data Collector Service

6. The following process should be whitelisted (added to trusted list of processes/applications) in the Anti-Virus software:

            NfServerR2.exe

            ScopeSvc.exe

7. The following Neverfail directory must be excluded from File Level Anti-Virus Scans:

            C:\Program Files\Neverfail\R2

            C:\Program Files\Neverfail-Scope

8. Some Antivirus software block ports. In that case the following ports need to be opened/whitelisted"

9727 and 9728 - ports used by Neverfail Webservices service to communicate between Neverfail EMS web centralized console and the Primary, Secondary and Tertiary (if existing) servers.

57348 - port used for Neverfail Channel connection. This connection is used for data replication.

52267 - port used for Neverfail Advanced Management Client UI connection. 

9. The Neverfail Interceptor Driver (nfid.sys) is a Windows kernel-level component installed in the Windows\System32\Drivers directory. Like all certified kernel drivers, it has been thoroughly tested and validated by Microsoft and bears a genuine Microsoft digital signature. Antivirus and endpoint protection software should therefore trust nfid.sys in the same way as any native Windows system file..