A slow throughput is observed while running backup of a server that has Trend Micro's OfficeScan realtime scan feature is enabled

Article:TECH73433  |  Created: 2009-01-12  |  Updated: 2011-05-16  |  Article URL http://www.symantec.com/docs/TECH73433
Article Type
Technical Solution

Product(s)

Issue



A slow throughput is observed while running backup of a server that has Trend Micro's OfficeScan realtime scan feature is enabled

 


Cause



A tape based or disk based backup of a server running Trend Micro OfficeScan has been observed to run at a slow throughput rate.  This has been determined to be a conflict of the backup job and the 'Real time' scan of the files being accessed by Backup Exec during the backup.

 


Solution



Troubleshooting:
 
Perform one of the following to disable the OfficeScanNT RealTime Scan service:
 
Unload the client by right clicking on the Trend Micro icon in the system tray and selecting 'Unload' or Stop the Trend Micro client
Once the client has been stopped or unloaded, the 'OfficeScanNT RealTime Scan' service MUST be disabled. This can be done from the Services panel in the Control Panel.
Run a backup to disk or tape to confirm throughput is back to an acceptable level.
NOTE: This test needs to be followed in a controlled environment since AntiVirus protection is being disabled
 
Solution:
Please contact Trend Micro to see if there are settings that can be altered to prevent this type of scanning.

On Windows 2003 and 2008 Standard Server Edition, with TrendMicro 10.0 and 10.5 the following TrendMicro settings will resolve the issue:

1. Log into the Trend Micro Office Scan Master Console.  Navigate to:  Networked Computers > Select/Highlight Office Scan Server > Settings
                    Select  Real Time Scan Settings  from the drop down menu > Make sure you are on the  Target  tab >
                            Change Scan Files being:  "created/modified and retrieved"  to "created/modified"
                                      Left-click the  Apply to All Clients  button to update clients

2. Stop the Aegis TMBMSRV service.  Use services.msc to stop unauthorized change service or sc stop tmbmservice. 
Unload Trend Micro to stop services.

Warning: Incorrect use of the Windows registry editor may prevent the operating system from functioning properly. Great care should be taken when making changes to a Windows registry. Registry modifications should only be carried-out by persons experienced in the use of the registry editor application. It is recommended that a complete backup of the registry and workstation be made prior to making any registry changes.
 
3.  Change the following registry keys:
[HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\Aegis]
"RmSysEventDebugFlags"=dword:000f0006
 
AEGIS service will no longer receive any file events that causes a drop in performance.
      
4.    Restart the System.

Note:  The Registry change must be applied on the Media Server as well as on the remote Servers being backed up.
 



Legacy ID



329699


Article URL http://www.symantec.com/docs/TECH73433


Terms of use for this information are found in Legal Notices