Endpoint Protection

 View Only

  • 1.  Anti-Virus issues with Cluster

    Posted Sep 08, 2009 03:09 PM
    We recently installed 2 new Dell R710 servers for a our SQL database. We took both servers and created an Active Passive node cluster. We ran into our first issue with endpoint when trying to setup the cluster. We had to completely uninstall endpoint from each server to get the cluster to work. Now that we have the cluster setup and communicating with our SAN we are having issues with keeping our nodes up.

    AS it stands right now, when ever we have the anti virus running on one node the other node goes down. So if endpoint is running on node 2 node 1 goes offline on the cluster service. Is there something in endpoint we can change so that it can run and allow both cluster nodes to stay active.


  • 2.  RE: Anti-Virus issues with Cluster
    Best Answer

    Posted Sep 08, 2009 04:46 PM

    Title: 'Installing a Symantec Endpoint Protection client to a cluster server'
    Document ID: 2008120113202748
    > Web URL: http://service1.symantec.com/support/ent-security.nsf/docid/2008120113202748?Open&seg=ent


  • 3.  RE: Anti-Virus issues with Cluster

    Posted Sep 08, 2009 05:46 PM
    While SEP is typically cluster aware, you might want to check for certain centralized exclusions in your registry. Additionally, you should exclude the following file system locations from virus scanning on a server that is running Cluster Services:
    • The path of the \mscs folder on the quorum hard disk. For example, exclude the Q:\mscs folder from virus scanning.
    • The %Systemroot%\Cluster folder.
    • The temp folder for the Cluster Service account. For example, exclude the \clusterserviceaccount\Local Settings\Temp folder from virus scanning.
    You might also want to take a look at:
    http://support.microsoft.com/kb/309422



  • 4.  RE: Anti-Virus issues with Cluster

    Posted Oct 20, 2009 05:34 AM
    Hi - i am experiencing similar issues to this. I configured exceptions exactly as outlined above. SEP client appeared to be causing memory resource issues on active node. This caused active node to become unresponsive and cluster would no fail over to passive node.

    When i removed SEP last week the issue has not happened again. I am using the latest version os SEP client.

    Now i am reluctant to install SEP on cluster again.


  • 5.  RE: Anti-Virus issues with Cluster

    Posted Oct 20, 2009 01:46 PM
    Actually, SEP is not at all cluster aware.

    Quoted from the above linked support document:

    "The SEP client is not "cluster-aware", and should not be configured as a cluster server, as it should remain active and running to protect the local server, even when the local server is the "passive node" and is not in control of the shared resources."