Video Screencast Help

Exchange Server Hanging

Created: 29 Jan 2013 • Updated: 11 Feb 2013 | 9 comments
This issue has been solved. See solution.

Hi All,

Good Day.

We are using Sep 12.1 RU1 MP1, Recently we have installed on Exchange 2010 and now we have noticed that Exchange server is Hanging because High utilization, and we have lookup the same case with Microsoft and they have guided " idsvia64.sys" is causing the issue ? (Got it from Memory Dump analysis)

We have installed following components on Exchange server and given recommended Exclusions as well

1. Virus, spyware and Basic download protection

  • Advance download protection

2. PTP

  • SONAR and ADC

3. NTP

  • Intrusion Prevention

I need to confirm that  " idsvia64.sys" is the part of which component  on Protection ?



Comments 9 CommentsJump to latest comment

Ajit Jha's picture

Hi Ajin,

The IPS engine introduces cumulative CPU and network latency based on the number of TCP streams open. This is most noticeable on high bandwidth servers with a high sustained rate of TCP/UDP streams. The more TCP/UDP streams, the more IDS engine memory usage and CPU processing time will affect the performance of the network connection(s). Utilizing IPS is not recommended on servers consuming more than 35% average CPU load, or processing more than 300 Mbps of sustained TCP/UDP bandwidth. Doing so can result in lowered service response times, outages, and OS failures.

Please note: in SEP 12.1 and later versions, IPS kernel driver (idsxpx86.sys for 32-bit and idsvia64.sys for 64-bit systems) is installed and running with Advanced Download Protection feature (aka Download Insight).

For more information:


Ajit Jha

Technical Consultant


Mithun Sanghavi's picture


In SEP 12.1 and later versions, IPS kernel driver (idsxpx86.sys for 32-bit and idsvia64.sys for 64-bit systems) is installed and running with Advanced Download Protection feature (aka Download Insight).

In your case, I would request you to check these Articles below:

Best Practices for employing Intrusion Prevention System (IPS) to high-availability/high bandwidth servers.

Windows Server 2008 x64 Crashes with Symantec Endpoint Protection 12.1 client installed with DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)


I would request you to uninstall SEP 12.1 RU1 MP1 and then reinstall SEP 12.1 RU2 on it.

By reinstalling the SEP 12.1, it would then create exceptions for Exchange 2010 which may help eventually.

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

SebastianZ's picture

Have a look at further recommendations for installing SEP on windows server systems:

...and about the automatic exclusions of SEP on Exchange 2010 machine:

ᗺrian's picture

First thing I would do is remove all components except AV. See what the result is.

Also, make sure you have the necessary exclusions in place for Excahnge.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Ashish-Sharma's picture


I agree above comments.

What happend when you have stop sep service?

If you have install exchange different drive automatic exclusions not work you can add manually.

Thanks In Advance

Ashish Sharma

AjinBabu's picture

Thank u all for inputs,

We will remove IPS module from Exchange servers, will post the result by the end of tomorrow since the issue is occurring on Peak working hours.
Once again Thanks

Best Regards

Ajit Jha's picture

Yes, we all want to see the result, as its know issue, but still.


Ajit Jha

Technical Consultant


AjinBabu's picture

Hi All,

Thanks for all Help.

We have run our exchange server with only AV and spyware component and it is working perfectly for the past 7 days :)