Poll: AV on EV Servers
Updated: 21 May 2010 | 14 comments
We've tried two separate anti-virus vendors on our EV7.0 and later 2007 servers and EV simply will not perform with AV software installed on them - even with the proper file/directory exclusions set per http://seer.entsupport.symantec.com/docs/284807.htm. We have 3 journal archiving EV servers and 2 mailbox archiving EV servers and performance drops so low with AV running that I have to disable it to keep up.
So, how many people out there actually run AV on their EV servers?
Discussion Filed Under:
Comments
We run McAfee Enterprise
We run McAfee Enterprise v8.5.0i and once you exclude the necessary directories it runs without issue
We have been running on this for years and we have been trouble free
We have one Journal Server, two Public Folder Servers, four live FSA servers and four historical servers storing a mixture of FSA and Journal archives.
We have no issues with AV on any of our systems
Liam Finn
"Will not perform" ?
SilverIce,
Can you expand on what you mean by "Will not perform"?
We run Symantec EndPoint
We run Symantec EndPoint Protection 11.0.4202.75
With the exclusions, we have had no performance problems.....
We're also running McAfee
We're also running McAfee VirusScan Enterprise 8.5.0i and have not had any issues. Ditto about running this software for years on EV servers trouble free.
Andy Becker | Authorized Symantec Consultant | Trace3 | Symantec National Partner | www.trace3.com
"Will not perform" in my case
"Will not perform" in my case means that EV archiving cannot keep up with the volume of email while the AV services are running. Once I stop/disable those services everything goes back to normal and EV is happy again...
Are you sure that you have
Are you sure that you have excluded the necessary directories?
If you have then it sounds like either your system is underpowered or your AV is the issue because i have seen many installs of EV and they are perform great with the more well known AV software on the commercial market today
Liam Finn
I've double checked my
I've double checked my exclusions per Document ID: 284807 and everything is set correctly. However, I've been using Process Explorer to look at CPU consumption - whenever AV services are running the EV processes hardly do anything and when I stop the AV services the EV processes will eat up 50-75% of the CPU as I would expect. Which leads me to my next question: should the EV install directory (%system%\Program Files\Enterprise Vault) which contains all of the different processes, such as TaskController.exe, StorageServer.exe, StorageArchive.exe, etc. also be excluded from AV scanning?
That's what MS recommends for Exchange, but I don't see it in the Symantec article....
Yes they should be excluded
Yes they should be excluded along with the cache location and msmq
Liam Finn
Gotta love Symantec
Gotta love Symantec documentation. Thanks!
If the thread is solved
If the thread is solved please mark it as solved
Liam Finn
Still no luck, I'll open a
Still no luck, I'll open a case tomorrow with both vendors and report back with any resolution.
When AV is activated, and you
When AV is activated, and you see little to no activity on the EV services... are the AV services very active? (or is the server somewhat idle)
Yes, AV services typically
Yes, AV services typically are consuming 5-20% of the CPU which makes me think it's still scanning something it's not suppose to....
Remember in many AV products
Remember in many AV products there are two types of scanning :-
scheduled
i.e. something that runs once per week
on-demand or immediate or always (different terms per vendor)
i.e. instantly scanning any file access.
Often vendors have different settings for each type of scanning. So if you configured all the right exclusions on the scheduled scanning, the on-demand scanning will still be doing it wrong.
Hope that helps,
Would you like to reply?
Login or Register to post your comment.