Endpoint Protection

We recently migrated a number of database servers (MySQL, SQL, Oracle) into our environment.  Every now and again.. it appears around once a week, the night after the full scan in some cases, undetermined schedule in another.. that the servers hang to the point that they still respond to ping so our monitoring tool does not think they're down but any attempt to console into them results in a hung gray screen. 

Our file exclusions include the default file extensions for all 3 database architectures.  Any ideas?  There don't seem to be any common errors across the servers.  A couple of weeks ago, we were having paged pool errors, preventing registry writes, etc. and we excluded pagefile.sys which seems to have remedied that issue.

What is the version of SEP installed?

Do you see any errors realted to the SEP in the event viewer?

Hi Tbaze,

That doesn't sound like any known issue.  (What does task manager- or better yet, sysinternals' process explorer- show is happening on those DB servers at the time of their hang-?)   SEP is designed to operate well with MS SQL, anyway:

Can Symantec AntiVirus or Symantec Endpoint Protection scan a MS SQL database?  (http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2002120911393848)

I recommend double-checking that centralized exclusions passed down from the SEPM ensure that no SEP process is going near the sensitive DB files and folders.  Here's an article that can help:  How to exclude MS SQL files and folders using Centralized Exceptions (http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008062709312848) 

Also: what version of SEP is running?  If it's earlier that SEP 11 RU6, I recommend upgrading just as a general "best practice."

Please let the forum know of your progress!

Thanks and best regards,

Mick

Exclude all database files and extensions and logs. Run a manual full scan and check at what stage does the server hang..