I've double checked my

SilverICE · ‎09-15-2009

We've tried two separate anti-virus vendors on our EV7.0 and later 2007 servers and EV simply will not perform with AV software installed on them - even with the proper file/directory exclusions set per http://seer.entsupport.symantec.com/docs/284807.htm. We have 3 journal archiving EV servers and 2 mailbox archiving EV servers and performance drops so low with AV running that I have to disable it to keep up.

So, how many people out there actually run AV on their EV servers?

Liam_Finn1 · ‎09-15-2009

We run McAfee Enterprise v8.5.0i and once you exclude the necessary directories it runs without issue

We have been running on this for years and we have been trouble free
We have one Journal Server, two Public Folder Servers, four live FSA servers and four historical servers storing a mixture of FSA and Journal archives.

We have no issues with AV on any of our systems

Rob_Wilcox1 · ‎09-15-2009

SilverIce,

Can you expand on what you mean by "Will not perform"?

Working for cloudficient.com

AndrewB · ‎09-15-2009

We're also running McAfee VirusScan Enterprise 8.5.0i and have not had any issues. Ditto about running this software for years on EV servers trouble free.

SilverICE · ‎09-15-2009

"Will not perform" in my case means that EV archiving cannot keep up with the volume of email while the AV services are running. Once I stop/disable those services everything goes back to normal and EV is happy again...

Liam_Finn1 · ‎09-15-2009

Are you sure that you have excluded the necessary directories?
If you have then it sounds like either your system is underpowered or your AV is the issue because i have seen many installs of EV and they are perform great with the more well known AV software on the commercial market today

SilverICE · ‎09-15-2009

I've double checked my exclusions per Document ID: 284807 and everything is set correctly. However, I've been using Process Explorer to look at CPU consumption - whenever AV services are running the EV processes hardly do anything and when I stop the AV services the EV processes will eat up 50-75% of the CPU as I would expect. Which leads me to my next question: should the EV install directory (%system%\Program Files\Enterprise Vault) which contains all of the different processes, such as TaskController.exe, StorageServer.exe, StorageArchive.exe, etc. also be excluded from AV scanning?

That's what MS recommends for Exchange, but I don't see it in the Symantec article....

Liam_Finn1 · ‎09-15-2009

Yes they should be excluded along with the cache location and msmq

SilverICE · ‎09-15-2009

Gotta love Symantec documentation. Thanks!

Liam_Finn1 · ‎09-15-2009

If the thread is solved please mark it as solved

Murr38 · ‎09-15-2009

We run Symantec EndPoint Protection 11.0.4202.75

With the exclusions, we have had no performance problems.....

SilverICE · ‎09-15-2009

Still no luck, I'll open a case tomorrow with both vendors and report back with any resolution.

Rob_Wilcox1 · ‎09-16-2009

When AV is activated, and you see little to no activity on the EV services... are the AV services very active? (or is the server somewhat idle)

Working for cloudficient.com

SilverICE · ‎09-16-2009

Yes, AV services typically are consuming 5-20% of the CPU which makes me think it's still scanning something it's not suppose to....

Rob_Wilcox1 · ‎09-16-2009

Remember in many AV products there are two types of scanning :-

scheduled
i.e. something that runs once per week

on-demand or immediate or always (different terms per vendor)
i.e. instantly scanning any file access.

Often vendors have different settings for each type of scanning. So if you configured all the right exclusions on the scheduled scanning, the on-demand scanning will still be doing it wrong.

Hope that helps,

Working for cloudficient.com

VOX

Poll: AV on EV Servers