Just a general question - what's the general consensus about running an antivirus product on the backup server? I come from a background where we've never run AV on a backup server as it impacts the speed of the backups, etc.
But does it?
We're currently running NetWorker 7.6.3 on Windows 2003 32-bit and the organisation is looking to install Symantec Endpoint Protection 11. This has been running on other servers, but has never been installed on the NetWorker server.
Good idea to install it? Bad idea to install it?
Your comments are appreciated.
For me, this is a bad idea.
A common practice on a backup server is to leave the folders containing the backup metadata to be excluded from getting scanned by the anti virus. But I would support the "Don't install anti-virus on your backup server" slogan because (as far as i have come across) the antivirus is scheduled to run full machine scans that are very process intensive. When the scan runs there is minimum resources left out for the backup software to operate on, thus the performance impact.
I am sure there are different opinions here about this though.
Definitely bad idea.
This will be doing real-time scan on every single file, will be checking NW processes and TCP connections, if snapshot involved it would also be scanning the SYTEM VOLUME INFORMATION folder where the snapshot is created.
Overall you will be facing issues, timeouts, backups "hanging" etc.
If eventually you have to install it I believe there are some technical documents that specify all the requirements for folders, processes etc that needs to be excluded from the AV scan.
Thanks, Carlos. One of our other customers uses CommVault Simpana and they insisted on having McAfee running on the backup server. Fotunately, the CommVault documentation tells you what processes as well as directories to exclude from virus scanning - but I'm still unhappy about running AV on it.
I cannot find now the document I was talking about, but in the installation and administration guides you can find this:
Undesirable behavior might occur if the antivirus software installed on a Windows machine is not tuned for backup environments.
Configure the antivirus software to:
• Avoid scanning files that are opened for backup.
• Clear Opened for Backup in the Advanced Auto-Protect option for Norton Antivirus.
• Clear Opened for Backup in the Scan Items tab of McAfee’s On-Access Scan Properties window.
Not monitor the following directories:
• C:\Program Files\EMC or C:\Program files\Legato
• AFTD directories
Refer to the antivirus documentation for detailed information.
McAfee Knowledgebase article KB53787 provides information for McAfee 8.7i.
McAfee Knowledgebase article KB53781 provides information for McAfee 8.0i and 8.5i.
For Norton Antivirus, Norton knowledgebase article provides details on how to configure an exclusions list.
For McAfee, McAfee knowledgebase article KB50998 provides details on how to configure exclusions.
Some Symantec info about how to configure: