Avamar: Backup performance impacted by anti-virus software real-time file scan

Summary: Anti-virus software for real-time scanning of files is impacting Avamar client backup or restore performance.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

The backup performance of an Avamar client during the scanning of files is relatively low.

The following points are true:
  • Status messages in the client log show low CPU usage by avtar.exe (see Dell article Avamar - How to interpret avtar backup log status lines)
  • The backup is not bottlenecked due to network congestion.
  • Anti-virus software is installed on the client.
  • The anti-virus software is set to scan files in real time "on access" (when an application accesses files)
To diagnose or view the issue during a backup, use the Task Manager:
  1. Processes tab > View > Select Columns
  2. Enable the I/O Read Bytes, and I/O Reads columns.
  3. While a backup is in progress, monitor the anti-virus process.
  4. If the I/O Read Bytes or I/O Reads numbers for the anti-virus application are heavily incremented during the backup, this may indicate an issue.

Cause

The anti-virus on access scanning feature contends with the avtar process for the storage I/O by intercepting files which avtar is trying to access.

The anti-virus may be scanning snapshot storage which contents with avtar process for access to the snapshot that was taken as part of the backup.

This extra load on the storage hardware reduces the potential file scan speed of the backup.

Resolution

 

As a test, temporarily disable the anti-virus on-access or real-time scanning feature and rerun the backup.



Temporarily configure a test Virtual Machine (VM) to do client-level backup with no anti-virus installed record timing then install anti-virus and compare.

Compare the performance of the latest backup with earlier backups where real-time scanning was active. To do this, review a complete client log for Backed-up.

Manually add --status=120 in additional options to increase the frequency of status messages for testing.

 

avtar Info <6083>: Backed-up 344.3 GB in 862.43 minutes: 24 GB/hour (1,508,688 files/hour)

 

If backup performance is improved with on-access scanning disabled, configure the anti-virus software to trust application activity by Avamar binaries or to ignore the reads.
In addition to the avtar.exe, the executables to trust or safe-list from anti-virus ON ACCESS SCANNING are below. The files are typically installed in the c:\program files\avs\bin folder:

 

avsql.exe       Microsoft SQL Server
avexchglr.exe   Exchange Server GLR
avexvss.exe     Exchange Server
axionfs.exe     Exchange Server GLR
avoracle.exe    Oracle
avlotus.exe     Lotus Notes
avscc.exe       Desktop Icon
avagent.exe     Communication service between the client and Avamar server
avvss.exe       Disaster Recovery, BMR
avmossvss.exe   SharePoint Servers
avupdate.exe    Client update tool

 

May be necessary to add exclusion for Volume Shadow Copies:
  • Excluding the Directory:
    • Find the anti-virus Settings: Locate your anti-virus software's settings or configuration panel. 
    • Access Scan Exclusion List: Navigate to the section for add or manage scan exclusions, often labeled as "Exclusions," "Scan Exclusion List," or similar. 
    • Add the Directory: Type or paste the path \Device\HardDiskVolumeShadowCopy* into the exclusion list and save the changes. 

  • Excluding the Process:

    • Find the anti-virus Settings: Locate your anti-virus software's settings or configuration panel.
    • Access Process Exclusions: Find the section for add or manage process exclusions.
    • Add the Process: Add "vssvc.exe" to the excluded processes list. 

To list the absolute path of the Shadow Volume, use an elevated Command Prompt, and run the "vssadmin List Shadows" command.

\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy*\
\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy*

 

After resolving this type of interference from anti-virus software, if backup performance is still low, see Dell article: Avamar slow backup performance - how to troubleshoot and identify bottlenecks (RESOLUTION PATH)

Additional Information

The behavior described occurs with any anti-virus program that performs "real-time" or "on-access" scanning.
Below are links to suggested articles of various anti-virus vendors' online documentation that discuss the behavior or how to mitigate it.
Some anti-virus programs keep hash or MD5 checksums of excluded or safe listed programs. When upgrading Avamar software, the hash or MD5 checksum must be recalculated per software vendor requirements.

Symantec EndPoint Protection

Trend Micro Office scan

Sophos

Quick Heal Endpoint Security

ESET Endpoint anti-virus

Panda Security

CrowdStrike

Microsoft

Carbon Black

Fortinet

Trellix (FireEye)
 

Note: Trellix's Low-Risk Processes policy allows users to disable scan on read and scan on write for any process added to the policy. This configuration allows the process to run while preventing scanning of the disk activity caused by the process.

Cisco AMP

Rapid7

Affected Products

Avamar Client for Windows, Avamar Desktop/Laptop Option, Avamar Plug-in for Exchange 2007, Avamar Plug-in for Exchange VSS, Avamar Plug-in for Hyper-V VSS, Avamar Plug-in for IBM DB2, Avamar Plug-in for Lotus Domino, Avamar Plug-in for Oracle , Avamar Plug-in for SAP with Oracle ...

Products

Avamar, Avamar Plug-in for SharePoint, Avamar Plug-in for SharePoint VSS, Avamar Plug-in for SQL, Avamar Server, Avamar Virtual Edition
Article Properties
Article Number: 000065139
Article Type: Solution
Last Modified: 31 Jul 2025
Version:  20
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.