February 1, 2010 at 10:34 am
Hi,
This is the first time I add a topic here, but I recieve the SQLserverCentral Newsletter every week and find some topics very interesting. Thanks.
So I have the following issue on a SQL 2000 server protected by McAfee antivirus.
When McAfee is disabled, sqlserver.exe process uses less than 10% of the CPU
When I enabled McAfee, sqlserver.exe process jumps to about 60% of the CPU
It slows down the t-sql queries and some sql clients get timeout that affect client applications.
I opened a ticket to McAfee, but get no answer expected to install the last version. That is done but the issue remains.
Here are the McAfee exclusions:
BAK, LDF, MDF,NDF,TRN files
C:\Program Files\CA\
C:\Program Files\Microsoft SQL Server\MSSQL\BACKUP and subfolders
C:\Program Files\Microsoft SQL Server\MSSQL\Binn and subfolders
C:\Program Files\Microsoft SQL Server\MSSQL\Data and subfolders
C:\Program Files\Microsoft SQL Server\MSSQL\FTData and subfolders
D:\BACKUP and subfolders
D:\MSLSQL\Data and subfolders
D:\Tracability Manager and subfolders(databases are located in this directory)
Here are the McAfee Low Risk Process:
Aexauditpls.exe
Aexnsclient.exe
Aexnsclienttransport.exe
Aexnswdusr.exe
Agentsvr (SQL Agent)
Sqlservr.exe
UnivAgent.exe
Configuration
Windows Server 2003 Standard Edition SP2 – intel Xeon 2 CPU 3,06GHz 4GO RAM (3GB swith)
SQL 2000 SP4
McAfee VirusScan Entreprise 8.7.0i
If someone has an idea ??
Pierre
February 1, 2010 at 3:59 pm
Not sure. I know we used to see a lot of contention of resources and file handles with Symantec, but I believe there were some exclusions that were left out.
What happens if you try and exclude the entire c:\program files\Microsoft SQL Server directory?
Are there any database files that are not in the default locations that McAfee could be trying to scan?
Joie Andrew
"Since 1982"
February 2, 2010 at 9:18 am
Thanks for your answer Joie,
I tried to exclude all drives of the server. I saw that McAfee didn't scan anything and the CPU usage of sqlservr.exe increased up to 60%... It seems that the issue is not related to scanning operations.
Pierre
February 2, 2010 at 9:56 am
My two cents: I wouldn't install an antivirus on a production server. I would rather perform a remote scan from another machine.
-- Gianluca Sartori
February 2, 2010 at 12:55 pm
That is an option, but I know a lot of environments will not allow that because that negates any possibility of real-time protection.
Joie Andrew
"Since 1982"
April 5, 2013 at 9:45 am
This article may be of assistance to you.
http://sysadminops.blogspot.com/2011/10/how-to-exclude-processes-from-virus.html
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply