Running a solid, constantly updated antivirus product on your servers is a necessity to keep a healthy and secure server environment. However, with installing an antivirus product, you also risk having issues with certain workloads and services on those severs. Just like System Center Data Protection Manager (SCDPM), the Microsoft Azure Backup Server (MABS) is compatible with most antivirus software products. Though, the implemented antivirus product can also affect MABS performance and, if not configured properly, can cause data corruption of replicas and recovery points.
So, to avoid file conflicts and to minimize performance degradation between your MABS server and the antivirus software running on top of it, you should disable real-time monitoring by the antivirus software for all of the following processes and directories, which are listed below.
MABS processes to exclude from antivirus real-time monitoring
For information about configuring real-time monitoring based on process name or folder name, check the documentation of your antivirus vendor.
- DPMRA.exe (*full path: C:\Program Files\Microsoft Azure Backup\DPM\DPM\bin\DPMRA.exe)
- csc.exe (*full path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe -> you can also exclude csc.exe in all the other Microsoft.NET Framework folders)
- cbengine.exe (*full path: C:\Program Files\Microsoft Azure Backup\DPM\MARS\Microsoft Azure Recovery Services Agent\bin\cbengine.exe)
MABS directories in the MABS Program Files folder to exclude from antivirus real-time monitoring
Be aware that when you installed MABS on another drive then “C:”, like in the example below, look under the correct drive for the folders to exclude.
- C:\Program Files\Microsoft Azure Backup\DPM\DPM\Temp\MTA\*
- C:\Program Files\Microsoft Azure Backup\DPM\DPM\XSD\*
- C:\Program Files\Microsoft Azure Backup\DPM\DPM\bin
- C:\Program Files\Microsoft Azure Backup\DPM\MARS\Microsoft Azure Recovery Services Agent\bin
- C:\Program Files\Microsoft Azure Backup\DPM\DPM\Cache (*MABS scratch folder)
Delete infected files on the MABS server
As a final remark, I would also advise to configure to delete infected files by default on the MABS server rather than automatically cleaning or quarantining them. Automatic cleaning and quarantining can result in data corruption because these processes cause the antivirus software to modify files, making changes MABS cannot detect.
In summary, there are a lot of antivirus settings you should keep track of when running MABS. I’ve tried to list all of the exclusions, so hopefully it will help you with getting the most out of your MABS setup. If you have any questions, feel free to contact me through my Twitter handle.
Wim Matthyssen (@wmatthyssen)