Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 5669 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Best Practice for On Access Scanning on MS Servers?

TEDSTER

Have a question on the best way to handle On Access Scanning on our Windows 2003 servers.

I'm sure  I read in the sophos docs (prob a long time ago!) that On Access Scanning should be turned off on a server?

But can't find it now..... in fact the sophos KB says there are no recommendations for a server!

Is that correct?

I leave our sophos installs as default on both our PC's and servers....

(we use endpoint 9.5)

We have a problem now that I noticed when the backups run on some of our severs - using Backup Exec 12 agent, that SAVSERVICE goes to 99% and the backups take forever.

If you cancel on access scanning they fly through.

So what are peoples thoughts on this? Do you run OAS on your servers, or just run a scheduled scan regularly?

Should all our servers be in a new group with different settings?

Cheers for any advice... TED

:10007


This thread was automatically locked due to age.
  • 0

    Hello TED,

    in fact the sophos KB says there are no recommendations for a server

    are you referring to links to exclusion lists for specific Windows servers? Have you also read Anti-Virus and HIPS settings: guide to on-access settings

    Load during backup depends on a number of things - an incremental backup of files where the majority has been scanned recently should not suffer from an unacceptable performance degradation. As only some servers seem to be affected it might be worth to investigate the cause. Are all servers using the agent - and if, are there differences like number of (changed) files? This thread contains a post by Jak on how to turn off on-access scanning during backups - I advise against turning on-access scanning off completely.

    Christian

    :10017
  • 0

    Tedster,

    Our organization disables On-Access scanning on servers. Although it may be unadvisable, we decided to do this since we have critical processes which require applications to access a large amount of files regularly. During testing, performance improved greatly when disabling it. There is also the option to not include network location scanning, such as traffic from mapped drives or UNC paths.

    To compensate, we have elevated security on the servers in other areas, including web access and HIPS (HIPS through Sophos and another whitelisting vendor) and increased the Scheduled Scan frequency on the servers during downtime hours.

    :10049
  • 0

    Thanks very much for all the replies, I having looked at all the options you suggested...

    QC - yes they are the pages I had already looked at. I looked at your other suggestions and I have decided to go with JAKs scripts to stop & restart sophos as we do the backup, this seems to be the best of both worlds.

    I have tested these scripts and they are perfect - just the job.

    So we will keep OAS running on the servers & just use these stop/start scripts as part of our backup jobs, so we will only have OAS not running for 1/2hr or so.

    Thanks again for all the suggestions,

    Cheers  TED

    :10217
  • 0

    TEDSTER,

    We have backup exec at our locations also and found the following made a significant improvement with performance:  
    1. Excluding "beremote.exe" from on access scanning.
    2. Excluding the AOFO Store directory from being scanned.

    :10273
Unfiltered HTML