Best Practice for On Access Scanning on MS Servers?

Question

Have a question on the best way to handle On Access Scanning on our Windows 2003 servers.

I'm sure I read in the sophos docs (prob a long time ago!) that On Access Scanning should be turned off on a server?

But can't find it now..... in fact the sophos KB says there are no recommendations for a server!

Is that correct?

I leave our sophos installs as default on both our PC's and servers....

(we use endpoint 9.5)

We have a problem now that I noticed when the backups run on some of our severs - using Backup Exec 12 agent, that SAVSERVICE goes to 99% and the backups take forever.

If you cancel on access scanning they fly through.

So what are peoples thoughts on this? Do you run OAS on your servers, or just run a scheduled scan regularly?

Should all our servers be in a new group with different settings?

Cheers for any advice... TED

This thread was automatically locked due to age.

QC · Accepted Answer

Hello TED,

in fact the sophos KB says there are no recommendations for a server 
 are you referring to links to exclusion lists for specific Windows servers ? Have you also read Anti-Virus and HIPS settings: guide to on-access settings . 
 Load during backup depends on a number of things - an incremental backup of files where the majority has been scanned recently should not suffer from an unacceptable performance degradation. As only some servers seem to be affected it might be worth to investigate the cause. Are all servers using the agent - and if, are there differences like number of (changed) files? This thread contains a post by Jak on how to turn off on-access scanning during backups - I advise against turning on-access scanning off completely.

Christian :10017