cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Anti-Virus Software on Windows Server

Go to solution
Former Member

on ‎12-17-2014 8:55 PM

0 Kudos

I've SAP ECC, PI, BI, SEM, etc .. all running on vm's with MS windows and sql 2008 server.  Can I run any antivirus sw such as mcafee or symantec etc ... Any know issues you have encountered with anti-virus sw running on SAP servers?

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎12-18-2014 8:36 AM
0 Kudos

>>Any know issues you have encountered with anti-virus sw running on SAP servers?

yes, a lot!

In general there are no errors. But we hit different situations where the stability of the system was damaged by faulty AV-Software. This faults are very difficult to analyze and often lead into escalation situations in the support process.


Nevertheless - there is no discussion, whether AV is necessary or not:  It is!


SAP distinguishes two different scenarios when talking about AV-Software.

  1. The general protection of the operating system - see SAP Note 106267 for more details
  2. AV-Software integrated into the ABAP server, which is used by the SAP system to scan documents to be uploaded to or downloaded from the system. This software and it's interface to the SAP System needs to be certified. Details see SAP Note 1494278 and SAP Note 817623

hope this helps.

kind regards

Peter

Show replies
Show replies
bxiv
Active Contributor
‎12-18-2014 2:58 PM
0 Kudos

I can attest to NOD running on Trex 7.1 patch lvl 60 (and a failed PL 61 and SAP recommending we roll back) would cause issues with indexing overall and caused drives to blow out due to multiple 80+ GB txt files being created due to Trex not being able to access the main indexes to place the new indexed data into.

Still till this point we haven't found a solution to the issue, and the Trex systems themselves haven't had a hiccup.

Former Member
‎12-19-2014 7:19 AM
0 Kudos

how is this related to AV?

please delete

Thank you and kind regards

Peter

bxiv
Active Contributor
‎12-19-2014 12:32 PM
0 Kudos

Its related as it is AV - http://www.eset.com/us/home/products/antivirus/

As for bringing up my experience with Trex and this AV, I was providing an example of just how badly it can impact an SAP system.

Former Member
‎12-19-2014 1:20 PM
0 Kudos

Hi Billy,

sorry for my first answer. I interpreted NOD as typo for NOT

Therefore including a link would be more precise...

The problem is, that it is not possible to generalize those conclusions.

I am working in the windows platform development/support. In this function we are normally in the game, when such problems are occuring.

The big problem is, that the AV-Software functionality is implemented in filter drivers. Without performing Windows Kernel debugging, you are not able to point out culprits, when programs or the operating system is missbehaving in certain situations. So at this point SAP sits also between the chairs (operating system / anti virus software).

Following kind of errors have been observed during incident analysis:

  • Life-Scanning: locked files: Life-scanning functions of AV-Software do typically interfere certain file operations in parallel or after normal process operations. This sometimes has let into a situation, where the users process has closed a file and wants to delete it. I can't be deleted because the AV software is currently performing tasks on it.
  • Life-Scanning: AV software reports a file containing virsuses - the file is definitely virus free. Applciation access to the file is not possible.
  • Bad performing AV-Software. File operations and synchronising central operating system resources are time critical operations. We had a huge escalation, where the culprit was a AV-Software not being able to handel more than 64 CPU-Cores. The more processors where utilitized in this system, the slower the performance was. In this situation the AV-filter driver itself was the problem. Deaktivating life-scan functionality does not fix the problem, you had to deinstall the AV-Software. After that the performance was reasonable.
  • handle leaks in AV software (in kernel mode)
  • AV-Software is blocking access to a file without reporting it as a virus
  • inappropriate return codes on legal file operations resulting in application failures

All this was fixed by newer AV-Software versions. But at the moment this software is causing errors you are in trouble. It is extremely expensive to perform root cause analysis in such situations.

I think, that the problem is often caused bei improper software design and or improper AV-Software selection. AV-Software is often tested and designed for Windows Desktop machines. If it is also used in the server world, it has to handle 200+ CPUs build on top of a complex NUMA architecture. A typical workstation still has less than 8 CPUs...

Another problem is, that most tests in professional journals do primarily concentrate on virus detection rates and detection speed - on workstations.

I can not imagine when I have seen the last numbers for huge servers including the performance degradation on normal file operations (including degradation of operations on AV-scan-excluded files)

regards

Peter

PS: On linux you do not have this kind of problems. They (Linux forums etc) still argue that the operating system is more robust and does not need AV... Well: keep on dreaming and hopefully got awake before the reality has passing you.

Answers (4)

Answers (4)

Former Member
‎01-13-2015 12:13 PM
0 Kudos

Hi,

I am Chetan Savade from Symantec Technical Support Team.

You can configure Symantec (SEP) but just need to make necessary exceptions to work it flawless.

What scan exclusions could be applied in Symantec Antivirus or Symantec Endpoint Protection on a server running SAP?

http://www.symantec.com/docs/TECH134382 

Best Regards,

Chetan

Show replies
Show replies
srinivasan_vinayagam
Active Contributor
‎12-19-2014 2:31 PM
0 Kudos

Hi Rakesh,

You can go through and find SAP recommended Anti Virus software for your SAP Applications.

Protecting SAP systems using antivirus softwares - Basis Corner - SCN Wiki

106267 - Virus scanner software on Windows

639486 - Anti-virus protection within SAP applications (BC-SEC-VIR)

http://blogs.msdn.com/b/saptech/archive/2010/06/21/sap-on-windows-and-anti-virus-scan.aspx

Regards,

V Srinivasan

Show replies
Show replies
Sriram2009
Active Contributor
‎12-18-2014 11:10 AM
0 Kudos

Hi Rakesh

Yes, You can install the any antivirus software only for Virus & Spyware protection not on network protection. we have installed in our environment in the same way using Symantec Endpoint protection.

BR

SS

Show replies
Show replies
former_member182657
Active Contributor
‎12-18-2014 3:25 AM
0 Kudos

Hi Rakesh,

Please follow SAP doc at Which files and directories should be a part of Antivirus exclusion list on Windows - Basis Corner -...

As per me you can set antivirus for not to scan database files and log files.

Regards,

Gaurav

Show replies
Show replies
Ask a Question