Prevent high CPU usage caused by scanning of programs accessing large amounts of files

Support
Solution ID Last Updated
1059182 Date : 2014/02/20 Time:11:03 AM , (PST)


Product/Version Platform
Worry-Free Business Security Standard/Advanced - 7.0, 8.0, 9.0;
Windows - 2003 Enterprise, 2003 Small Business Server, 2003 Standard, 2008 Enterprise, 2008 Essential Business Server, 2008 Small Business Server, 2008 Standard, 7 32-bit, 7 64-bit, Vista 32-bit, Vista 64-bit, XP Home, XP Professional

Problem Description

The WFBS agent's antivirus and anti-spyware real-time scan, scans files for malicious code as they are accessed or created.
When some programs create or modify files rapidly, the Security Agent may use a lot of resource verifying the legitimacy of all file accesses. With the current default settings, the Security Agent will exclude the folders frequently modified by these programs:
  • Worry-Free Business Security Server
  • Microsoft Exchange 2000/2003/2007/2010
  • Active Directory Domain Services (Windows Server Role)
Note: These settings can be modified  in the Security Server's web console, under the Preferences > Global Settings > Desktop/Server section.
Some programs or Operating System features do not have default options in WFBS to exclude folders and files from real-time scan. If you encounter performance issues running one of these programs, you can modify the Security Settings in the Security Server's web console.
Important: These security settings will reduce the protection on your computer. For publicly available servers, please review these settings and the nature of the services before applying these settings.
 

Solution

To resolve the issue, do the following:
  1. Log on to the WFBS console.
  2. Go to Security Settings > Group > Configure.
  3. Check if you have the following programs and then exclude the specified folders, files, or extensions:
    • Outlook:
      Go to Antivirus/Anti-spyware > Target > Do not scan files with the following extensions:
      .PST
    • Windows Update Store:
      Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
      C:\Windows\SoftwareDistribution\Datastore
    • Windows Software Update Services (WSUS) Server:
      Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
      • <WSUS storage driver letter>:\MSSQL$WSUS
      • <WSUS storage driver letter>:\WSUS
      • <WSUS storage driver letter>:\WsusDatabase
    • DHCP Server (Windows Server Role):
      Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
      C:\Windows\system32\dhcp
    • DNS Server (Windows Server Role):
      Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
      C:\Windows\system32\dns
    • WINS Server (Windows Server Role):
      Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
      C:\Windows\system32\wins
    • Print and Document Services (Windows Server Role):
      Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
      C:\Windows\system32\Spool\
    • Remote Storage Service
      Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
      C:\windows\system32\ntmsdata
    • POP3 Connector in Windows Small Business Server (SBS) 2003:
      Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directory:
      • C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Failed Mail
      • C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Incoming mail
    • Internet Information Services (IIS) 6.0 or Web Server role on Windows Server 2003:
      Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
      • C:\inetpub\wwwroot
        Note: This may depend on your IIS configuration. You might need multiple folders when multiple websites are configured.
      • C:\Windows\system32 \LogFiles
        Note: This may depend on your IIS configuration. You might need multiple folders when multiple websites are configured.
      • C:\windows\IIS Temporary Compressed Files
    • Internet Information Services (IIS) 7.0 or Web Server role on Windows Server 2008:
      Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
      • C:\inetpub\wwwroot\
        Note: This may depend on your IIS configuration. You might need multiple folders when multiple websites are configured.
      • C:\inetpub\logs\
        Note: This may depend on your IIS configuration. You might need multiple folders when multiple websites are configured.
      • C:\inetpub\temp\IIS Temporary Compressed Files
    • Microsoft SQL Server:
      Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
      • <SQL Server Installed folder>\*\OLAP\Data
      • <SQL Server Installed folder>\*\OLAP\Backup
      • <SQL Server Installed folder>\*\OLAP\Log
      Go to Antivirus/Anti-spyware > Target > Do not scan files with the following extensions:
      • .MDF
      • .LDF
      • .NDF
      • .BAK
      • .TRN
    • Microsoft SQL Server  Failover Cluster:
      Note: The < cluster service account> is the account that the specific account is running for cluster service.
      Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
      • <Quorum driver letter>:\
      • C:\windows\cluster
      • For Windows 2003 only: C:\Documents and Settings\<cluster service account>\Local Settings\Temp\
      • For Windows 2008 only: C:\Users\<cluster service account>\AppData\Local\Temp
    • SharePoint Portal Server:
      Note: The<SharePoint service account> is the account that the specific account is running for SharePoint services
      Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
      • C:\Program Files\SharePoint Portal Server
      • C:\Program Files\Common Files\Microsoft Shared\Web Storage System
      • C:\Program Files\Common Files\Microsoft Shared\Web Service Extensions
      • C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions
      • C:\Program Files\Microsoft Office Servers
      • C:\Windows\Temp\Frontpagetempdir
      • C:\Windows\Temp\WebTempDir
      For Windows 2003 only:
      • C:\Documents and Settings\All Users\Application Data\Microsoft\SharePoint\Config
      • C:\Documents and Settings\<SharePoint service account>\Local Settings\Application Data
      • C:\Documents and Settings\<SharePoint service account>\Local Settings\Temp\
      • C:\Documents and Settings\Default User\Local Settings\Temp
      For Windows 2008 only:
      • C:\Users\<SharePoint service account>\Local
      • C:\Users\<SharePoint service account>\Local\Temp
      • C:\Users\Default\AppData\Local\Temp
      • C: \ProgramData\Microsoft\SharePoint\Config
      For 32-bit platforms:
      • C:\Windows\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files
      • C:\Windows\system32\LogFiles
      For 64-bit platforms:
      • C:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files
      • C:\Windows\Syswow64\LogFiles
    • Internet Security and Acceleration Server (ISA) Server:
      Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
      • C:\Program Files\Microsoft ISA Server\ISALogs
      • C:\Program Files\Microsoft SQL Server\MSSQL$MSFW\Data
    • Microsoft Operations Manager Server (MOM) 2005:
      Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
      • C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Operations Manager
      • C:\Program Files\Microsoft Operations Manager 2005
    • Hyper-V
      Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
      • C:\ProgramData\Microsoft\Windows\Hyper-V
      • C:\Users\Public\Documents\Hyper-V\Virtual Hard Disks
      • C:\ProgramData\ProgramData\Microsoft\Windows\Hyper-V\Snapshots
      • For Windows 2008 R2 only: C:\ClusterStorage
      • <Custom virtual machine configuration directories>
      • <Custom virtual hard disk drive directories>
      Go to Antivirus/Anti-spyware > Target > Do not scan files with the following extensions:
      • .AVHD
      • .ISO
      • .VFD
      • .VHD
      • .VSV
      • .XML
    • VMWare products:
      Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
      • <the folders that contain the virtual machines >
      Go to Antivirus/Anti-spyware > Target > Do not scan files with the following extensions:
      • .VMDK
      • .VMEM
    • Citrix products:
      Go to Antivirus/Anti-spyware > Target > Do not scan files with the following directories:
      • The roaming profiles folder on the file server>
      Go to Antivirus/Anti-spyware > Target > Do not scan files with the following extensions:
      • .LOG
      • .DAT
      • .TMP
      • .POL
      • .PF
      To enhance the performance on Windows Vista/2008/7, you can go to the Preferences > Global Settings > Desktop/Server in the WFBS console and check the Exclude Shadow Copy sections option.


Rate this Solution
Did this article help you?

Please provide your comments to help us improve this solution.

 
  *This form is an automated system. General questions, technical, sales and product-related issues submitted through this form will not be answered.
 
 

Connect with us on