NOD32 v2.7 Server 2003: Random hang

[nordeide]

Hi y'all,

I have installed NOD32 v2.7 on a server running Windows Small Business Server 2003.
From time to time, which means anything from after 10 minutes to after several hours, the server freezes for about a minute. After that, all is fine until the next occurrance.

During that time, everything except the mouse pointer is stuck, meaning that some process takes 100% CPU capacity, Task Manager is not updated during that period. As a result, network traffic is halted, and users cannot access files.

I found out that disabling AMON solved the freeze problem, but that is of course a bad solution.

Any suggestions on how to optimize AMON and find out which file(s) that cause this hang?

Thanks!

[BFG]

Hello,

Is AMON scanning all files or just the default file set? If all, see if it's one of the other extensions that AMON might be hanging on by just scanning the default.

Thank you,
BFG

[spm]

Try excluding *.log files from AMON scanning. NOD32 is poor at scanning log files which are updated regularly, as they are in SBS, especially during the hourly SBS monitoring tasks.

[YeOldeStonecat]

Have you followed these exclusions?
http://www.sbsfaq.com/Lists/FAQs/DispForm.aspx?ID=137

"Listed below are the items and their default locations - your installation may be different.

Exchange Server Database = C:\Program Files\Exchsrvr\Mdbdata (see note above)
Exchange MTA files = C:\Program Files\Exchsrvr\Mtadata
Exchange Message tracking log files = C:\Program Files\Exchsrvr\server_name.log
Exchange SMTP Mailroot = C:\Program Files\Exchsrvr\Mailroot
Exchange working files = C:\Program Files\Exchsrvr\Mdbdata
Site Replication Service (not normally used in SBS but should be excluded anyway) = C:\Program Files\Exchsrvr\srsdata
C:\Program Files\Exchsrvr\Conndata

IIS related Exclusions
IIS System Files = C:\WINDOWS\system32\inetsrv
IIS Compression Folder = C:\WINDOWS\IIS Temporary Compressed Files

Domain Controller related exclusions
Active Directory database files = C:\WINDOWS\NTDS
SYSVOL C:\WINDOWS\SYSVOL
NTFRS Database Files = C:\WINDOWS\ntfrs

Windows SharePoint Services
Temporary SharePoint space = C:\windows\temp\Frontpagetempdir

Additional Exclusions
Removable Storage Database (used by SBS Backup) = C:\Windows\System32\ntmsdata
SBS POP3 connector Failed Mail = C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Failed Mail
SBS POP3 connector Incoming Mail = C:\Program Files\Microsoft Windows Small Business Server\Networking\POP3\Incoming Mail
Windows Update Store = C:\WINDOWS\SoftwareDistribution\DataStore
DHCP Database Store = C:\WINDOWS\system32\dhcp
WINS Database Store = C:\WINDOWS\system32\wins


Desktop Folder Exclusions
These folders need to be excluded in the desktops and notebooks clients.

Windows Update Store = C:\WINDOWS\SoftwareDistribution\DataStore"

[nordeide]

Thanks for your replies!

I start with excluding the Exchange files, and then I'll check if that's OK. If not, I'll try excluding the other areas as suggested. I think Exchange exclusions might be the answer, as that is the only significant application on the server.

[YeOldeStonecat]

Quote:

Originally Posted by nordeide

Thanks for your replies!

I start with excluding the Exchange files, and then I'll check if that's OK. If not, I'll try excluding the other areas as suggested. I think Exchange exclusions might be the answer, as that is the only significant application on the server.

It would be prudent to follow all of them...they are important to keep the AV scanning engine out of. DHCP database corruption is common if it isn't excluded.
I also uncheck "Scan all files" in the file extension section
And in XMON..I uncheck background scanning.

Not having Exchange exclusions is without question VERY bad. No "think it might be the answer" about it. But the other ones are quite important also.

[Biscuit]

I've found that Nod32 does not run well on W2003 since SP2. I've found that the reliable method is to disable AMON on any W2003 SP2 server.

[Marcos]

It's a good idea to set AMON to scan files with default extension set. Also make sure that IMON is not loaded which is indicated by the grey IMON icon.

[nordeide]

Hi again!

In this particular case, excluding the Exchange directories did the trick; the server responds normally now. But thanks for the list of exclusion recommendations, I'll apply them as well.

Thanks, everyone!

[YeOldeStonecat]

Quote:

Originally Posted by Biscuit

I've found that Nod32 does not run well on W2003 since SP2. I've found that the reliable method is to disable AMON on any W2003 SP2 server.

I have many..many Server2003 boxes out there at various clients, no issues with NOD32 2.7. As long as you follow proper real time protection exclusions for your server (which holds true regardless of what brand AV you use on it). As well as turn down AMON to not scan all files.