NOD32 on Windows 2008 DFS replication partners

Hi folks,

I was wondering if anyone run NOD32 on their Windows 2008 DFS replication partners please?

I have done some research myself, like

http://support.microsoft.com/kb/822158/

and

http://support.microsoft.com/kb/284947

and sounds to me like we can run NOD32 on the server but will have to exclude the DFS folders.

My concern is with NOD32 touching USN journal and causing excessive replication.

Would anyone have any comments on that please?

Thanks,

Edmond.

 

Hello,

Please review the following ESET knowledgebase article:

How do I resolve conflicts between my ESET security product and DFS Replication on Windows Server 2003 R2?
http://kb.eset.com/esetkb/index?page=content&id=SOLN590

 

Thanks TyeF,

We did look at that link before. Have been chatting to ESET local rep. He also said we shall exclude the DFS folders. We did and only scan the "OS". Although we did note that NOD32 still goes through files in the DFS folder.

 

All files show up in the stats, but they aren't actually scanned. You can test this with an EICAR file.

 

Yeah, that confused me initially as well because if you watch file activity on the process you see ekrn doing reads on everything. Turns out that is expected behavior because the AV software can't just magically unhook itself from the IO stack when you exclude specific files. They still get passed to the software but are not run through the definitions.

Keep in mind that lots of people run domain controllers without issue and those Netlogon/Sysvol shares are essentially DFS volumes anyway. Just follow the recommendations from ESET and Microsoft and you should be alright.