NOD32 on Windows 2008 DFS replication partners

Discussion in 'ESET NOD32 Antivirus' started by cake21, Feb 28, 2011.

Thread Status:
Not open for further replies.
  1. cake21

    cake21 Registered Member

    Joined:
    Feb 28, 2011
    Posts:
    2
    Hi folks,

    I was wondering if anyone run NOD32 on their Windows 2008 DFS replication partners please?

    I have done some research myself, like

    http://support.microsoft.com/kb/822158/

    and

    http://support.microsoft.com/kb/284947

    and sounds to me like we can run NOD32 on the server but will have to exclude the DFS folders.

    My concern is with NOD32 touching USN journal and causing excessive replication.

    Would anyone have any comments on that please?

    Thanks,

    Edmond.
     
  2. TyeF

    TyeF Former Eset Moderator

    Joined:
    Feb 19, 2010
    Posts:
    78
  3. cake21

    cake21 Registered Member

    Joined:
    Feb 28, 2011
    Posts:
    2
    Thanks TyeF,

    We did look at that link before. Have been chatting to ESET local rep. He also said we shall exclude the DFS folders. We did and only scan the "OS". Although we did note that NOD32 still goes through files in the DFS folder.
     
  4. dmaasland

    dmaasland Registered Member

    Joined:
    Nov 10, 2010
    Posts:
    468
    All files show up in the stats, but they aren't actually scanned. You can test this with an EICAR file.
     
  5. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    Yeah, that confused me initially as well because if you watch file activity on the process you see ekrn doing reads on everything. Turns out that is expected behavior because the AV software can't just magically unhook itself from the IO stack when you exclude specific files. They still get passed to the software but are not run through the definitions.

    Keep in mind that lots of people run domain controllers without issue and those Netlogon/Sysvol shares are essentially DFS volumes anyway. Just follow the recommendations from ESET and Microsoft and you should be alright.
     
Thread Status:
Not open for further replies.