Scheduled scan and VMWare SAN

Discussion in 'ESET NOD32 Antivirus' started by edwin3333, Jan 26, 2009.

Thread Status:
Not open for further replies.
  1. edwin3333

    edwin3333 Registered Member

    Joined:
    Aug 29, 2007
    Posts:
    244
    50 machines in a VMWare ESX cluster. Each runs NOD32. Each has the same policy and the same scheduled scan set to run at the same time.

    This kills the SAN.

    I don't want to have to maintain separate policies just to modify the scan time for each server. I can modify the scan time on each server which would be easier. It seems sending down the policy again doesn't update the scheduled scan time if it's been manually changed.

    Is there a better option? Some of the other AV products I use have incremental scans where they scan X many files each day, keeping track of where they left off and starting at the beginning once they reach the end.

    Others will scan, pause, scan, pause -- to lessen the impact.

    I don't seem to see many options with regard to this. I have it set to run at low priority. Per Task Manager, it doesn't. But that's all I see.
     
  2. edwin3333

    edwin3333 Registered Member

    Joined:
    Aug 29, 2007
    Posts:
    244
    Another thing I see which is odd is that when I push my scheduled scan to my pc, and I have the "profile" selected as "In-Depth scan", that this is not what the local GUI shows. The GUI shows the scan as using a different profile.

    Another bug? EdwinScan has very few items selected. I really want indepth to be running on this one..! The first time I look at this in the GUI it only shows MEMORY as being scanned. If I go into it and look a second time, it shows local drives too. Per the actual scan log, it has scanned memory and a:\ c:\ d:\. EdwinScan doesn't scan .zip files, the log shows it did scan inside zip files. So I guess a GUI bug?

    nod32a.png
    nod32b.png
     
  3. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    while you wait for eset, what os, what san?

    edit : edwin3333 btw do you keep you cluster optimized, this VCP maybe able to give you some tips over pm.
     
    Last edited: Jan 26, 2009
  4. edwin3333

    edwin3333 Registered Member

    Joined:
    Aug 29, 2007
    Posts:
    244
    The HOST OS is ESX 3.5 on three Dell 2950's.

    Nod32 runs under guests Ubuntu, XP SP3, Vista SP1, Windows 2000 SP4, Windows 2003 SP3 (latest) both standard and EE.

    The SAN is EMC Clariion, with three bays stacked connected iSCSI with 6 NICs as I recall;
    http://www.emc.com/products/detail/hardware/clariion-cx4-model-240.htm
    It's on it's own private network.

    We have much more power than we need. We normally run way underutilized in CPU, memory, and disk IO. But when all the guests fire off the AV scan at the same time, it's not pretty.
     
  5. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    I see, still be mindful of configuration and performance impact in virtual machines! Btw what are you running?..is HBA an issue, ratio etc. Have a look to the VMWare logs they may help.

    How about changing Nods config?
     
  6. edwin3333

    edwin3333 Registered Member

    Joined:
    Aug 29, 2007
    Posts:
    244
    Yes, that was my suggestion. I asked the VMWare guy, the one complaining, to go into each guest and modify the scan times as he desires.

    I was just hoping there was a settings I was missing. Some way to do a randomly dispatched weekly scan.

    I could launch it using random spread times in Zenworks, versus using Nod's scheduler, and run it as a low priority task;

    http://training.eset.com/kb/index.php?option=com_kb&Itemid=29&page=articles&articleid=565

    But I can't seem to get this to upload the log files to the RA admin server.
     
  7. Meriadoc

    Meriadoc Registered Member

    Joined:
    Mar 28, 2006
    Posts:
    2,642
    Location:
    Cymru
    Mmm, I have seen some serious bottlenecks myself with av updating or scanning.

    Well, you could try breaking it up a bit, over more LUNs or smaller scanning groups and have these fire up at different times.
     
    Last edited: Jan 28, 2009
Thread Status:
Not open for further replies.