Symantec Mail Security for Microsoft Exchange freezing server!  500 POINTS!

Posted on 2004-09-14
Medium Priority
Last Modified: 2010-05-18

I am running a windows server 2003 system with exchange server 2003 and also symantec mail security 4.5 for microsoft exchange.  I am having problems with symantec running scans so frequently throughout the day that the busy light on the server stays on for hours long and slows the server down.  

I used a real time file monitor to see what programs were running and I noticed that "store.exe:2768", "SAVFMSESrv.exe:2020" and "SAVFMSESp.exe:6304" constantly run and force the busy light to stay lit on the computer.  I have checked to make sure that the symantec scan only runs at midnight.  I have auto-protect enabled but that should not be causing the busy light to stay lit like that and slow the server down.  

I have over 1.3GB of RAM.  Somebody please help!

I need to stop these scans from running so frequently.

Question by:NAPSR
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2

Accepted Solution

aramsey3 earned 1500 total points
ID: 12060753
I am a consultant in Columbus, OH and I run the same setup.


Real time scanning is on by default.  
Symantec scans items you do not want it to scan.
There documentation is sometimes, uh wrong.


1.  Check and make sure you are not scanning the Exchange directories.

Folders to exclude when using file-system antivirus software
These folders should be excluded from Auto-Protect, Scheduled Scans, and Manual Scans.

The Tmp.edb file may be found in more than one location. Search for the file, and exclude it in any of the locations where it is found.
You can exclude single files from within Symantec AntiVirus, but not from within the Symantec System Center. This means that, with all versions, you must exclude Tmp.edb from within Symantec AntiVirus on the Exchange server.

Exchange databases (default location: Exchsrvr\Mdbdata)
Exchange MTA files (default location: Exchsrvr\Mtadata)
Exchange temporary files: Tmp.edb
Additional log files (default location: Exchsrvr\server_name .log)
Virtual server folder (default location: Exchsrvr\Mailroot)
Site Replication Service (SRS) files (default location: Exchsrvr\Srsdata)
Internet Information Service (IIS) system files (<drive>:\Winnt\System32\Inetsrv)
Working folder for message conversion .tmp files. (default location: Exchsrvr\Mdbdata)
The location of this folder is configurable. For additional information, read the Microsoft Knowledge Base article 822936 - Message Flow to the Local Delivery Queue Is Very Slow.
The temporary folder that is used in conjunction with offline maintenance utilities such as Eeseutil.exe. By default, this folder is the location from which you run the executable, but you can configure where you run the file from when you run the utility.
The folder that contains the checkpoint (.chk) file. For information on the location of this file, read the Microsoft Knowledge Base article Overview of Exchange Server 2003 and Antivirus Software.

Extensions to exclude
Because there are occasions in which certain files are not saved in the expected locations, it is a good idea to exclude the following file extensions on Exchange servers:


Exclude the following folders also

 The exclusion of these folders is critical to the operation of the products. Each product uses its temp folder as a processing folder. If the temp folders are not excluded from file system scanning, the antivirus programs may conflict and cause unexpected behavior, including potential data loss.
Symantec Mail Security 4.5 for Microsoft Exchange
<drive>:\Program Files\Symantec\SMSMSE\4.5\Server\Temp
<drive>:\Program Files\Symantec\SMSMSE\4.5\Server\Quarantine

Folders that file-system antivirus software can safely scan

Any additional directories that are not a part of a standard Exchange installation, and are not included in the list of directories (shown below) which are unsafe to scan

Also, do not forget to put the /3GB switch in your server.  Exchange Server "requests" this through and event log error if you do not.  If you have Exchange 2003 loaded with over 1 GB of physical RAM, it asks for the switch.  Keep in mind that Store.exe should be running a little higher than other services.  Is your server doing any other functions/services?

Andrew Ramsey


Author Comment

ID: 12065228
Thank you for that information.

When you say exclude all the files above, do you mean exclude it from the NORTON ANTI-VIRUS SCAN or from the SYMANTEC MAIL SECURITY 4.5 FOR MICROSOFT EXCHANGE?

The .log and .edb files and the Exchsrvr folder are already excluded from the NORTON ANTI-VIRUS SCAN.  I don't think its possible to exclude those files from the SYMANTEC MAIL SECURITY 4.5 FOR MICROSOFT EXCHANGE.  

I am using filemon to monitor the real-time file usage and when the server busy light is lit, I see that "store.exe:2768", "SAVFMSESrv.exe:2020" and "SAVFMSESp.exe:6304" programs are running.

Do you happen to know what those programs mean and what type of scan in running?  I need to stop that scan from running somehow.

Thank you for your help!

Author Comment

ID: 12065272
Also, regarding the 3GB switch, I read on a microsoft article that microsoft does not recommend using the switch if the server acts as a DNS and Active Directory server.  Is this correct?

Expert Comment

ID: 12596834
BTW I am not an expert in this area, but store.exe is the MS Information Store. This process will always be running when the Exchange server is running. It will take up as much RAM as it can, but will give up RAM to processes that need it.

SAVFMSESrv.exe is the Symantec AntiVirus for Microsoft Exchange Server. This is related to Symantec Mail Security

SAVFMSESp.exe is the Symantec AntiVirus for Microsoft Exchange Scan Process. I believe this is your autoprotect scan process.

Featured Post

Ransomware Attacks Keeping You Up at Night?

Will your organization be ransomware's next victim?  The good news is that these attacks are predicable and therefore preventable. Learn more about how you can  stop a ransomware attacks before encryption takes place with our Ransomware Prevention Kit!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
If you're a modern-day technology professional, you may be wondering if certifications are really necessary. They are. Here's why.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question