?
Solved

Symantec Mail Security for Microsoft Exchange freezing server!  500 POINTS!

Posted on 2004-09-14
4
Medium Priority
?
3,177 Views
Last Modified: 2010-05-18
Hi,

I am running a windows server 2003 system with exchange server 2003 and also symantec mail security 4.5 for microsoft exchange.  I am having problems with symantec running scans so frequently throughout the day that the busy light on the server stays on for hours long and slows the server down.  

I used a real time file monitor to see what programs were running and I noticed that "store.exe:2768", "SAVFMSESrv.exe:2020" and "SAVFMSESp.exe:6304" constantly run and force the busy light to stay lit on the computer.  I have checked to make sure that the symantec scan only runs at midnight.  I have auto-protect enabled but that should not be causing the busy light to stay lit like that and slow the server down.  

I have over 1.3GB of RAM.  Somebody please help!

I need to stop these scans from running so frequently.

Thanks
0
Comment
Question by:NAPSR
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 1

Accepted Solution

by:
aramsey3 earned 1500 total points
ID: 12060753
I am a consultant in Columbus, OH and I run the same setup.

Facts.

Real time scanning is on by default.  
Symantec scans items you do not want it to scan.
There documentation is sometimes, uh wrong.

Solutions:

1.  Check and make sure you are not scanning the Exchange directories.

Folders to exclude when using file-system antivirus software
These folders should be excluded from Auto-Protect, Scheduled Scans, and Manual Scans.

The Tmp.edb file may be found in more than one location. Search for the file, and exclude it in any of the locations where it is found.
You can exclude single files from within Symantec AntiVirus, but not from within the Symantec System Center. This means that, with all versions, you must exclude Tmp.edb from within Symantec AntiVirus on the Exchange server.

Exchange databases (default location: Exchsrvr\Mdbdata)
Exchange MTA files (default location: Exchsrvr\Mtadata)
Exchange temporary files: Tmp.edb
Additional log files (default location: Exchsrvr\server_name .log)
Virtual server folder (default location: Exchsrvr\Mailroot)
Site Replication Service (SRS) files (default location: Exchsrvr\Srsdata)
Internet Information Service (IIS) system files (<drive>:\Winnt\System32\Inetsrv)
Working folder for message conversion .tmp files. (default location: Exchsrvr\Mdbdata)
The location of this folder is configurable. For additional information, read the Microsoft Knowledge Base article 822936 - Message Flow to the Local Delivery Queue Is Very Slow.
The temporary folder that is used in conjunction with offline maintenance utilities such as Eeseutil.exe. By default, this folder is the location from which you run the executable, but you can configure where you run the file from when you run the utility.
The folder that contains the checkpoint (.chk) file. For information on the location of this file, read the Microsoft Knowledge Base article Overview of Exchange Server 2003 and Antivirus Software.

Extensions to exclude
Because there are occasions in which certain files are not saved in the expected locations, it is a good idea to exclude the following file extensions on Exchange servers:

.log
.edb

Exclude the following folders also

 The exclusion of these folders is critical to the operation of the products. Each product uses its temp folder as a processing folder. If the temp folders are not excluded from file system scanning, the antivirus programs may conflict and cause unexpected behavior, including potential data loss.
Symantec Mail Security 4.5 for Microsoft Exchange
<drive>:\Program Files\Symantec\SMSMSE\4.5\Server\Temp
<drive>:\Program Files\Symantec\SMSMSE\4.5\Server\Quarantine

Folders that file-system antivirus software can safely scan

Exchsrvr\Address
Exchsrvr\Bin
Exchsrvr\Conndata
Exchsrvr\Exchweb
Exchsrvr\Res
Exchsrvr\Schema
Any additional directories that are not a part of a standard Exchange installation, and are not included in the list of directories (shown below) which are unsafe to scan

Also, do not forget to put the /3GB switch in your server.  Exchange Server "requests" this through and event log error if you do not.  If you have Exchange 2003 loaded with over 1 GB of physical RAM, it asks for the switch.  Keep in mind that Store.exe should be running a little higher than other services.  Is your server doing any other functions/services?

Andrew Ramsey


0
 

Author Comment

by:NAPSR
ID: 12065228
Thank you for that information.

When you say exclude all the files above, do you mean exclude it from the NORTON ANTI-VIRUS SCAN or from the SYMANTEC MAIL SECURITY 4.5 FOR MICROSOFT EXCHANGE?

The .log and .edb files and the Exchsrvr folder are already excluded from the NORTON ANTI-VIRUS SCAN.  I don't think its possible to exclude those files from the SYMANTEC MAIL SECURITY 4.5 FOR MICROSOFT EXCHANGE.  

I am using filemon to monitor the real-time file usage and when the server busy light is lit, I see that "store.exe:2768", "SAVFMSESrv.exe:2020" and "SAVFMSESp.exe:6304" programs are running.

Do you happen to know what those programs mean and what type of scan in running?  I need to stop that scan from running somehow.

Thank you for your help!
0
 

Author Comment

by:NAPSR
ID: 12065272
Also, regarding the 3GB switch, I read on a microsoft article that microsoft does not recommend using the switch if the server acts as a DNS and Active Directory server.  Is this correct?
0
 

Expert Comment

by:lorendavis
ID: 12596834
BTW I am not an expert in this area, but store.exe is the MS Information Store. This process will always be running when the Exchange server is running. It will take up as much RAM as it can, but will give up RAM to processes that need it.

SAVFMSESrv.exe is the Symantec AntiVirus for Microsoft Exchange Server. This is related to Symantec Mail Security

SAVFMSESp.exe is the Symantec AntiVirus for Microsoft Exchange Scan Process. I believe this is your autoprotect scan process.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Will you be ready when the clock on GDPR compliance runs out? Is GDPR even something you need to worry about? Find out more about the upcoming regulation changes and download our comprehensive GDPR checklist today !
An overview of cyber security, cyber crime, and personal protection against hackers. Includes a brief summary of the Equifax breach and why everyone should be aware of it. Other subjects include: how cyber security has failed to advance with technol…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question