Symantec Mail Security for Microsoft Exchange freezing server! 500 POINTS!


I am running a windows server 2003 system with exchange server 2003 and also symantec mail security 4.5 for microsoft exchange.  I am having problems with symantec running scans so frequently throughout the day that the busy light on the server stays on for hours long and slows the server down.  

I used a real time file monitor to see what programs were running and I noticed that "store.exe:2768", "SAVFMSESrv.exe:2020" and "SAVFMSESp.exe:6304" constantly run and force the busy light to stay lit on the computer.  I have checked to make sure that the symantec scan only runs at midnight.  I have auto-protect enabled but that should not be causing the busy light to stay lit like that and slow the server down.  

I have over 1.3GB of RAM.  Somebody please help!

I need to stop these scans from running so frequently.

Who is Participating?
aramsey3Connect With a Mentor Commented:
I am a consultant in Columbus, OH and I run the same setup.


Real time scanning is on by default.  
Symantec scans items you do not want it to scan.
There documentation is sometimes, uh wrong.


1.  Check and make sure you are not scanning the Exchange directories.

Folders to exclude when using file-system antivirus software
These folders should be excluded from Auto-Protect, Scheduled Scans, and Manual Scans.

The Tmp.edb file may be found in more than one location. Search for the file, and exclude it in any of the locations where it is found.
You can exclude single files from within Symantec AntiVirus, but not from within the Symantec System Center. This means that, with all versions, you must exclude Tmp.edb from within Symantec AntiVirus on the Exchange server.

Exchange databases (default location: Exchsrvr\Mdbdata)
Exchange MTA files (default location: Exchsrvr\Mtadata)
Exchange temporary files: Tmp.edb
Additional log files (default location: Exchsrvr\server_name .log)
Virtual server folder (default location: Exchsrvr\Mailroot)
Site Replication Service (SRS) files (default location: Exchsrvr\Srsdata)
Internet Information Service (IIS) system files (<drive>:\Winnt\System32\Inetsrv)
Working folder for message conversion .tmp files. (default location: Exchsrvr\Mdbdata)
The location of this folder is configurable. For additional information, read the Microsoft Knowledge Base article 822936 - Message Flow to the Local Delivery Queue Is Very Slow.
The temporary folder that is used in conjunction with offline maintenance utilities such as Eeseutil.exe. By default, this folder is the location from which you run the executable, but you can configure where you run the file from when you run the utility.
The folder that contains the checkpoint (.chk) file. For information on the location of this file, read the Microsoft Knowledge Base article Overview of Exchange Server 2003 and Antivirus Software.

Extensions to exclude
Because there are occasions in which certain files are not saved in the expected locations, it is a good idea to exclude the following file extensions on Exchange servers:


Exclude the following folders also

 The exclusion of these folders is critical to the operation of the products. Each product uses its temp folder as a processing folder. If the temp folders are not excluded from file system scanning, the antivirus programs may conflict and cause unexpected behavior, including potential data loss.
Symantec Mail Security 4.5 for Microsoft Exchange
<drive>:\Program Files\Symantec\SMSMSE\4.5\Server\Temp
<drive>:\Program Files\Symantec\SMSMSE\4.5\Server\Quarantine

Folders that file-system antivirus software can safely scan

Any additional directories that are not a part of a standard Exchange installation, and are not included in the list of directories (shown below) which are unsafe to scan

Also, do not forget to put the /3GB switch in your server.  Exchange Server "requests" this through and event log error if you do not.  If you have Exchange 2003 loaded with over 1 GB of physical RAM, it asks for the switch.  Keep in mind that Store.exe should be running a little higher than other services.  Is your server doing any other functions/services?

Andrew Ramsey

NAPSRAuthor Commented:
Thank you for that information.

When you say exclude all the files above, do you mean exclude it from the NORTON ANTI-VIRUS SCAN or from the SYMANTEC MAIL SECURITY 4.5 FOR MICROSOFT EXCHANGE?

The .log and .edb files and the Exchsrvr folder are already excluded from the NORTON ANTI-VIRUS SCAN.  I don't think its possible to exclude those files from the SYMANTEC MAIL SECURITY 4.5 FOR MICROSOFT EXCHANGE.  

I am using filemon to monitor the real-time file usage and when the server busy light is lit, I see that "store.exe:2768", "SAVFMSESrv.exe:2020" and "SAVFMSESp.exe:6304" programs are running.

Do you happen to know what those programs mean and what type of scan in running?  I need to stop that scan from running somehow.

Thank you for your help!
NAPSRAuthor Commented:
Also, regarding the 3GB switch, I read on a microsoft article that microsoft does not recommend using the switch if the server acts as a DNS and Active Directory server.  Is this correct?
BTW I am not an expert in this area, but store.exe is the MS Information Store. This process will always be running when the Exchange server is running. It will take up as much RAM as it can, but will give up RAM to processes that need it.

SAVFMSESrv.exe is the Symantec AntiVirus for Microsoft Exchange Server. This is related to Symantec Mail Security

SAVFMSESp.exe is the Symantec AntiVirus for Microsoft Exchange Scan Process. I believe this is your autoprotect scan process.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.