Solved

Symantec Mail Security for Microsoft Exchange freezing server!  500 POINTS!

Posted on 2004-09-14
4
3,143 Views
Last Modified: 2010-05-18
Hi,

I am running a windows server 2003 system with exchange server 2003 and also symantec mail security 4.5 for microsoft exchange.  I am having problems with symantec running scans so frequently throughout the day that the busy light on the server stays on for hours long and slows the server down.  

I used a real time file monitor to see what programs were running and I noticed that "store.exe:2768", "SAVFMSESrv.exe:2020" and "SAVFMSESp.exe:6304" constantly run and force the busy light to stay lit on the computer.  I have checked to make sure that the symantec scan only runs at midnight.  I have auto-protect enabled but that should not be causing the busy light to stay lit like that and slow the server down.  

I have over 1.3GB of RAM.  Somebody please help!

I need to stop these scans from running so frequently.

Thanks
0
Comment
Question by:NAPSR
  • 2
4 Comments
 
LVL 1

Accepted Solution

by:
aramsey3 earned 500 total points
ID: 12060753
I am a consultant in Columbus, OH and I run the same setup.

Facts.

Real time scanning is on by default.  
Symantec scans items you do not want it to scan.
There documentation is sometimes, uh wrong.

Solutions:

1.  Check and make sure you are not scanning the Exchange directories.

Folders to exclude when using file-system antivirus software
These folders should be excluded from Auto-Protect, Scheduled Scans, and Manual Scans.

The Tmp.edb file may be found in more than one location. Search for the file, and exclude it in any of the locations where it is found.
You can exclude single files from within Symantec AntiVirus, but not from within the Symantec System Center. This means that, with all versions, you must exclude Tmp.edb from within Symantec AntiVirus on the Exchange server.

Exchange databases (default location: Exchsrvr\Mdbdata)
Exchange MTA files (default location: Exchsrvr\Mtadata)
Exchange temporary files: Tmp.edb
Additional log files (default location: Exchsrvr\server_name .log)
Virtual server folder (default location: Exchsrvr\Mailroot)
Site Replication Service (SRS) files (default location: Exchsrvr\Srsdata)
Internet Information Service (IIS) system files (<drive>:\Winnt\System32\Inetsrv)
Working folder for message conversion .tmp files. (default location: Exchsrvr\Mdbdata)
The location of this folder is configurable. For additional information, read the Microsoft Knowledge Base article 822936 - Message Flow to the Local Delivery Queue Is Very Slow.
The temporary folder that is used in conjunction with offline maintenance utilities such as Eeseutil.exe. By default, this folder is the location from which you run the executable, but you can configure where you run the file from when you run the utility.
The folder that contains the checkpoint (.chk) file. For information on the location of this file, read the Microsoft Knowledge Base article Overview of Exchange Server 2003 and Antivirus Software.

Extensions to exclude
Because there are occasions in which certain files are not saved in the expected locations, it is a good idea to exclude the following file extensions on Exchange servers:

.log
.edb

Exclude the following folders also

 The exclusion of these folders is critical to the operation of the products. Each product uses its temp folder as a processing folder. If the temp folders are not excluded from file system scanning, the antivirus programs may conflict and cause unexpected behavior, including potential data loss.
Symantec Mail Security 4.5 for Microsoft Exchange
<drive>:\Program Files\Symantec\SMSMSE\4.5\Server\Temp
<drive>:\Program Files\Symantec\SMSMSE\4.5\Server\Quarantine

Folders that file-system antivirus software can safely scan

Exchsrvr\Address
Exchsrvr\Bin
Exchsrvr\Conndata
Exchsrvr\Exchweb
Exchsrvr\Res
Exchsrvr\Schema
Any additional directories that are not a part of a standard Exchange installation, and are not included in the list of directories (shown below) which are unsafe to scan

Also, do not forget to put the /3GB switch in your server.  Exchange Server "requests" this through and event log error if you do not.  If you have Exchange 2003 loaded with over 1 GB of physical RAM, it asks for the switch.  Keep in mind that Store.exe should be running a little higher than other services.  Is your server doing any other functions/services?

Andrew Ramsey


0
 

Author Comment

by:NAPSR
ID: 12065228
Thank you for that information.

When you say exclude all the files above, do you mean exclude it from the NORTON ANTI-VIRUS SCAN or from the SYMANTEC MAIL SECURITY 4.5 FOR MICROSOFT EXCHANGE?

The .log and .edb files and the Exchsrvr folder are already excluded from the NORTON ANTI-VIRUS SCAN.  I don't think its possible to exclude those files from the SYMANTEC MAIL SECURITY 4.5 FOR MICROSOFT EXCHANGE.  

I am using filemon to monitor the real-time file usage and when the server busy light is lit, I see that "store.exe:2768", "SAVFMSESrv.exe:2020" and "SAVFMSESp.exe:6304" programs are running.

Do you happen to know what those programs mean and what type of scan in running?  I need to stop that scan from running somehow.

Thank you for your help!
0
 

Author Comment

by:NAPSR
ID: 12065272
Also, regarding the 3GB switch, I read on a microsoft article that microsoft does not recommend using the switch if the server acts as a DNS and Active Directory server.  Is this correct?
0
 

Expert Comment

by:lorendavis
ID: 12596834
BTW I am not an expert in this area, but store.exe is the MS Information Store. This process will always be running when the Exchange server is running. It will take up as much RAM as it can, but will give up RAM to processes that need it.

SAVFMSESrv.exe is the Symantec AntiVirus for Microsoft Exchange Server. This is related to Symantec Mail Security

SAVFMSESp.exe is the Symantec AntiVirus for Microsoft Exchange Scan Process. I believe this is your autoprotect scan process.
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now