5 1 0:Antivirus Exclusions for SEP sesam

From SEPsesam


Welcome to the latest SEP sesam documentation version 5.1.0 Apollon. For previous documentation version(s), check documentation archive.


Overview


Antivirus scanners play a crucial role in protecting our data from malicious threats. However, it is important to understand the potential impact antivirus scanners can have on SEP sesam and performance of backup and restore operations. By implementing the antivirus exclusion rules, you can optimize the performance, stability, and reliability of your SEP sesam environment, ensuring seamless backup and restore processes.

Antivirus scanners may negatively impact your backup and restore operations in the following ways:

  • Saved backup data can get corrupted - antivirus scanners can mistakenly flag backup data as a potential threat, leading to its corruption and rendering it unusable for future restores.
  • Slow SEP sesam installation process- with scans of SEP Sesam installation files, antivirus scanners can cause a significant slowdown in the installation process and delaying the setup of the backup environment.
  • Slow GUI performance - continuous scanning of SEP sesam's graphical user interface (GUI) components can result in a noticeable decrease in responsiveness and occasional freezing of the GUI.
  • Abrupt termination of backup and restore jobs - overly aggressive antivirus scanners may interfere with the execution of backup and restore jobs, terminating them prematurely or leaving them incomplete, leading to data loss and operational disruptions.
  • Reduced data throughput and speed - continuous scanning of SEP sesam's data repositories and network traffic can significantly impact data transfer rates, reducing overall throughput and slowing down backup and restore operations.
  • Unavailability of SEP Sesam Server/Client - in some cases, antivirus scanners may misinterpret SEP sesam's critical processes as potential threats and block their execution, resulting in unavailability of the SEP sesam Server and Client components, leading to service disruptions and operational downtime (Errorcode 10060).

Recommended antivirus exclusion rules

To avoid issues that can be caused by antivirus scanners, use the antivirus exclusions rules for SEP sesam and exclude the following items from any virus scanning activities.

  • Exclude all SEP sesam installation directories on the SEP sesam Server, Client and Remote Device Server (RDS):
    • SESAM_BIN directory including all subfolders
    • SESAM_VAR directory including all subfolders
  • Exclude all partitions on which the data stores (data stores and deduplication stores) are configured for backup on the SEP sesam Server and RDS.
  • Exclude all SEP sesam processes on the SEP sesam Server, Client and RDS:
    • Exclude all executable files from the following directories:
        <SESAM_ROOT>/bin/sesam/*.*
        <SESAM_ROOT>/bin/sms/*.*
    • With some virus scanners you can disable the Child Process Monitoring rule option. In this case, you only have to exclude the following SEP sesam processes:
      On Windows:
        sm_qm_main.exe
        sm_ctrld_main.exe
        sm_sshd.exe
        sm_db_main.exe
        sm_passd.exe
        sm_rmi_main.exe
        sm_sepuler.exe
        sm_sms_main.exe
        sm_data_server.exe
        sm_stpd_main.exe
        sm_stpd_http_conn.exe
        sm_stpd.exe
        sbc.exe
        sm_java.exe
        java.exe
        postgres.exe

      Note that in version 5.0.0 Jaglion, you must also exclude the postgres process, if it is used:

        postgres.exe 

      On Linux:

        sm_qm_main
        sm_ctrld_main
        sm_sshd
        sm_db_main
        sm_passd
        sm_rmi_main
        sm_sepuler
        sm_sms_main
        sm_data_server
        sm_stpd_main
        sbc

SEP sesam exclusion rules for Windows Defender

During installation or update process, SEP sesam implements built-in exclusion rules for Windows Defender. These exclusion rules are designed to optimize the performance and reliability of SEP sesam while maintaining the security provided by Windows Defender.

The following exclusions are automatically added to Windows Defender during installation and update:

<SESAM_ROOT>/bin/*.*
<SESAM_ROOT>/var/*.*
<SESAM_ROOT>/SEP sesam BSR Pro/*.*

In addition, when a datastore is created, an additional exclusion for the datastore directory is automatically added to Windows Defender. This ensures that the data stored within the datastore is not scanned by Windows Defender, preserving the efficiency and performance of backup and restore operations.

If a datastore is deleted, the corresponding exclusion is automatically removed as well. Similarly, if SEP sesam is uninstalled, all the exclusions added during installation and updates are also deleted.

Third-Party Antivirus Exclusions

For further explanations and detailed information on virus scanning options and best practices, refer to the following external references:

Windows Server:

Hyper-V:

Exchange:

SQL:

Windows Cluster

Disclaimer by SEP

The use of antivirus exclusions may increase the risk of attacks on computers and networks by malicious attackers or by malware or viruses. It is recommended that exclusions be evaluated for security risks and adjusted as necessary. Customers must decide for themselves how to use the recommendations, taking into account the customer's corporate compliance policy.


See also

SEP sesam Quick Install Guide - About Installation and Update - Performing a Virus Scan Before Single File Restore

Copyright © SEP AG 1999-2024. All rights reserved.
Any form of reproduction of the contents or parts of this manual is allowed only with the express written permission from SEP AG. When compiling and designing user documentation SEP AG uses great diligence and attempts to deliver accurate and correct information. However, SEP AG cannot issue a guarantee for the contents of this manual.