5 1 0:Antivirus Exclusions for SEP sesam
Overview
Antivirus scanners play a crucial role in protecting our data from malicious threats. However, it is important to understand the potential impact antivirus scanners can have on SEP sesam and performance of backup and restore operations. By implementing the antivirus exclusion rules, you can optimize the performance, stability, and reliability of your SEP sesam environment, ensuring seamless backup and restore processes.
Antivirus scanners may negatively impact your backup and restore operations in the following ways:
- Saved backup data can get corrupted - antivirus scanners can mistakenly flag backup data as a potential threat, leading to its corruption and rendering it unusable for future restores.
- Slow SEP sesam installation process- with scans of SEP Sesam installation files, antivirus scanners can cause a significant slowdown in the installation process and delaying the setup of the backup environment.
- Slow GUI performance - continuous scanning of SEP sesam's graphical user interface (GUI) components can result in a noticeable decrease in responsiveness and occasional freezing of the GUI.
- Abrupt termination of backup and restore jobs - overly aggressive antivirus scanners may interfere with the execution of backup and restore jobs, terminating them prematurely or leaving them incomplete, leading to data loss and operational disruptions.
- Reduced data throughput and speed - continuous scanning of SEP sesam's data repositories and network traffic can significantly impact data transfer rates, reducing overall throughput and slowing down backup and restore operations.
- Unavailability of SEP Sesam Server/Client - in some cases, antivirus scanners may misinterpret SEP sesam's critical processes as potential threats and block their execution, resulting in unavailability of the SEP sesam Server and Client components, leading to service disruptions and operational downtime (Errorcode 10060).
Recommended antivirus exclusion rules
To avoid issues that can be caused by antivirus scanners, use the antivirus exclusions rules for SEP sesam and exclude the following items from any virus scanning activities.
- Exclude all SEP sesam installation directories on the SEP sesam Server, Client and Remote Device Server (RDS):
- SESAM_BIN directory including all subfolders
- SESAM_VAR directory including all subfolders
- Exclude all partitions on which the data stores (data stores and deduplication stores) are configured for backup on the SEP sesam Server and RDS.
- Exclude all SEP sesam processes on the SEP sesam Server, Client and RDS:
- Exclude all executable files from the following directories:
<SESAM_ROOT>/bin/sesam/*.* <SESAM_ROOT>/bin/sms/*.*
- With some virus scanners you can disable the Child Process Monitoring rule option. In this case, you only have to exclude the following SEP sesam processes:
On Windows:sm_qm_main.exe sm_ctrld_main.exe sm_sshd.exe sm_db_main.exe sm_passd.exe sm_rmi_main.exe sm_sepuler.exe sm_sms_main.exe sm_data_server.exe sm_stpd_main.exe sm_stpd_http_conn.exe sm_stpd.exe sbc.exe sm_java.exe java.exe postgres.exe
Note that in version 5.0.0 Jaglion, you must also exclude the postgres process, if it is used:
postgres.exe
On Linux:
sm_qm_main sm_ctrld_main sm_sshd sm_db_main sm_passd sm_rmi_main sm_sepuler sm_sms_main sm_data_server sm_stpd_main sbc
- Exclude all executable files from the following directories:
SEP sesam exclusion rules for Windows Defender
During installation or update process, SEP sesam implements built-in exclusion rules for Windows Defender. These exclusion rules are designed to optimize the performance and reliability of SEP sesam while maintaining the security provided by Windows Defender.
The following exclusions are automatically added to Windows Defender during installation and update:
<SESAM_ROOT>/bin/*.* <SESAM_ROOT>/var/*.* <SESAM_ROOT>/SEP sesam BSR Pro/*.*
In addition, when a datastore is created, an additional exclusion for the datastore directory is automatically added to Windows Defender. This ensures that the data stored within the datastore is not scanned by Windows Defender, preserving the efficiency and performance of backup and restore operations.
If a datastore is deleted, the corresponding exclusion is automatically removed as well. Similarly, if SEP sesam is uninstalled, all the exclusions added during installation and updates are also deleted.
Third-Party Antivirus Exclusions
For further explanations and detailed information on virus scanning options and best practices, refer to the following external references:
Windows Server:
- Virus scanning recommendations for Enterprise computers that are running Windows or Windows Server
- Configure Microsoft Defender Antivirus exclusions on Windows Server
- Antivirus scanning options for Microsoft Defender
Hyper-V:
Exchange:
- Running Windows antivirus software on Exchange servers
- Set-ExchAVExclusions - A Powershell script to set Antivirus Exclusions according to Microsoft Exchange documentation.
SQL:
- Configure antivirus software to work with Microsoft SQL Server
- Recommended antivirus exclusions for PostgreSQL on Windows
Windows Cluster
Disclaimer by SEP
The use of antivirus exclusions may increase the risk of attacks on computers and networks by malicious attackers or by malware or viruses. It is recommended that exclusions be evaluated for security risks and adjusted as necessary. Customers must decide for themselves how to use the recommendations, taking into account the customer's corporate compliance policy.
See also
SEP sesam Quick Install Guide - About Installation and Update - Performing a Virus Scan Before Single File Restore