Backup Exec for Windows Servers - Backup and Restore job rates are extremely slow when McAfee Anti-virus Software is installed on the same machine
Problem
Backup Exec for Windows Servers - Backup and Restore job rates are extremely slow when McAfee Anti-virus Software is installed on the same machine
Solution
NOTE: For Backup Exec 16 and above; the installation path has changed from Symantec to Veritas.
Please adjust the paths described in this article accordingly to your environment
(example: C:\Program Files\Veritas\Backup Exec\....)
Exclude the following processes (if they are exist in the system) from within McAfee (Change C:\ as needed depending on which root volume the Media Server or Remote Agent is installed to)
C:\Program Files\Symantec\Backup Exec\beremote.exe
C:\Program Files\Symantec\Backup Exec\beserver.exe
C:\Program Files\Symantec\Backup Exec\bengine.exe
C:\Program Files\Symantec\Backup Exec\benetns.exe
C:\Program Files\Symantec\Backup Exec\pvlsvr.exe
C:\Program Files\Symantec\Backup Exec\BackupExec.exe
C:\Program Files\Symantec\Backup Exec\BkUpexec.exe
C:\Program Files\Symantec\Backup Exec\backupexecmanagementservice.exe
C:\Program Files\Symantec\Backup Exec\bedbg.exe
C:\Program Files\Symantec\Backup Exec\pdvfsservice.exe (*1)
C:\Program Files\Symantec\Backup Exec\spad.exe (*1)
C:\Program Files\Symantec\Backup Exec\spoold.exe (*1)
C:\Program Files\Symantec\Backup Exec\pddb\bin\pg_ctl.exe (*1, *3)
C:\Program Files\Symantec\Backup Exec\mtstrmd.exe (*1, *4)
C:\Program Files\Symantec\Backup Exec\VxLockdownServer.exe (*5)
C:\Program Files\Symantec\Backup Exec\RemSrv64.exe (*2)
*1: When using Backup Exec deduplication storage
*2: When using Microsoft Exchange server backups
*3: Backup Exec version 16 or below
*4: Backup Exec version 20.0 or above
*5: Backup Exec version 20.4 or above
How to add critical Media Server processes to McAfee's Low-Risk Processes List
1. Launch the McAfee VirusScan Console.
2. Right-click on On-Access Scanner and select Properties:
3. Navigate to All Processes > Processes tab.
4. Switch the radio button to "Use different settings for high-risk and low-risk processes:"
5. Navigate to Low-Risk Processes > Processes tab > click Add > click Browse:
6. Process by process - add this list of Backup Exec processes (if they are exist in the system) to the list of Low-Risk Processes:
C:\Program Files\Symantec\Backup Exec\beremote.exe
C:\Program Files\Symantec\Backup Exec\beserver.exe
C:\Program Files\Symantec\Backup Exec\bengine.exe
C:\Program Files\Symantec\Backup Exec\benetns.exe
C:\Program Files\Symantec\Backup Exec\pvlsvr.exe
C:\Program Files\Symantec\Backup Exec\BackupExec.exe
C:\Program Files\Symantec\Backup Exec\BkUpexec.exe
C:\Program Files\Symantec\Backup Exec\backupexecmanagementservice.exe
C:\Program Files\Symantec\Backup Exec\bedbg.exe
C:\Program Files\Symantec\Backup Exec\pdvfsservice.exe
C:\Program Files\Symantec\Backup Exec\spad.exe
C:\Program Files\Symantec\Backup Exec\spoold.exe
C:\Program Files\Symantec\Backup Exec\pddb\bin\pg_ctl.exe
C:\Program Files\Symantec\Backup Exec\mtstrmd.exe
C:\Program Files\Symantec\Backup Exec\VxLockdownServer.exe
C:\Program Files\Symantec\Veritas\Backup Exec\RemSrv64.exe
7. Once all of the above processes have been added, with Low-Risk Processes selected, select the Detection tab and uncheck When writing to disk and When reading from disk:
How to add Backup Exec paths to McAfee's list of what not to scan:
1. Within On-Access Scan Properties, select Default Processes on the left column, then select the Detection tab. Click on Exclusions for the category of What not to scan.
2. Click Add and individually browse out to these three locations adding each in turn:
C:\Program Files\Symantec\Backup Exec\* (be sure to append * to the path once each path has been added)
C:\ProgramData\Symantec\CRF\*
Note:
If Backup Exec uses backup-to-disk locations or deduplication storage, check locations and add each paths. For example;
<Drive Letter>:\BEData\*
<Drive Letter>:\BackupExecDeduplicationStorageFolder\*
3. Within path excluded, be sure also to exclude subfolders, and On read and On write are all checked.
How to configure McAfee to not scan files open for backup:
1. Under Default Processes, Low-Risk Processes and High-Risk Processes, click on the Advanced Tab and uncheck Scan files open for backup:
Note: Any machine - Media Server or Remote Agent - which is running McAfee should have its McAfee properties modified to disable Scan files opened for Backup. Each machine with a Remote Agent installed should be individually modified with this setting unless centralized changes can be made to all clients from a single location (for example, by using McAfee's Event Policy Orchestrator).
Disable scanning of files opened for backup via Registry if can't find the option in McAfee Console
https://kc.mcafee.com/corporate/index?page=content&id=KB72334
The Access Protection rule "Anti-virus Standard Protection --> Prevent use of tftp.exe" is disabled by default. If it is enabled, the following exclusions must be added:
- Click Start, Programs, McAfee, VirusScan Console.
- Double-click Access Protection.
- Select Anti-virus Standard Protection.
- Select Prevent use of tftp.exe, and click Edit.
- In the Processes to exclude: box, add the Backup Exec process names separated by a comma:
beremote.exe, beserver.exe, bengine.exe, benetns.exe, pvlsvr.exe, BackupExec.exe, BkUpexec.exe, backupexecmanagementservice.exe, bedbg.exe, pdvfsservice.exe, spad.exe, spoold.exe, pg_ctl.exe - Click OK to save and close both windows.
For additional information on these settings, please reference McAfee source material:
https://mysupport.mcafee.com/Eservice/Default.aspx
Understanding High-Risk, Low-Risk, and Default processes configuration and usage
https://kc.mcafee.com/corporate/index?page=content&id=KB55139
https://kc.mcafee.com/corporate/index?page=content&id=KB58692
Understanding VirusScan Enterprise Exclusions
VirusScan Enterprise exclusions for Veritas Backup Exec
https://kc.mcafee.com/corporate/index?page=content&id=KB68701