(Click here for printable version)

Article Detail:

Important Note: When running antivirus software with "real-time" or "on-access" scan enabled, it is a requirement that the proper exemptions for AXIS folders are created. Most corporations have strict policies governing the setup and use of antivirus software.  Do not make any modifications to your antivirus setup without first consulting your system administrator.

Antivirus software and AXIS:

Most antivirus software provides its protection by doing "real-time" or "on-access" scanning of the file system on your computer. This means that whenever a piece of software tries to read from or write to your hard disk the antivirus software looks at the file read/write request, compares it to a list of known virus definitions, and decides whether it is safe to allow the request to proceed.  As long as your virus definitions are up to date, therefore, it becomes very difficult for a virus to infect your computer since it generally needs to write a file to successfully install itself.

Unfortunately, the process of comparing the file request to the list of virus definitions takes longer than simply allowing the request to go through unchecked.  Whether you notice the slowdown or not depends in a large part on the amount of disk access an application requires.   Because AXIS frequently reads and writes large files (while updating results, projections, etc), you may notice that its performance is more severely affected by the virus scanner than other applications that access the disk less frequently. 

There are numerous symptoms that could be caused by a virus scanner affecting AXIS performance:

1. Batch runs seem to take longer than they should (see http://www.ggy.com/support/reqequip.asp for some AXIS benchmark times).
2. Long delays when starting or installing AXIS.
3. Random crashes.

The simplest way to test it is to ask your systems department to temporarily disable "real-time file system protection" on your computer.  When this is done, try rerunning the procedure that was running slowly and note any differences in performance.  If it is substantially faster it indicates that the virus scanner is affecting the performance.

It is a requirement that AXIS folders are excluded from real-time scans even if you do not think that your system is affected. With every update to the anti-virus definitions the behaviour of the scan may change and you may experience the problems anytime.

Fixing the problem:

Exclude the following AXIS directories from the realtime (on-access) scans:

• AXIS program files directories 
• Directories where you store your datasets
• DataLink source files directories 
• Import/export databases directories 
• AXIS temporary files directory (default C:\SPARE) 
• AXIS GridLink Controller installation directory on each computer in the processor farm

You can still perform full scan on all directories and files in them but only when AXIS is not running.

What do the Other Companies Say?

It is a common issue in the software industry that the software performance and stability may be affected by anti-virus scanners. AXIS is not the only victim. Many software vendors require users to exclude their program and data folders from anti-virus real-time scan, and ask users not to perform an on-demand scan when their software are running, especially for software that are CPU and disk intensive, like AXIS. The following are some examples.

Case 1: IBM ClearCase

ClearCase is a software configuration management tool for developers. IBM has the following requirements in its online article "Support Policy for Anti-virus and ClearCase":

• When possible scan manually or on a scheduled basis during down time (non-work time).
• ClearCase should be shut down on the host being scanned.
• "Real-time" or "on-access" scans should be avoided.
• Virus scanner should not be configured to attempt cleaning or deletion of infected files.

Failure to do so may result in:

• Performance impact

Virus scanning can impose performance impact during normal operations. This impact could be significant depending on client speed, network bandwidth, server performance, and the number of clients connected.

• Job failure

The final step in the on-access operation is typically to rename files that ClearCase creates. Also, on-access scans may lock a file to perform some operations resulting in errors like "operation 'rename_container' failed."

• Corrupted or missing files and dramatic increased recovery time

For more details, please visit the following link:

http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg21149511

Case 2: Microsoft Exchange Server 2003

In an online article "Overview of Exchange Server 2003 and Antivirus Software" Microsoft claimed that the "file-level" anti-virus scanners may lock or quarantine an Exchange log or a database file while Exchange 2003 tries to use the file. This behavior may cause a severe failure in Exchange 2003 and may also generate -1018 errors.

The solution that Microsoft suggests is to exclude certain folders from both on-demand and on-access file-level scans.

For more details, please visit the following link:

http://support.microsoft.com/kb/823166

Voice from Anti-Virus Software Vendors

The anti-virus software vendors are aware of these problems. Symantec, the vendor of Norton anti-virus software, recommended the following to its users:

• Schedule Full On-demand Scan with Caution

This full scan should occur at a time that minimizes the performance impact on your users, such as overnight or during weekends.

• Disable Network Drive Real-time Scanning

Scanning network drives can sometimes cause issues with database software, unnecessary network traffic, and issues with network-accessed applications.

• Exclude Specific Drives and Folders

Sometimes a normal part of a program's operation may be detected as virus-like activity by Symantec anti-virus real-time. These specific drives and folders need to be excluded from real-time scans.

For more details, please visit the following links:

• Best practices for configuring Symantec AntiVirus Corporate Edition 9.x

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2004123012152148?Open&docid=2004092913144648&nsf=ent-security.nsf&view=docid

• Network performance slows significantly after installing Symantec AntiVirus Corporate Edition

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2002102415054548?Open&docid=2004123012152148&nsf=ent-security.nsf&view=docid

• Excluding specific drives and folders from Symantec AntiVirus scans

http://service1.symantec.com/support/ent-security.nsf/docid/2002092413394848

There is a special case worth mentioning. After installing Symantec Endpoint Protection 11.0 and attempting to run an application using a database (such as AXIS), the application hangs. Symantec has admitted that it might be caused by their "Auto-Protect" scanning creating a 'lock' on the database. Their solution is the same as what we have been recommending: to exclude specific folders! Please read the following link for the full story.

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/4eb95163e18a1e3bca25739f0014501a?OpenDocument

What Really Slows Windows Down

Oli at the PC Spy conducted a performance impact investigation on security software. People who are interested in knowing how much an anti-virus scanner can slow down their machines may find Oli's research very useful. The following is a partial list for 2 major anti-virus scanner vendors. For the full story, please visit http://www.thepcspy.com/read/what_really_slows_windows_down.

• What reasons are there for a run time slow down?