none
AntiVirus software on DPM 2010 server RRS feed

  • General discussion

  • We use DPM 2010 installed onto 2008 R2 physical server. The Storage pool is made up of 3x NAS iSCSi boxes.

    AV is installed onto the server and the servers it is protecting, which is F-secure V9.

    I recently noticed from the event logs that AV on the DPM server is detecting malware files from what looks like the the replica volumes of protected servers and is quarantining them.

    e.g.

    1  2012-08-09  16:26:10+01:00 ...  SYSTEM  F-Secure Anti-Virus

     Malicious code found in file \Device\HarddiskVolume151\fe988306-111f-47f1-a59f-1a9b3f3af249\.... etc.

    The file was quarantined.

    Ignoring the issue of the malware and the effect of it on the protected server, would this intervention cause a corruption to the replica that DPM uses, and therefore damage the recovery points that depend on it?

    Thanks,

    Bruce.



    • Edited by Redbruce Thursday, August 9, 2012 4:04 PM
    Thursday, August 9, 2012 4:02 PM

All replies

  • Extract from : http://technet.microsoft.com/en-us/library/ff399439.aspx

    Delete infected files on protected servers and the DPM server.

    To prevent data corruption of replicas and recovery points, configure the antivirus software to delete infected files rather than automatically cleaning or quarantining them. Automatic cleaning and quarantining can result in data corruption because these processes cause the antivirus software to modify files, making changes that DPM cannot detect.

    Whenever DPM attempts to synchronize a replica that has been modified by another program, data corruption of the replica and recovery points can result. Configuring the antivirus software to delete infected files resolves this problem. For information about configuring your antivirus software to delete infected files, see the documentation for your antivirus software.
    ImportantImportant
    You must run a manual synchronization with consistency check job each time that the antivirus software deletes a file from the replica, even though the replica will not be marked as inconsistent.

    Thursday, August 9, 2012 8:59 PM
  • Hi Redbruce,

    Running antivirus on the DPM severs and the servers your DPM server is running need some configuration. Please verify your exclusion of catalouges and services mentioned in this TechNet link http://technet.microsoft.com/en-us/library/ff399368


    Best Regards

    Robert Hedblom

    MVP DPM


    Check out my DPM blog @ http://robertanddpm.blogspot.com


    Friday, August 10, 2012 7:04 AM
    Moderator