When using an AntiVirus product on your Microsoft System Center Data Protection Manager 2016 server you have to configure it appropriately. What does that mean?
Technet says:
- Disable real-time monitoring – On the DPM server, disable real-time monitoring by the antivirus software for the following:
- \XSD folder
- \Temp\MTA folder
- Replica and transfer logs – To do this, disable real-time monitoring of dpmra.exe, which is located in the folder Program Files\Microsoft Data Protection Manager\DPM\bin. Real-time monitoring degrades performance because the antivirus software scans the replicas each time DPM synchronizes with the protected server, and scans all affected files each time DPM applies changes to the replicas.
- Administrator console – To avoid an impact on performance disable real-time monitoring of the csc.exe process (Windows\Microsoft.net\Framework\v2.0.50727\csc.exe). The csc.exe process is the C# compiler and real-time monitoring can degrade performance because the antivirus software scans files that the csc.exe process emits when it generates XML messages.
- Configure anti-virus software to delete infected files on protected servers and the DPM server – To prevent data corruption of replicas and recovery points, configure the antivirus software to delete infected files rather than automatically cleaning or quarantining them. Automatic cleaning and quarantining might cause the antivirus software to modify files, making changes that DPM cannot detect.You should run a manual synchronization with a consistency check job each time that the antivirus software deletes a file from the replica, even though the replica will not be marked as inconsistent.
Excluding directories and processes should be an easy task for every antivirus product. I am using Windows Server 2016 and Windows Defender (which is integrated and also free, so what) and you can do so by using the gui:
But… The second part – to delete infected files rather than automatically cleaning or quarantining them, cannot be configured in the gui. However, you can do so by using the PowerShell Cmdlet Set-MpPreference.
The options needed are LowThreatDefaultAction, ModerateThreatDefaultAction, HighThreatDefaultAction and SevereThreatDefaultAction. And the values you can use are:
- Quarantine
- Remove
- Ignore
So, if you want to correctly configure Windows Defender for Data Protection Manager 2016 using PowerShell use the following commands:
Set-MpPreference -LowThreatDefaultAction Remove
Set-MpPreference -ModerateThreatDefaultAction Remove
Set-MpPreference -HighThreatDefaultAction Remove
Set-MpPreference -SevereThreatDefaultAction Remove
Set-MpPreference -ExclusionPath "C:\Program Files\Microsoft System Center 2016\DPM\DPM\Temp\MTA", "C:\Program Files\Microsoft System Center 2016\DPM\DPM\XSD"
Set-MpPreference -ExclusionProcess "csc.exe", "dpmra.exe"
* Please change the drive letters accordingly.
You can check your settings using the cmdlet Get-MpPreference.
Recent Comments