Tip: Improving Performance When Running Antivirus Software

Tip: Improving Performance When Running Antivirus Software

  
Permalink: www.outsystems.com/goto/anti-virus-best-practices


Symptoms

Slow usage experience, however the screen times listed in Service Center usually do not show this.
Using Task Manager to examine time spent in kernel mode (Performance Tab -> View -> Kernel Times) shows percentage of time dedicated to kernel.


Cause

Antivirus software, while a powerfull tool to help protect your servers, can also create a large performance impact. Usually AntiVirus scanning is done at the kernel level, taking away CPU time for applications. Scanning is usually intercepted at the network level before IIS processing, or when reading or writing to the disk.


Resolution

Most commercial antivirus solutions provide a way to define exclusions lists that prevent the antivirus from scanning files or applications whilst still enforcing it's regular rules for all external components.

1. File and folder exclusions:
OutSystems recommends that:
- Exclusion of the folders bellow during reading and writing to disk - no real-time scan:
   - OutSystems Platform Server Installation Folder (default is C:\Program Files\OutSystems\Platform Server\)
   - Temporary ASP.NET files location
     - For Platform 8 and before: %WINDIR%\Microsoft.Net\framework64\v2.0.50727\Temporary ASP.NET Files;
     - For Platform 9: %WINDIR%\Microsoft.Net\framework64\v4.0.30319\Temporary ASP.NET Files;
   - System temporary folder (typically %TEMP% or C:\Windows\Temp);
   - .NET Framework configuration files
     - For Platform 8 and before: %WINDIR%\Microsoft.Net\framework64\v2.0.50727\CONFIG;
     - For Platform 9: %WINDIR%\Microsoft.Net\framework64\v4.0.30319\CONFIG;


2. Operating system processes
OutSystems recommends disabling on-access scan for files accessed by the following processes

OutSystems Processes
- CompilerService.exe (OutSystems Deployment Controller)
- DeployService.exe (OutSystems Deployment Service)
- LogServer.exe (OutSystems Log Service)
- Scheduler.exe (OutSystems Scheduler Service)
- SMSConnector (OutSystems SMS Connector Service)

IIS Processes
- w3wp.exe (worker process)
- iisadmin.exe (IIS Admin service)

Microsoft recommended exclusions
- Microsoft has some official exclusion lists they document publicly. Check some of the links below:
   - http://support.microsoft.com/kb/822158
   - http://support.microsoft.com/kb/817442

3. Network scan exclusions
- No scanning of inbound HTTP & HTTPS requests made to the servers;
- No scanning of outbound HTTP & HTTPS requests made to external servers (web service calls for instance);
- No scanning of loopback (127.0.0.1) TCP communications within each server;
- No scanning of TCP connections between each front-end in an OutSystems farm.
For version 4.1+ the exclusions lists should take into account also the following directories:

- Platform Server Installation Folder (default is C:\Program Files\OutSystems\Service Center\)
- %SYSTEMROOT%\Microsoft.Net\framework\v2.0.50727\Temporary ASP.NET Files
If compression is being used to address tuning issues the exclusions lists should contemplate also the following directory:

- C:\WINDOWS\IIS Temporary Compressed Files
For version 4.2 the default OutSystems directory change to:

- Platform Server Installation Folder (default is C:\Program Files\OutSystems\Platform Server\)
Just yesterday the support directed me to this topic, because some anti virus messed up the production server I was working on.

Based on yesterday's experience I would like to add that NOT adding the mentioned (above) exceptions to the antivirus filters MIGHT as well corrupt your platform and .net files, causing the server to be unusable.
In my case, the platform and .net installations got corrupted by the anti virus software that deleted some files. It forced me to reinstall both, after adding the right exceptions to the anti virus.

Another problem that I found while trying to solve the first one was that, due to the fact that the .net installation got corrupted, I just couldn't use the remove/repair options in the control panel because it would just pop up an error. If I tried to run the setup file again it would just give me an error stating that a previous installation was detected and that I should use the repair/remove options.

To solve this I came across a little application that I think might come in handy to someone with a similar problem.
http://blogs.msdn.com/astebner/pages/8904493.aspx

It's a little tool that allows you to remove .net installations. It supports the following versions:

NET Framework - All Versions
.NET Framework - All Versions (Tablet PC and Media Center)
.NET Framework - All Versions (Windows Server 2003)
.NET Framework - All Versions (Windows Vista and Windows Server 2008)
.NET Framework 1.0
.NET Framework 1.1
.NET Framework 2.0
.NET Framework 3.0
.NET Framework 3.5

After using it I could finally run the .net setup and reinstall the framework
Is this still valid for P9 Amsterdam?

Hello

Yes, although in P9 you'll need to also exclude the .NET Framework 4.5 temporary files files, so you should take into account the following folders as well:

- %SYSTEMROOT%\Microsoft.Net\framework\v4.0.30319\Temporary ASP.NET Files
- %SYSTEMROOT%\Microsoft.Net\framework64\v4.0.30319\Temporary ASP.NET Files

Cheers