- Community Home
- >
- Storage
- >
- HPE Nimble Storage
- >
- Array Performance and Data Protection
- >
- Re: virus scan storm
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-16-2016 09:06 AM
02-16-2016 09:06 AM
I received a Cache under-provisioned error.
Happened during a scheduled anti-virus scan.
I guess you can call it a virus scan storm.
Where to go from here? Any suggestions ?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-16-2016 09:17 AM
02-16-2016 09:17 AM
Re: virus scan storm
the 2.2 code and higher will prevent random scans and write from flushing the cache. If your not on those code levels, you should upgrade. The other way to work around this is to write a script to disable cache on the effected volume during the scan, and then turn it back on.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-16-2016 10:06 AM
02-16-2016 10:06 AM
Re: virus scan storm
We are on 2.3.9.2. code. So we are already on that code level.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-24-2016 02:00 AM
02-24-2016 02:00 AM
SolutionMove away from traditional AV scanning, protect your endpoints and use AV scanning at the hypervisor level is much more efficient and solves your problems.
The IO storms during scans are a very common and there is no solution other than the above, you can mitigate the effect by offsetting the scans. NOTE: this offsetting of the times is something you should also apply to the application of WSUS updates!!
Cheers,
Chris
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-26-2016 09:27 AM
02-26-2016 09:27 AM
Re: virus scan storm
If you are using Symantec Endpoint Protection, I would look for a feature called Insight Cache. If you're forced (i.e. compliance) to do 'absolute' FULL scans on every machine every day or week, and your AV scan policies or endpoint groups aren't staggered, I would highly recommend an antivirus solution that compares file hashes on the scanned target, instead of actually scanning each and every file. You might not eliminate all of the load, but it definitely was noticeable for us.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-29-2016 06:56 PM
02-29-2016 06:56 PM
Re: virus scan storm
We have Symantec because someone finds it add's value. I could argue that point but I dont.
Instead we run the latest version 12.1.6 (?) the version that allows for a "light" client with drastically reduced definition file sizes and updates. The down side is that it only has definitions for the latest malware. We also have turned off scheduled scans. We only scan on file modification, which for 99% of the files on a VM are never touched after they arrive.
We have lot's of other layers in the environment, PaloAlto, FireEye...etc which actually catch/block stuff.
We also run WSUS updates in the wee hours of the morning.