VMware Cloud Community
eagleh
Enthusiast
Enthusiast

Symantec Antivirus Enterprise causes CPU contention?

Environment: 2 x ESX3.5 U2, Two Quad-Core CPU (2G) and 16G Memory on each host

A dedicated Symantec Antivirus Enterprise Server on a VM to watch over servers and workstations.

Problem: From time to time, I see on my major file server (itself is a VM too) the System CPU usage goes up as high as 80%-90% percent and System Idle Process drops to 10-20%. This file server is AntiVirus real-time protected. ("Enable Auto-Protect") I could not find out what process/session eats up that much CPU resource during those time.

Question: Is it a bad design to have my Symantec AntiVirus scan files whenever they are being put onto this file server? This file server provides storage to my users through RDMs connecting to SAN.

If you found this information useful, please kindly consider awarding points for "Correct" or "Helpful". Thanks!
Reply
0 Kudos
3 Replies
kjb007
Immortal
Immortal

I would say that this is not a bad design. You want this type of protection, especially on a file server. If you are seeing a huge spike, I would check to see what type of files are being scanned when the spike occurrs. Turn up the logging, and verify that the files being scanned should be scanned. Run perfmon and keep it running for some time so you can see exactly what is causing the cpu to spike.

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
Texiwill
Leadership
Leadership

Hello,

Also verify when you do your full disk scans. If those are enabled you will see a spike. Also check what else is running on the VM, are you doing virus scans at the same time all over the system?


Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.

CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354

As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
eagleh
Enthusiast
Enthusiast

Thanks folks. However, when I do a manual full disk scan on this file server, I don't see CPU spikes that much. It goes only 20-50% for Rtvscan.exe. So I guess it has to be something else. I used Process Explorer, but couldn't find out what it is. It only shows me "System" process when that CPU striking happens, just like in Task Manager. I am stuck.

If you found this information useful, please kindly consider awarding points for "Correct" or "Helpful". Thanks!
Reply
0 Kudos