Backups are running slowly on servers using anti-virus software

ISSUE

Backups are running slowly on servers using anti-virus software and/or backups failing due to a network timeout.

RESOLUTION

Recommended for ALL Anti-Virus and Security software vendors

Process Exclusions for Unitrends Client Agent
C:\PCBP\WBPS.exe
C:\PCBP\WBPR.exe
C:\PCBP\bpnetd.exe
C:\PCBP\agentconfig.exe
C:\windows\winexesvc.exe
 
Directory Exclusions for Unitrends Client Agent
C:\PCBP\
C:\unicbt\
C:\Unitrendsvcbt\

Network Exclusions for communicating between the Unitrends Client Agent and the Unitrends Appliance
All Client Agent Backup Types:  TCP Ports 1743 - 1749 (to and from the Unitrends Appliance)
Client Agent Image-level: TCP Port 443  (to and from the Unitrends Appliance)

 

Hyper-V Hosts 

In addition Microsoft has provided instructions for recommended Antivirus Exclusions on Hyper-V Hosts per MS KB: 
https://support.microsoft.com/en-us/help/3105657/recommended-antivirus-exclusions-for-hyper-v-hosts

Specific Vendors
Include the instructions above when and the appropriate vendor from below if listed.

 

Kaspersky

  1. Right-click the console node Kaspersky Anti-Virus and select the option Configure trusted zone.

  2. Go to the tab Trusted processes and enable the option Do not check files backup operations.

  3. Add the following executables to the trusted zone:

  • C:\PCBP\WBPS.exe
  • C:\PCBP\WBPR.exe
  • C:\PCBP\bpnetd.exe
  • C:\windows\winexesvc.exe
  1. Click "Ok" to apply the changes.

  2. Make sure that the trusted zone is enabled in the Real-time file protection.

     For more information visit http://support.kaspersky.com/us/4554 .


Sophos

From Sophos KB: https://community.sophos.com/kb/en-us/132691
The following registry change can be made to increase the default polling time used by the Sophos Health Service to a level that exceeds that which triggers the issue. On an affected server:

  1. Turn off Tamper protection

  2. Press the Windows Key + R, type regedit and press Enter.

  3. Access the following key:
    32-bit:
    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Health\
    64-bit:
    HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\Health\

  4. Create a DWORD value called PollingIntervalSeconds and set the data to 120

  5. Press the Windows Key + R, type services.msc and press Enter.

  6. Restart the Sophos Health Service

  7. Enable Tamper protection

  8. Open the registry editor and navigate to one of the following paths dependent upon your operating system

    • Win2K/XP (32-bit):

    • KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVOnAccessControl

    • Vista/Win7 (64-bit):

    • HEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVOnAccess

  9. Create a string values as follows:

  •      Name: ExcludedProcess0

  •      Value: WBPS.exe

  •      Type: String Value (REG_SZ)

  •      Name: ExcludedProcess1

  •      Value: WBPR.exe

  •      Type: String Value (REG_SZ)
     

  •      Name: ExcludedProcess2

  •      Value: bpnetd.exe

  •      Type: String Value (REG_SZ)

Lastly, reboot the computer to apply the changes.

     For more information visit https://community.sophos.com/products/endpoint-security-control/f/3/t/4011 .


Symantec 

  1. Right-click a server group, server, or client group, and then click All Tasks > Symantec AntiVirus Client Auto-Protect Options (or Client Realtime Protection Options).

  2. Check Exclude selected files and folders and then click the lock icon so that it appears as locked.

  3. Click Exclusions.

  4. If you use Symantec AntiVirus 8.x, check Check for exclusions before scanning and then click the lock icon so that it appears as locked.

  5. Click Extensions, and follow the on-screen instructions.

  6. Add the extensions without punctuation.
    (Repeat the previous steps for as many extension exclusions as necessary, and then click OK)

    1. C:\PCBP\WBPS.exe

    2. C:\PCBP\WBPR.exe

    3. C:\PCBP\bpnetd.exe

  7. Click Folders, and follow the on-screen instructions.

    1. C:\PCBP

  8. In addition to setting exclusions Symantec will also start scans on file being backed up and this behavior can be severly limiting to performance on backups.

  9. Open Symantec System Center.

  10. Right-click your primary anti-virus server, select All Tasks, select Symantec Anti-Virus, select Client Auto Protect options.

  11. Click Advanced and in the Scan Files When section, uncheck Opened For Backups.

  12. Right-click your primary anti-virus server, select All Tasks, select Symantec Anti-Virus, select Server Auto Protect options.

  13. Click Advanced and in the Scan Files When section, uncheck Opened For Backups.


For more information, please visit  https://support.symantec.com/en_US/article.tech99955.html



Trend Micro

  1. Log on to the OfficeScan web console.

  2. For OfficeScan 10.6/10.5/10.0:

   Go to Networked Computers > Client Management Tab

 For OfficeScan 11.0:

   Go to Agents > Agent Management tab.

  1. Select target domain or officescan client to configure the exclusion lists.

  2. Click the Settings drop-down menu and select Realtime Scan Settings.

  3. Add the following Scan Exclusions to exclude Unitrends backup:

File Exclusions:

  • WBPS.exe

  • WBPR.exe

  • bpnetd.exe

  • C:\PCBP\WBPS.exe*

  • C:\PCBP\WBPR.exe*

  • C:\PCBP\bpnetd.exe*

 Folder Exclusions:

  • C:\PCBP

  1. Click Apply to deploy the new settings to OfficeScan clients.

     For more information, please visit http://esupport.trendmicro.com/solution/en-US/1060488.aspx .

CAUSE

On-access/Real-time scanning functionality of various anti-virus applications can be quite debilitating to system and backup performance while Unitrends is performing a backup. In certain cases, backup operations may timeout causing various errors reported by the client and the appliance if on-access/real-time scanning is too disruptive to the backup process. Please use the following steps for the AV vendor being used to prevent files Unitrends processes are attempting to read/write from being scanned during backup operations.


 

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Contact us