Home | Downloads | Support | About GGY | About AXIS
Article Title: Anti-Virus Scanners and AXIS
Article Type: General System  
Article ID #: 271
GGY Contacts: GGY Client Support (416-250-6777)
Last Modified: 18 Mar 14

Article Summary:

The AXIS actuarial system makes heavy demands (reading/writing) on the file system of your computer. As a result, antivirus software set to scan the file system can cause serious performance problems with AXIS. This article summarizes some of the more common problems and some possible solutions.

(Click here for printable version)

Article Detail:

Important Note: When running antivirus software with "real-time" or "on-access" scan enabled, it is a requirement that the proper exemptions for AXIS folders are created. Most corporations have strict policies governing the setup and use of antivirus software.  Do not make any modifications to your antivirus setup without first consulting your system administrator.

Antivirus software and AXIS:

Most antivirus software provides its protection by doing "real-time" or "on-access" scanning of the file system on your computer. This means that whenever an application tries to read from or write to your hard disk the antivirus software looks at the file read/write request, compares it to a list of known virus definitions, and decides whether it is safe to allow the request to proceed.  As long as your virus definitions are up to date, therefore, it becomes very difficult for a virus to infect your computer since it generally needs to write a file to successfully install itself.

Unfortunately, the process of comparing the file request to the list of virus definitions takes longer than simply allowing the request to go through unchecked.  Whether you notice the slowdown or not depends in a large part on the amount of disk access an application requires.   Because AXIS frequently reads and writes large files (while updating results, projections, etc), you may notice that its performance is more severely affected by the virus scanner than other applications that access the disk less frequently. 

There are numerous symptoms that could be caused by a virus scanner affecting AXIS performance:

  1. Batch runs seem to take longer than they should (see https://ggy.com/support/reqequip.asp for some AXIS benchmark times).
  2. Long delays when starting or installing AXIS.
  3. Random crashes.

It is a requirement that AXIS folders are excluded from real-time scans even if you do not think that your system is affected. With every update to the anti-virus definitions the behaviour of the scan may change and you may experience the problems anytime.

Fixing the problem:

PLEASE NOTE: We do not ask you to turn the anivirus protection OFF completely, we only require real-time scanning exclusions which is the industry standard method used for most disk intensive applications.

Exclude the following AXIS directories from the realtime (on-access) scans:

AXIS installations using standalone AXIS versions

  • AXIS program files directories 
  • Directories where you store your datasets
  • DataLink source files directories 
  • Import/export databases directories 
  • AXIS temporary files directory (default C:\SPARE) 
  • BondEdge databases directories (if used)

AXIS GridLink installations

  • AXIS GridLink Controller installation directory on each computer in the processor farm
  • AXIS program files directories on each computer in the processor farm (specified in Farm Settings)
  • AXIS temporary files directory on each computer in the processor farm (specified in Farm Settings)
  • Directories where you store your datasets
  • DataLink source files directories
  • Import/export databases directories
  • BondEdge databases directories (if used)

AXIS installations under AXIS EnterpriseLink control

  • EnterpriseLink and AXIS program files directories (including EnterpriseLink service installation folder on each server)
  • Work Areas defined in EnterpriseLink - directories where you store your datasets, input/output files
  • AXIS temporary files directory on each server (default C:\SPARE)
  • EnterpriseLink temporary files directory
  • BondEdge databases directories (if used)
  • Backup folders
  • Version Control repository folders 


Is it possible to create exclusions for specific processes or file extensions?


Please note that the proper method of implementing real-time scanning requirements for AXIS is to exclude folders listed above. It is not possible to exclude just the individual files e.g. based on their extensions or names as many temporary files in AXIS folders are created dynamically and their names and extensions are calculated on-the-fly to be unique. In addition, new versions of AXIS may introduce components or storage formats that use different naming conventions and so such a list of names can never be static. It is also not possible to setup exclusions for specific executables as AXIS is launching various other executables for certain needs and also emitting dynamically created assemblies during the run. The end user may setup batch jobs in AXIS dataset that would also launch external applications in the middle of the jobs. As a result the list of processes to exclude may not be determined in any static form.

You can still perform full scan on all directories and files in them but only when AXIS is not running.

What do the Other Companies Say?

It is a common issue in the software industry that the software performance and stability may be affected by anti-virus scanners. AXIS is not the only victim. Many software vendors require users to exclude their program and data folders from anti-virus real-time scan, and ask users not to perform an on-demand scan when their software are running, especially for software that are CPU and disk intensive, like AXIS. The following are some examples.

Case 1: IBM ClearCase

ClearCase is a software configuration management tool for developers. IBM has the following requirements in its online article "Support Policy for Anti-virus and ClearCase":

  • When possible scan manually or on a scheduled basis during down time (non-work time).
  • ClearCase should be shut down on the host being scanned.
  • "Real-time" or "on-access" scans should be avoided.
  • Virus scanner should not be configured to attempt cleaning or deletion of infected files.

Failure to do so may result in:

  • Performance impact

Virus scanning can impose performance impact during normal operations. This impact could be significant depending on client speed, network bandwidth, server performance, and the number of clients connected.

  • Job failure

The final step in the on-access operation is typically to rename files that ClearCase creates. Also, on-access scans may lock a file to perform some operations resulting in errors like "operation 'rename_container' failed."

  • Corrupted or missing files and dramatic increased recovery time

For more details, please visit the following link:

http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg21149511

Case 2: Microsoft Exchange Server 2003

In an online article "Overview of Exchange Server 2003 and Antivirus Software" Microsoft claimed that the "file-level" anti-virus scanners may lock or quarantine an Exchange log or a database file while Exchange 2003 tries to use the file. This behavior may cause a severe failure in Exchange 2003 and may also generate -1018 errors.

The solution that Microsoft suggests is to exclude certain folders from both on-demand and on-access file-level scans.

For more details, please visit the following link:

http://support.microsoft.com/kb/823166

Other companies, such as Platform Computing, also have similar suggestions or requirements.

Voice from Anti-Virus Software Vendors

The anti-virus software vendors are aware of these problems. Symantec, the vendor of Norton anti-virus software, recommended the following to its users:

  • Schedule Full On-demand Scan with Caution

This full scan should occur at a time that minimizes the performance impact on your users, such as overnight or during weekends.

  • Review Whether To Perform Network Drive Real-time Scanning

Scanning network drives can sometimes cause issues with database software, unnecessary network traffic, and issues with network-accessed applications.

  • Exclude Specific Drives and Folders

Sometimes a normal part of a program's operation may be detected as virus-like activity by Symantec anti-virus real-time. These specific drives and folders need to be excluded from real-time scans.

For more details, please visit the following links:

  • Best practices for configuring Symantec AntiVirus Corporate Edition 9.x

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2004123012152148?Open&docid=2004092913144648&nsf=ent-security.nsf&view=docid

  • Network performance slows significantly after installing Symantec AntiVirus Corporate Edition

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2002102415054548?Open&docid=2004123012152148&nsf=ent-security.nsf&view=docid

  • Excluding specific drives and folders from Symantec AntiVirus scans

http://service1.symantec.com/support/ent-security.nsf/docid/2002092413394848

  • Can Symantec EndPoint Protection scan MS SQL Server database?

http://www.symantec.com/business/support/index?page=content&id=TECH100129&actp=search&viewlocale=en_US&searchid=1328031920027

  • Microsoft's virus scanner recommendations for enterprise customers

http://support.microsoft.com/kb/822158

 

What Really Slows Windows Down

Oli at the PC Spy conducted a performance impact investigation on security software. People who are interested in knowing how much an anti-virus scanner can slow down their machines may find Oli's research very useful. The following is a partial list for 2 major anti-virus scanner vendors. For the full story, please visit http://www.thepcspy.com/read/what_really_slows_windows_down.

Software % Boot Delay % Prime Delay % FileIO Delay
Norton Internet Security 2006 46 20 2369
McAfee VirusScan Enterprise 8 7 20 2246
Norton Internet Security 2007 45 8 1515
Norton Antivirus 2002 11 8 658

Contact | Client  Login / File Upload | Terms of Use | Email GGY   Search