Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Create and access a list of your products

Avamar: Backup performance impacted by anti-virus software real-time file scan

Summary: Anti-virus software for real-time scanning of files is impacting Avamar client backup or restore performance.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Symptoms

The backup performance of an Avamar client during the scanning of files is relatively low.

The following points are true:
  • Status messages in the client log show low CPU usage by avtar.exe (see Dell article Avamar - How to interpret avtar backup log status lines)

  • The backup is not bottlenecked due to network congestion.
  • Anti-virus software is installed on the client.
  • The anti-virus software is set to scan files in real time "on access" (when an application accesses files)
To diagnose or view the issue during a backup, use the Task Manager:
  1. Processes tab > View > Select Columns
  2. Enable the "I/O Read Bytes", and "I/O Reads" columns.
  3. While a backup is in progress, monitor the anti-virus process.
  4. If the "I/O Read Bytes" or "I/O Reads" numbers for the anti-virus application are heavily incremented during the backup, this may indicate an issue.

Cause

The anti-virus on access scanning feature contends with the avtar process for the storage I/O by intercepting files which avtar is trying to access.

The anti-virus may be scanning snapshot storage which contends with avtar process for access to the snapshot that was taken as part of the backup.

This extra load on the storage hardware reduces the potential file scan speed of the backup.

Resolution

As a test, temporarily disable the anti-virus on-access or real-time scanning feature and rerun the backup.

Temporarily configure a test Virtual Machine (VM) to do client-level backup with no anti-virus installed record timing then install anti-virus and compare.

Compare the performance of the latest backup with earlier backups where real-time scanning was active. To do this, review a complete client log for Backed-up.

Manually add --status=120 in additional options to increase the frequency of status messages for testing.
avtar Info <6083>: Backed-up 344.3 GB in 862.43 minutes: 24 GB/hour (1,508,688 files/hour)
If backup performance is improved with on-access scanning disabled, configure the anti-virus software to trust application activity by Avamar binaries or to ignore the reads.

In addition to the avtar.exe, the executables to trust or safe-list from anti-virus ON ACCESS SCANNING are below. The files are typically installed in the c:\program files\avs\bin folder:
avexchglr.exe   Exchange Server GLR
avexvss.exe     Exchange Server
axionfs.exe     Exchange Server GLR
avoracle.exe    Oracle
avlotus.exe     Lotus Notes
avscc.exe       Desktop Icon
avagent.exe     Communication service between the client and Avamar server
avvss.exe       Disaster Recovery, BMR
avmossvss.exe   SharePoint Servers
avupdate.exe    Client update tool
After resolving this type of interference from anti-virus software, if backup performance is still low, see Dell article: Avamar slow backup performance - how to troubleshoot and identify bottlenecks (RESOLUTION PATH)

Additional Information

The behavior described occurs with any anti-virus program that performs "real-time" or "on-access" scanning.
Below are links to suggested articles of various anti-virus vendors' online documentation that discuss the behavior or how to mitigate it.
Some anti-virus programs keep hash or MD5 checksums of excluded or safe listed programs. When upgrading Avamar software the hash or MD5 checksum needs to be recalculated per software vendor requirements.

Symantec EndPoint Protection

Trend Micro Office scan

Sophos

Quick Heal Endpoint Security

ESET Endpoint anti-virus

Panda Security

CrowdStrike

Microsoft

Carbon Black

Fortinet

Trellix (FireEye)
 

Note: Trellix's Low-Risk Processes policy allows users to disable scan on read and scan on write for any process added to the policy. This configuration allows the process to run while preventing scanning of the disk activity caused by the process.

Cisco AMP

Rapid7

Affected Products

Avamar Client for Windows, Avamar Desktop/Laptop Option, Avamar Plug-in for Exchange 2007, Avamar Plug-in for Exchange VSS, Avamar Plug-in for Hyper-V VSS, Avamar Plug-in for IBM DB2, Avamar Plug-in for Lotus Domino, Avamar Plug-in for Oracle , Avamar Plug-in for SAP with Oracle ...

Products

Avamar, Avamar Plug-in for SharePoint, Avamar Plug-in for SharePoint VSS, Avamar Plug-in for SQL, Avamar Server, Avamar Virtual Edition
Article Properties
Article Number: 000065139
Article Type: Solution
Last Modified: 25 Dec 2024
Version:  17
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.