question

SimonWalker-5942 avatar image
0 Votes"
SimonWalker-5942 asked YOUNSIMenad-2690 commented

Antivirus exclusions for Storage Replica

Hi all,

I'm having some issues with Storage Replica not playing nicely with Mcafee ENS on two 2016 servers. They're set up as a failover cluster with a disk on each server set up to replicate using Storage Replica. With the ENS on-access scan disable I can run "Sync-SRGroup -Name $srgroup_name" from PowerShell and the two disks will find each other and quickly say "Continuously replicating" as their status. With the on-access scan enabled if I run Sync-SRGroup the disks will stay on "ConnectingToSource"/"WaitingForDestination" indefinitely. Having spoken to Mcafee support they say that we need to configure additional exclusions for on-access scan however they weren't able to tell me what those exclusions actually were. I've added those recommended in this article: https://docs.microsoft.com/en-GB/troubleshoot/windows-server/high-availability/not-cluster-aware-antivirus-software-cause-issue, (essentially just %Systemroot%\Cluster as the quorum is not on a locally attached disk and we're not using a cluster service account) but this doesn't appear to be enough to get it working.

Has anyone else had similar issues with Storage Replica and antivirus?

windows-server-2016
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

Thanks for posting on our forum!

From our perspective, we can provide you with some guidance on configuring antivirus exclusions for storage replica in a cluster service if you use Windows Defender as well. However, after my research, Mcafee ENS is a security application so I am not sure if you should also configure exclusions from this app as well:
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-exclusions-microsoft-defender-antivirus?view=o365-worldwide

In terms of VSB script, we may not be able to offer any help as it is beyond our scope. However, you can go to Github.com to ask for help.

Thanks for your support and understanding! Besides, if you think my answer is helpful, would you please help me Accept Answer. An accepted blog can be put on top of our forum, so that people who have a similar issue can get access to their solution more quickly.

BR,
Joan

0 Votes 0 ·
YOUNSIMenad-2690 avatar image
0 Votes"
YOUNSIMenad-2690 answered YOUNSIMenad-2690 commented

Hi , we are the same problem on my company with mcafee agent the replication stuck to (waiting destination) when we disconnect mcafee agent , the replication pass to "continous replicating".

SimonWalker-5942 have you find a solution since 2 month ?

Thanks in advance for your help.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Nothing yet I'm afraid. I'm in touch with Mcafee support though so if they ever find a fix I'll post it here.

0 Votes 0 ·

Oh , and there are nothing on the web , we will open a case MS , maybe they have an idea for that. if we have a solution we will post here too.

thank you

0 Votes 0 ·
YOUNSIMenad-2690 avatar image
0 Votes"
YOUNSIMenad-2690 answered YOUNSIMenad-2690 commented

Hello , I don't know if you have find a solution , but we have solve this problem with Mcafee , it must to put "SYSTEM" on process in low risk on the on access configuration. After that we don't have the "connecting to source/ waiting to destination"

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @YOUNSIMenad-2690 - Was this recommended by Mcafee? We also face the same problem. I cannot understand the solution. Add "SYSTEM" and set the process type to "Low Risk" in the ON-Access scan.
Is this what you trying to say?

0 Votes 0 ·
YOUNSIMenad-2690 avatar image YOUNSIMenad-2690 VishaalVSGroup-8351 ·

Hello,

In fact, from your EPO admin console, go to strategy catalog ==> Endpoint Security Threat Prevention ==> on-access scan ==> choose the strategy where your servers are located and click modify
and in the process parameters ==> "check Configure different settings for high risk and low risk processes" and ADD the process "SYSTEM" only that in low risk process.

After A little lower check "Do not scan while reading from disk or writing to disk" in low risk and SAVE the configuration.

To finish you can force the strategy to your servers on "system tree" ==> select your servers and "reactivate agent" don't forget to check "Force full update of policies and tasks" and click OK. After test to failover your cluster resource and check if its still stuck on "waiting destination, connect to source ".

For us to solve the problem, I hope I was clear enough, I apologize in advance for my bad English.

0 Votes 0 ·
RodrigoHolanda avatar image
0 Votes"
RodrigoHolanda answered

Any update related to this case? Im facing the issue.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.