I work for a fairly large company (>10k). On our intranet we run many
applications, (client/server and web, e.g. ASP.NET). We continually
come across application impacts due to new releases, patches, etc. of
Symantec AV real time scanning (RTVScan).
As a general question, is there any information on the best way to
manage these impacts? I believe as a company we've gone overboard
with the scanning for viruses but we do not seem to be out of the
norm. We have real time scanning running on all desktops (and shared
drives) and all paths leading into the intranet (e.g. mail servers,
web connection, etc.). And we have it running on all servers.
Running real time scanning on application servers (IIS, client-server,
etc.) seems like over kill and has caused many lengthy troubleshooting
efforts where the root cause was real time scanning.
Isn't there a better way? Would it make more sense to, for example,
only allow trusted apps to run on the server? We have some critical
document management apps and scanning the files each time one is moved
from the secured vault to the end user or printer not only gravely
impacts performance it seems... silly. Generating pdf files using
crystal reports and streaming the result to an end user's browser gets
locked up about 20% of the time. Symantec says to run RTV scan and
Crystal says to turn it off. Reading MS posts on app performance,
usually the first recommendation is to turn RTV scans off.
Now, before you berate the post for a lack of respect (or fear) of the
perils a virus might impose, consider that I'm really asking for a
more common sense, pragmatic approach. Any information, especially
references to sites, that might provide guidance as to a systematic
approach for implementation of real time virus scanning is
appreciated.
Thanks.
Application Impacts of Real-Time anti virus scanning and guidance for its use within an intranet 
Linear Mode
