Ask the Community
Groups
Backups are running slowly on servers using anti-virus software (Allow/Exclusions for security software) - Connect IT Community | Kaseya
<main> <article class="userContent"> <h2 data-id="issue"><strong>ISSUE</strong></h2> <p>Backups are running slowly on servers using anti-virus software and/or backups failing due to a network timeout.</p> <h2 data-id="n-a"> </h2> <h2 data-id="resolution"><strong>RESOLUTION</strong></h2> <div> <h2 data-id="recommended-for-all-anti-virus-and-security-software-vendors"><strong>Recommended for <em>ALL</em> Anti-Virus and Security software vendors</strong></h2> <div><strong>Process Exclusions for Unitrends Client Agent</strong></div> <ul><li> <ul><ul><li>C:\PCBP\WBPS.exe</li> <li>C:\PCBP\WBPR.exe</li> <li>C:\PCBP\bpnetd.exe</li> <li>C:\PCBP\agentconfig.exe</li> <li>C:\PCBP\UTBlockAgent.exe (For Image-level backups)</li> <li>C:\windows\<a href="https://kaseya.vanillacommunities.com/kb/articles/aliases/unitrends/hc/en-us/articles/360013169257" rel="noopener nofollow">winexesvc.exe</a> </li> </ul></ul></li> </ul><div> <br><strong>Directory Exclusions for Unitrends Client Agent</strong> </div> <ul><li> <ul><ul><li>C:\PCBP\</li> <li>C:\unicbt\</li> <li>C:\Unitrendsvcbt\</li> </ul></ul></li> </ul><div> </div> <div> <strong>PowerShell:</strong> The Unitrends Client Agent may send PowerShell commands to configure settings and submit the backup or restore requests. This also occurs during install of the Unitrends Client Agent. If PowerShell access is blocked, the Client Agent will still install but the proper settings will not be in place, leading to backup/restore failures. Please configure the computer and security software to allow Unitrends to communicate with PowerShell. </div> <div> <br><strong>Network Exclusions for communicating between the Unitrends Client Agent and the Unitrends Appliance</strong> </div> <ul><li> <ul><ul><li> <strong>All Client Agent Backup Types:</strong> TCP Ports 1743 - 1749 (to and from the Unitrends Appliance)</li> <li> <strong>Client Agent Image-level:</strong> TCP Port 443 (to and from the Unitrends Appliance)</li> </ul></ul></li> </ul><h2 data-id="n-a-1"> </h2> <h2 data-id="hyper-v-hosts"><strong>Hyper-V Hosts </strong></h2> <p>In addition Microsoft has provided instructions for recommended Antivirus Exclusions on Hyper-V Hosts per MS KB: <br><a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fsupport.microsoft.com%2Fen-us%2Fhelp%2F3105657%2Frecommended-antivirus-exclusions-for-hyper-v-hosts" rel="noopener nofollow">https://support.microsoft.com/en-us/help/3105657/recommended-antivirus-exclusions-for-hyper-v-hosts</a><br><br><strong>Specific Vendors</strong><br>Include the instructions above when and the appropriate vendor from below if listed.</p> <p> </p> <p><strong>Kaspersky</strong></p> <div> <ol><li> <p>Right-click the console node Kaspersky Anti-Virus and select the option Configure trusted zone.</p> </li> <li> <p>Go to the tab Trusted processes and enable the option Do not check files backup operations.</p> </li> <li> <p>Add the following executables to the trusted zone:</p> </li> </ol><ul><li>C:\PCBP\WBPS.exe</li> <li>C:\PCBP\WBPR.exe</li> <li>C:\PCBP\bpnetd.exe</li> <li>C:\PCBP\agentconfig.exe</li> <li>C:\windows\<a href="https://kaseya.vanillacommunities.com/kb/articles/aliases/unitrends/hc/en-us/articles/360013169257" rel="noopener nofollow">winexesvc.exe</a> </li> </ul><ol><li> <p>Click "Ok" to apply the changes.</p> </li> <li> <p>Make sure that the trusted zone is enabled in the Real-time file protection.</p> </li> </ol><div> <p> For more information visit <a href="/home/leaving?allowTrusted=1&target=http%3A%2F%2Fsupport.kaspersky.com%2Fus%2F4554">http://support.kaspersky.com/us/4554</a> .<br><br><br><strong>Sophos</strong></p> <p>From Sophos KB: <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fcommunity.sophos.com%2Fkb%2Fen-us%2F132691" rel="noopener nofollow">https://community.sophos.com/kb/en-us/132691</a><br>The following registry change can be made to increase the default polling time used by the Sophos Health Service to a level that exceeds that which triggers the issue. On an affected server:</p> <ol><li> <p>Turn off <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fcommunity.sophos.com%2Fkb%2Fen-us%2F119175" rel="noopener nofollow">Tamper protection</a></p> </li> <li> <p>Press the Windows Key + R, type <strong>regedit</strong> and press Enter.</p> </li> <li> <p>Access the following key:<br>32-bit:<br><code class="code codeInline" spellcheck="false" tabindex="0">HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Health\</code><br>64-bit:<br><code class="code codeInline" spellcheck="false" tabindex="0">HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Sophos\Health\</code></p> </li> <li> <p>Create a <strong>DWORD</strong> value called <strong>PollingIntervalSeconds</strong> and set the data to 120</p> </li> <li> <p>Press the Windows Key + R, type<strong> services.msc</strong> and press Enter.</p> </li> <li> <p>Restart the Sophos Health Service</p> </li> <li> <p>Enable Tamper protection</p> </li> <li> <p>Open the registry editor and navigate to one of the following paths dependent upon your operating system</p> <ul><li> <p>Win2K/XP (32-bit):</p> </li> <li> <p>KEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVOnAccessControl</p> </li> <li> <p>Vista/Win7 (64-bit):</p> </li> <li> <p>HEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SAVOnAccess</p> </li> </ul></li> <li> <p>Create a string values as follows:</p> </li> </ol></div> <ul><li> <p> Name: ExcludedProcess0</p> </li> <li> <p> Value: WBPS.exe</p> </li> <li> <p> Type: String Value (REG_SZ)<br></p> </li> <li> <p> Name: ExcludedProcess1</p> </li> <li> <p> Value: WBPR.exe</p> </li> <li> <p> Type: String Value (REG_SZ)<br> </p> </li> <li> <p> Name: ExcludedProcess2</p> </li> <li> <p> Value: bpnetd.exe</p> </li> <li> <p> Type: String Value (REG_SZ)</p> </li> </ul><p>Lastly, reboot the computer to apply the changes.</p> <p> For more information visit <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fcommunity.sophos.com%2Fproducts%2Fendpoint-security-control%2Ff%2F3%2Ft%2F4011" rel="noopener nofollow">https://community.sophos.com/products/endpoint-security-control/f/3/t/4011</a> .<br><br><br><strong>Symantec</strong> </p> <ol><li> <p>Right-click a server group, server, or client group, and then click <strong>All Tasks</strong> > <strong>Symantec AntiVirus </strong>> <strong>Client Auto-Protect Options</strong> (or <strong>Client Realtime Protection Options</strong>).</p> </li> <li> <p>Check <strong>Exclude selected files and folders</strong> and then click the lock icon so that it appears as locked.</p> </li> <li> <p>Click <strong>Exclusions</strong>.</p> </li> <li> <p>If you use Symantec AntiVirus 8.x, check <strong>Check for exclusions before scanning</strong> and then click the lock icon so that it appears as locked.</p> </li> <li> <p>Click <strong>Extensions</strong>, and follow the on-screen instructions.</p> </li> <li> <p>Add the extensions without punctuation.<br>(Repeat the previous steps for as many extension exclusions as necessary, and then click <strong>OK</strong>)</p> <ul><li> <p>C:\PCBP\WBPS.exe</p> </li> <li> <p>C:\PCBP\WBPR.exe</p> </li> <li> <p>C:\PCBP\bpnetd.exe</p> </li> <li> <p>C:\PCBP\agentconfig.exe</p> </li> <li> <p>C:\windows\<a href="https://kaseya.vanillacommunities.com/kb/articles/aliases/unitrends/hc/en-us/articles/360013169257" rel="noopener nofollow">winexesvc.exe</a></p> </li> </ul></li> <li> <p>Click <strong>Folders</strong>, and follow the on-screen instructions.</p> <ol><li> <p>C:\PCBP\</p> </li> <li> <p>C:\unicbt\</p> </li> <li> <p>C:\Unitrendsvcbt\</p> </li> </ol></li> <li> <p>In addition to setting exclusions Symantec will also start scans on file being backed up and this behavior can be severly limiting to performance on backups.</p> </li> <li> <p>Open Symantec System Center.</p> </li> <li> <p>Right-click your primary anti-virus server, select All Tasks, select Symantec Anti-Virus, select Client Auto Protect options.</p> </li> <li> <p>Click Advanced and in the Scan Files When section, uncheck Opened For Backups.</p> </li> <li> <p>Right-click your primary anti-virus server, select All Tasks, select Symantec Anti-Virus, select Server Auto Protect options.</p> </li> <li> <p>Click Advanced and in the Scan Files When section, uncheck Opened For Backups.</p> </li> </ol><ul><li> <p>Above pulled via <a href="https://kaseya.vanillacommunities.com/kb/articles/aliases/unitrends/hc/en-us/articles/360013246778" rel="noopener nofollow">KB 2857</a></p> </li> </ul><p><br>For more information, please visit <a href="/home/leaving?allowTrusted=1&target=https%3A%2F%2Fsupport.symantec.com%2Fen_US%2Farticle.tech99955.html" rel="noopener nofollow">https://support.symantec.com/en_US/article.tech99955.html</a></p> <p><br><br><strong>Trend Micro</strong></p> <ol><li> <p>Log on to the OfficeScan web console.</p> </li> <li> <p>For OfficeScan 10.6/10.5/10.0:</p> </li> </ol><p> Go to Networked Computers > Client Management Tab</p> <p> For OfficeScan 11.0:</p> <p> Go to Agents > Agent Management tab.</p> <ol start="3"><li> <p>Select target domain or officescan client to configure the exclusion lists.</p> </li> <li> <p>Click the Settings drop-down menu and select Realtime Scan Settings.</p> </li> <li> <p>Add the following Scan Exclusions to exclude Unitrends backup:</p> </li> </ol><p>File Exclusions:</p> <ul><li> <p>WBPS.exe</p> </li> <li> <p>WBPR.exe</p> </li> <li> <p>bpnetd.exe</p> </li> <li> <p>C:\PCBP\WBPS.exe*</p> </li> <li> <p>C:\PCBP\WBPR.exe*</p> </li> <li> <p>C:\PCBP\bpnetd.exe*</p> </li> <li>C:\PCBP\agentconfig.exe</li> <li>C:\windows\<a href="https://kaseya.vanillacommunities.com/kb/articles/aliases/unitrends/hc/en-us/articles/360013169257" rel="noopener nofollow">winexesvc.exe</a> </li> </ul><p> Folder Exclusions:</p> <ul><li> <p>C:\PCBP</p> </li> <li> <p>C:\unicbt\</p> </li> <li> <p>C:\Unitrendsvcbt\</p> </li> </ul><ol start="6"><li> <p>Click Apply to deploy the new settings to OfficeScan clients.</p> </li> </ol><p> For more information, please visit <a href="/home/leaving?allowTrusted=1&target=http%3A%2F%2Fesupport.trendmicro.com%2Fsolution%2Fen-US%2F1060488.aspx" rel="noopener nofollow">http://esupport.trendmicro.com/solution/en-US/1060488.aspx</a> .</p> </div> </div> <h2 data-id="n-a-2"> </h2> <h2 data-id="n-a-3"> </h2> <h2 data-id="cause"><strong>CAUSE</strong></h2> <p>On-access/Real-time scanning functionality of various anti-virus applications can be quite debilitating to system and backup performance while Unitrends is performing a backup. In certain cases, backup operations may timeout causing various errors reported by the client and the appliance if on-access/real-time scanning is too disruptive to the backup process. Please use the following steps for the AV vendor being used to prevent files Unitrends processes are attempting to read/write from being scanned during backup operations.<br><br><br> </p> </article> </main>