AV exclusion Sophos & postgresql

[karsten123]

Hi,

we use Sophos AV and i think, the exclusion of the related path according kb1999 is not enough. Do you have experience, if it is necessary to additionally exclude the processes? And what are the vital processes of VBR?

The postgresql documentation says, that you must exclude data folder and the postgresql.exe process. So „c:\program files\postgresql\15\data“, right? And the process is „postgresql.exe“ on Windows?

Thanks in advance
Karsten

[david.domask]

Hi Karsten,

KB1999 is focused specifically on Veeam items and what paths to set for exclusions; from my experience, setting specific processes is not a requirement but this will vary from AV to AV, so it's difficult to tell -- are you seeing issues where you suspect Sophos is interrupting Veeam operations even with KB1999 implemented in full?

I've not seen that AV specifically interferes with PostgreSQL, but the postgres wiki has the suggestions I think you're referring to, and I would just follow their advice. But as noted, I just personally haven't seen many cases where AV + Postgres was the root cause, but it of course is reasonable to follow the postgres wiki advice.

[amarsaudon]

Hi,

we use Sophos AV and i think, the exclusion of the related path according kb1999 is not enough. Do you have experience, if it is necessary to additionally exclude the processes? And what are the vital processes of VBR?

The postgresql documentation says, that you must exclude data folder and the postgresql.exe process. So „c:\program files\postgresql\15\data“, right? And the process is „postgresql.exe“ on Windows?

Thanks in advance
Karsten

Did you ever figure this out? I am having the same experience. Implemented kb1999 in full, and added the exceptions described in the Postgres Wiki.
After an hour or so of runtime, performance will tank to an unusable state. Uninstalling Sophos immediately resolves the issue. Of course Sophos logging is more or less non-existent, so I don't have much to go on outside Google.

[karsten123]

the customer raised a support ticket with Sophos with no outcome. Sophos said, that there are no known issues with Veeam.
in the end we did increase CPU and memory resources. done

[dasfliege]

We're encountering the same issue now on our VBM365 servers. Sophos claims huge amount of memory and CPU ressources and the server becomes pretty unresponsive.
We've forgot to add exclusions for postgres after updating, so the behavior is explainable in our case. I have just created these exclusions some minutes ago and will check how it behaves now. If it's still an issue, we will track it down with sophos to the end. I don't think that just extending ressources is a good idea. Also our server is not exhausted in ressources yet, but still responds pretty laggy and i also think that backup performance is affected by this problem if postgres is scanned extensively.

@amarsaudon
Sophos does provide pretty extensive logging where you see exactly what is scanned at which time. You just have to enable it. You can refer to the following thread to get this done: https://community.sophos.com/intercept- ... paged-pool