The Technet topic on Running Antivirus Software on the DPM Server recommends that you exclude two processes:
- csc.exe
- dpmra.exe
In McAfee you accomplish this by adding the processes to the low risk list. I discovered today that at least with McAfee, this isn't really enough. You also need to add eseutil.exe to the exclusion list. For good measure I would also specifically exclude scanning of:
- *.edb
- *.chk
- *.log
I haven't discovered a way to exclude all of the paths DPM uses in McAfee given that they aren't accessible (e.g. no drive letter) in a fashion that you can provide to McAfee, so, excluding the file types is as close as I have figured out how to get.
I had been having an on and off again issue where DPM would stop protecting storage groups and it would report the replica was inconsistent with unknown error 0xFFFFF8ED. A quick look up of this error will yield JET_errFileNotFound. I took a look at the McAfee log file and discovered it had been deleting random replicated transaction logs because they matched one signature or another:
11/12/2009 8:45:44 AM Deleted (Clean failed because the detection isn't cleanable) NT AUTHORITY\SYSTEM C:\Program Files\Microsoft DPM\DPM\bin\eseutil.exe \Device\HarddiskVolume63\ba2eea65-e710-412d-81f2-1b6ac2c33ab3\Logs\SG08\E0600021063.log Malformed Archive (Trojan)
11/12/2009 9:30:45 AM Deleted (Clean failed because the detection isn't cleanable) NT AUTHORITY\SYSTEM C:\Program Files\Microsoft DPM\DPM\bin\eseutil.exe \Device\HarddiskVolume63\ba2eea65-e710-412d-81f2-1b6ac2c33ab3\Logs\SG08\E0600021063.log Malformed Archive (Trojan)
11/12/2009 10:15:45 AM Deleted (Clean failed because the detection isn't cleanable) NT AUTHORITY\SYSTEM C:\Program Files\Microsoft DPM\DPM\bin\eseutil.exe \Device\HarddiskVolume63\ba2eea65-e710-412d-81f2-1b6ac2c33ab3\Logs\SG08\E0600021063.log Malformed Archive (Trojan)
11/12/2009 11:00:45 AM Deleted (Clean failed because the detection isn't cleanable) NT AUTHORITY\SYSTEM C:\Program Files\Microsoft DPM\DPM\bin\eseutil.exe \Device\HarddiskVolume63\ba2eea65-e710-412d-81f2-1b6ac2c33ab3\Logs\SG08\E0600021063.log Malformed Archive (Trojan)