Symantec/Norton Real-Time Antivirus Considered Harmful on Exchange Servers

[josh () securityfocus com, jrandrews.net () securityfocus com (at)]

I've had to deal Symantec/Norton antivirus before on Exchange servers. This is a nightmare waiting to happen and 
certainly more then a simple performance issue.

I have been through a case where our Exchange Server totally bombed and did not respond to requests for 8 hours because 
of the Symantec Corporate Agent running on the Exchange Server. I did not originally know what the problem was and 
finally had to call Microsoft. We managed to figure out and turn off the Symantec AV Agent. Also, the issue did not 
manifest itself for a month or more and we never found out why it chose to happen then...

MS recommends against running any filesystem AV on an Exchange Server and it can even corrupt your Information Store. 
We had lingering permissions issues afterwards that it took a while to clean up. And yes, the appropriate Exchange 
directories were in the exclusion list. It didn't matter.

I know that the alternative of not running local filesystem AV is not particularly attractive, but it's better then 
crashing your Exchange server.

Regards,

Josh