Recommended Antivirus Exclusions for
IIS, classic ASP and ASP.net (all versions)
Proactive steps:
Disable real-time antivirus and see
if the problem goes away.
If the problem goes away, ensure that
the following directories/sub-directories are excluded from real-time antivirus
scans:
o C:\WINDOWS\system32\inetsrv (this will protect the “guts” of iis)
o C:\WINDOWS\assembly\GAC_32
o C:\WINDOWS\assembly\GAC_64 (if
applicable)
o C:\WINDOWS\Microsoft.NET\Framework\ (this should cover 1.0, 1.1, and 2.0
versions)
o C:\WINDOWS\Microsoft.NET\Framework64 (if applicable)
o Any
directory containing web.config files, global.asa or global.asax, .net assemblies, and/or other web
content which your web apps use
Overview:
Sometimes
real-time antivirus scanners can—just by doing their job—cause contention on
certain files with other processes. This
can result in an “access denied” type problem.
Also, antivirus can cause the “Change Notification for BIN” which
results in an appdomain recycle when antivirus is
scanning asp.net’s bin directory
Related
links:
ASP.net:
871042
Why is my ASP.NET application restarting?
http://support.microsoft.com/default.aspx?scid=kb;EN-US;871042
|
• |
324772
Session data is lost when you use ASP.NET InProc
session state mode |
|
• |
316148
Session variables are lost intermittently in ASP.NET applications |
Both articles in the result set
describe the possible issue with the ASP.NET application restarting.
This issue then causes the session state data to be lost when it is stored
in-process. Article 316148 describes one of the most common causes of an application restarting frequently
in this scenario: antivirus software scanning the files of your ASP.NET
application. More specifically, the application restarts may occur in some situations because
antivirus software is scanning the Web.config file in the root of the
application, the Machine.config file, the Bin folder, or the Global.asax file.
Classic ASP:
248013 Err Msg: HTTP Error 500-12
Application Restarting
http://support.microsoft.com/default.aspx?scid=kb;EN-US;248013
HTTP
Error 500-12 Application Restarting. The
message is harmless and usually disappears when you refresh the page in your
browser.
This error message may
also be caused by anti-virus or backup software. When these software
packages scan an IIS Web application, IIS may behave as if the Global.asa file
has been modified and may therefore restart the Web application. Turning off backup software and
virus scanning on the Global.asa file may help resolve this issue. If a
client GET request is made during this time, the web server will return a
500-12 error.
323019 You receive an "HTTP Error 500-12" error
message or an "ASP 0100 (0x80004004)" error message when you try to
connect to a Microsoft Project Web Access Web site
http://support.microsoft.com/default.aspx?scid=kb;EN-US;323019
Method 2: Prevent the Global.asa File from Being Scanned
Configure your antivirus program to turn off scanning for the Global.asa file
for Microsoft Project Server. In a default installation of Microsoft Project
Server, the Global.asa file resides in the following location, where drive is the drive on which Microsoft Windows is installed:
drive :\Program
Files\Microsoft Project Server\IIS Virtual Root\Global.asa
For more
information about how to prevent a file from being scanned by your antivirus
program, consult the program documentation or contact the software
manufacturer.
Possible surgical trouble-shooting
steps:
A
kernel32!exit dump (Crash rule in debugdiag) should show the exact file in the
equation where the file change notification is emanating from.
Check
modified date on the file to know if the file has really been modified by a
human or automated process (xcopy script?) or if it
is just being locked in some way by antivirus, antivirus, antivirus, or
anti-virus.
Disable
antivirus and/or set realtime exclusions per above…
or set exclusions on the one folder the locked file is in
If
that’s not enough… maybe set file auditing on the folder in
focus??? (easier than filemon since unpredictable)
Network Associates / McAfee
Go to the VirusScan Console.
Right-Clink on "On-Access Scan" and choose "Properties"
Choose "All Processees"
Choose "Detection"
Choose "Exclusions"
Clicki on "Add"
Browse to the folder you want excluded.
Check the box "also exclude subfolders"
SYMANTEC / NORTON ANTIVIRUS
http://service1.symantec.com/SUPPORT/nav.nsf/pfdocs/199829164436
Add an exclusion to Auto-Protect and
the manual virus scan
1 Start Norton AntiVirus.
If Norton AntiVirus
is installed as part of Norton SystemWorks or Norton
Internet Security, then start that program.
2 Click Options. If you see a menu,
click Norton AntiVirus.
3 On the left screen, click
Auto-Protect > Exclusions.
4 On the right screen, click New.
5 Type the path to the file, folder,
or drive that you want to exclude, or click the browse button and browse to and
select the file, folder, or drive.
To exclude a folder, you must type
the path and folder name in the Item box.
6 If you are running Windows 98/Me,
then select the type of activity that you want to exclude by checking the
appropriate box in the Exclude from section.
7 If you are running Windows 2000/XP,
then you can exclude the file, folder, or drive from virus detection. You can
also choose to only exclude the file, folder or drive from compressed file
scanning.
8 On the left Options screen, click
Manual Scan > Exclusions.
9 Repeat steps 4 through 7.
10 Click OK, and then close the
Options for Norton AntiVirus window.
More info:
DebugDiag analysis showed these
results once:
|
Detected possible
blocking or leaked critical section at ASP!g_DirMonitor+48 owned by
thread 11 in
inetinfo.exe__PID__3108__Date__02_26_2007__Time_10_53_57AM__793__Manual
Dump.dmp |
An ASP application is
currently in the middle of an application restart, which will result in all
requests to this application remaining blocked until the restart is complete. |
Index services can sometimes do something
similar:
|
329065 |
PRB: Access
Denied Error When You Make Code Modifications with Index Services Running |
http://support.microsoft.com/default.aspx?scid=kb;EN-US;329065
You might consider using Processmon
(www.sysinternals.com) to verify
whether Antivirus is causing file contention.