How should I configure and use anti-virus software on the Webtrends server?


Webtrends Analytics 9.x
Webtrends Analytics 8.x


How should I configure and use anti-virus software on the Webtrends server?


In order to minimize any types of problems that might occur with Webtrends, we recommend that all anti-virus scanners have exclusions set for the Webtrends installation directory and all of its subfolders. If Webtrends has been configured to store data in a remote location, then these directories would also need to be excluded. There are many different types of files that are actively being written to throughout the entire installation, and therefore the exclusion of the entire Webtrends directory is recommended.

The reason anti-virus applications need to be excluded is because of file locking that occurs when the scans happen and the possibility of resource conflicts. If the scan locks the files while Webtrends is analyzing it will affect our ability to write to the files. Even if only a few files are locked while running an analysis, it’s possible that those files could cause the analysis to fail and cause corruption in other files while waiting for results. The presence of anti-virus software alone doesn’t guarantee an immediate crash, but when the timing is right, Webtrends’ analysis and the anti-virus software can compete for the same resources and the results can range from an analysis crash to severe corruption.

It is possible to run a scan on the Webtrends directory, but only if there are no profiles analyzing. If the scan runs on the Webtrends directory, there is no guarantee that if the scan modifies any of the files that it doesn’t modify them in a fashion that makes Webtrends unable to use them. The chances of this happening are, however, quite small and investigation into the scan logs would indicate what files had been modified and whether or not restoring from a backup is necessary.

Excluding the anti-virus is not only going to ensure that Webtrends will be able to read/write to its files, but it could also help with the speed of the analysis because the real-time monitoring is disabled. If real-time monitoring is enabled, it scans all of the files that are in use and this could be very time consuming if Webtrends is accessing the logs from a remote machine as the logs are scanned as they are moved over.