It's not the first time that I heard of my customers complaining about their anti-virus: after a certain activity (such as a regular scanning for system files), their application pools get restarted automatically.
When this issue happens, some customers are seeing the following event in System Event Log:
Log Name: System Source: Microsoft-Windows-WAS Date: XXXX Event ID: 5080 Task Category: None Level: Information Keywords: Classic User: N/A Computer: XXXX
The worker processes serving application pool '[Application pool name]' are being recycled due to 1 or more configuration changes in the application pool properties which necessitate a restart of the processes.
But the anti-virus didn't make any modification to the configuration file. How could this happen?
In fact, there may be several reasons. For example, when anti-virus scans the concerned file, it changed the "Last modification time"; It can also occur when WAS tries to detect if the configuration file has been changed, while anti-virus is scanning the file at the same time hence WAS detects the handle on the file and considers it being modified.
One effective way to avoid this scenario is by excluding the related configuration files of IIS from the anti-virus scanning scope.
Here is an exclusion list that you may consider configuring your anti-virus.
Attention: this is not an official list provided by Microsoft, it is simply a recommended list summarized according to our support experience. You should find your own compromise between security and performance. If you need any further information, please contact your anti-virus vendor.
Hope this is useful for you.
originally written by: Jin Wang
reviewed by: Muna AlHassan
Articles you may be interested in:
Microsoft Anti-Virus Exclusion List
IIS Application Pool Recycling Events
Common reasons why your application pool may unexpectedly recycle
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.