Defender on file servers is making SMB file copy going modem speed

Contributor

Hey all,

 

Defender on our file servers (2016/2019) are doing something when client try to copy files from its file shares. Normal speed is 100-200 MBPS, but when the issue occurs it almost stops, down to 10 kbps.

 

The issue is very intermittent, but if I add an exclusion to the file share folder the problem goes away and copy speed is normal again. 

 

One could think that the client (Windows 10 1909) that initiate the copy would need exclusion, but it's actually the file server.

 

The problem with exclusion

Adding a folder exclusion on a file server is bad, even if it solves our problem. Not only real-time protection is disabled, but also scheduled and on-demand scans. Not good having non-scanned files on a file servers, opens up a way for malware distribution... If I exclude a process the scheduled and on-demand scans are still working which is at least better than total exclusion. 

 

 

Any suggestions on how to attack this problem? 

 

Thanks

 

 

2 Replies

@Björn Lagerwalldid you try to play around with ScanAvgCPULoadFactor - sanning options listed here.

Maybe that reduces some of the load during scanning and get's the I/O back.

@BillTheKid Thanks, but any disk I/O issue has not been observed on either file server or client. Just that network copy speed drops randomly if shared folders on file server are not excluded.

 

Edit: Also, it's not during scans but Real-Time Protection that is the cause. (also the max cpu setting for scans are already set to 20%)