Re: MS Defender for OL7 Oracle DB servers

From: tefetufe <coskan_at_gmail.com>
Date: Fri, 4 Mar 2022 23:37:34 +0400
Message-ID: <CAGLGTvN4RFjAA2Z7=c468rbNR_qV_S-Om0Rzno_zsWHSKTXnGw_at_mail.gmail.com>

Despite being on Exacc and ASM and exclude all binary folders for grid and db ms defender managed to give us trouble and I finally convinced the requester team not to have defender on db systems

Issues
high cpu usage for the process (last thing you want is virus scan bursn expensive cpu cycles)
I had a cluster crash where defender was looking so suspicious when issue was happpening, maybe I just saw the excuse that I needed :)

Since defender is gone did not see any single stability problem

Also on vmware it gave us big hassle when we wipe huge db sitting on xfs to refresh it. It was blocking the files to be deleted and all of our refret automations failed due to being defended by defender.

My suggestion is avoid at all cost if you can

On Fri, 4 Mar 2022 at 19:29 Tim Gorman <tim.evdbt_at_gmail.com> wrote:

> Rich,
>
> As documented HERE
> <https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux?view=o365-worldwide#common-applications-to-microsoft-defender-for-endpoint-can-impact>
> ...
>
> *Common Applications to Microsoft Defender for Endpoint can impact*
>
> *High I/O workloads from certain applications can experience performance
> issues when Microsoft Defender for Endpoint is installed. These include
> applications for developer scenarios like Jenkins and Jira, and database
> workloads like OracleDB and Postgres. If experiencing performance
> degradation, consider setting exclusions for trusted applications, keeping **Common
> Exclusion Mistakes for Microsoft Defender Antivirus
> <https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/common-exclusion-mistakes-microsoft-defender-antivirus>**
> in mind. For additional guidance, consider consulting documentation
> regarding antivirus exclusions from third party applications.*
>
>
> Personally, I think any sort of "protective" software running on a
> database server is another good reason to use Oracle ASM, as A/V software
> generally "protects" only filesystem-based files, and do not recognize (or
> bother with) block-special or character-special devices. Just my opinion,
> when you can't prevent A/V software from being used in the first place.
>
> Hope this helps...
>
> Thanks!
>
>
> -Tim
>
>
>
> On 3/4/2022 6:50 AM, Rich J wrote:
>
> Hey all,
>
> Anyone run into any issues running MS Defender on their Oracle DB servers
> on Linux? This would be on OL7 for now (mostly 7.7).
>
> One would think that the Oracle datafile directories plus the ADR tree
> should be excluded. I'm just wondering if there's other common "gotchas"
> that others have run into.
>
> Thanks,
> Rich
>
>
> --

-- 
Coskan GUNDOGAR

Oracle DBA

Email: coskan_at_gmail.com
Blog: http://coskan.wordpress.com
Twitter: http://www.twitter.com/coskan
Linkedin: http://uk.linkedin.com/in/coskan

--
http://www.freelists.org/webpage/oracle-l

Received on Fri Mar 04 2022 - 20:37:34 CET

This message: [ Message body ]
Next message: Niklas Iveslatt: "Re: MS Defender for OL7 Oracle DB servers"
In reply to Tim Gorman: "Re: MS Defender for OL7 Oracle DB servers"
Next in thread: Niklas Iveslatt: "Re: MS Defender for OL7 Oracle DB servers"
Reply: Niklas Iveslatt: "Re: MS Defender for OL7 Oracle DB servers"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message