cancel
Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 12

Orion Platform and DefenderATP

Jump to solution

We have recently enabled DefenderATP on our Orion Servers, a Main Polling Engine and two APEs. The website is on the Main Polling engine too of course. When DefenderATP was installed/enabled on the server the MPE is on it slowed down the website so much it became practically unusable. 

Excluding the SolarWinds directory from being monitored is no longer an option, (thanks nation-state hackers.) Is anyone else running Defender ATP without it impacting Orion performance, and if so what are the key settings that prevents it from impacting Orion's performance?

Thanks!

Tags (2)
0 Kudos
1 Solution
Product Manager
Product Manager

Real-time anti-virus works by blocking user and application access each and every time a file is either read or written to. Only once the file has been verified 'clean' is the read or write operation allowed to execute. At least until the next time the file is accessed. Then this process repeats again.

For certain file types that are constantly read or written to, such as databases or log files, this can significantly impair the performance of the application. Orion, for example, has SQLite (.db) and SQL Server Compact (.SFD) database files which are constantly rotating data in and out. Similarly, blocking occurs in applications when log file (.log) writes are delayed as a result of real-time antivirus scaning.

View solution in original post

2 Replies
Product Manager
Product Manager

Real-time anti-virus works by blocking user and application access each and every time a file is either read or written to. Only once the file has been verified 'clean' is the read or write operation allowed to execute. At least until the next time the file is accessed. Then this process repeats again.

For certain file types that are constantly read or written to, such as databases or log files, this can significantly impair the performance of the application. Orion, for example, has SQLite (.db) and SQL Server Compact (.SFD) database files which are constantly rotating data in and out. Similarly, blocking occurs in applications when log file (.log) writes are delayed as a result of real-time antivirus scaning.

View solution in original post

Thanks @aLTeReGo 

Defender ATP has been enabled again on my Main Polling Engine. If we start to see slowness again then we will try to exclude the .db and .sfd files, and possibly the log files, to see if that helps. 

0 Kudos