RE: PostgreSQL 10.20 crashes / Antivirus

From: "Thomas, Richard" <Richard(dot)Thomas(at)atkinsglobal(dot)com>
To: Adrian Klaver <adrian(dot)klaver(at)aklaver(dot)com>, "pgsql-general(at)lists(dot)postgresql(dot)org" <pgsql-general(at)lists(dot)postgresql(dot)org>
Subject: RE: PostgreSQL 10.20 crashes / Antivirus
Date: 2022-04-20 17:23:57
Message-ID: LO2P123MB50949AB4C785A1C58C19E70BF1F59@LO2P123MB5094.GBRP123.PROD.OUTLOOK.COM
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Adrian Klaver wrote:
> On 4/20/22 01:06, Thomas, Richard wrote:
> > The command used in a PowerShell script (run with Windows task scheduler)
> to dump each database should evaluate to:
> >
> > "C:\Program Files\PostgreSQL\10\bin\pg_dump.exe" -b -v -F c -d $dbName
> > -h localhost -p 6488 -U backup_su -f $backupFile 2`>`&1 | Out-File
> > $pgdumpLogFile
>
> Do you have large objects(blobs) in the database?

No, but do have PostGIS geometries in almost all tables.

> > - pg_dump.exe executable is not excluded from McAfee on-access
> > scanning (although as recommended postgres.exe is)
>
> Why not?
>
> I would think the whole C:\Program Files\PostgreSQL\10\bin\ would be
> excluded.

I was following the instructions here:
https://wiki.postgresql.org/wiki/Running_%26_Installing_PostgreSQL_On_Native_Windows#Antivirus_software
I am not particularly familiar with how our McAfee is configured or operates (all under control of our IT, including it seems access to many of the logs). With the executable postgres.exe, they have specified that in McAfee as an executable not to include in "on-access scanning" (wherever the executable lives). This differs from the file read/write scanning where the folders to exclude are specified. I have put in a request earlier today to add exclusions for pg_dump.exe; maybe I'll hear back from IT in a day or so ;-(

> What does the Windows event log show?

Only events:
- Info: "The Windows Error Reporting Service service entered the running state" (goes into a stopped state 2 minutes later)
- (Error event messages generated by my PowerShell script)

Not sure if WER is actually writing data somewhere (none of the "*\AppData\Local\Microsoft\Windows\WER\ReportArchive" folders on the server have any data from the last 2 years)

> Same for the A/V software log.

I can't find much separate McAfee log information beyond the last hour in "Endpoint Security" app. Previously (before I got the PostgreSQL backup PowerShell script removed from scanning, McAfee used to put messages in the Windows Event Viewer reporting an error that it was a violating one of its rules, but it would allow the operation to continue (no longer get that).

Richard
At Atkins - member of the SNC-Lavalin Group, we work flexible hours around the world. Although I have sent this email at a time convenient for me, I don't expect you to respond until it works for you.
NOTICE – This email message and any attachments may contain information or material that is confidential, privileged, and/or subject to copyright or other rights. Any unauthorized viewing, disclosure, retransmission, dissemination, or other use of or reliance on this message or anything contained therein is strictly prohibited and may be unlawful. If you believe you may have received this message in error, kindly inform the sender by return email and delete this message from your system. Thank you.

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Bryn Llewellyn 2022-04-20 17:45:22 Re: Unexpected result from ALTER FUNCTION— looks like a bug
Previous Message Adrian Klaver 2022-04-20 16:05:57 Re: Can anyone confirm the flaw of postgres and how to deal with it?