i already read a lot of community- and knowledgebase-articles here but I have still questions. I know about the recommended exclusions when using Backup Exec (2010) as a media server or as a remote agent, but I have a sympton, I would like to discuss here...
Up to now I have no exclusions for processes of Symantec Backup Exec, e.g. the beremote.exe but I have complete exclusions (including subdirectories) on Exchange 2010 database directories. Let's say I have a seperate partition with a root-directory DATABASE containing Exchange databases and a seperate partition with a root-directory LOGFILES containing the Exchange logfiles since the last full backup. Both root-directories (DATABASE and LOGFILES) are excluded for read and write (including further sub-directories) from VirusScan.
I then checked those exclusions by copying several files inside of these 2 directories. In the 'On-Access Scan Statistics' window, those directories were not mentioned. When I decided to copy several files from one of these directories to e.g. C:\TEMP, then only the C:\TEMP directory was mentioned several times in the 'On-Access Scan Statistics' window, because C:\TEMP is not excluded. So far so good!
Now, the question is...
Why are some Exchange logfiles (from within a LOGFILES sub-directory, which is completely excluded in VirusScan) scanned and mentioned in the OnAccessScanLog.txt as infected files during remote backup with beremote.exe (Process from Symantec Backup Exec 2010) ???
Is it because beremote.exe takes the data from the ShadowCopy, because we use AOFO and VSS and all exclusions inside VirusScan are no longer valid for VSS ??? To me, that's the only plausible answer to this behaviour.
Furthermore, using VirusScan 8.7.0 Patch 4 with the same upper mentioned exclusions and under Exchange 2003 reports no infected logfiles during backup with beremote.exe from Symantec Backup Exec 12.5 !!! Has anything changed with how beremote.exe behaves under Backup Exec 2010 or has anything changed with logfiles under Exchange 2010 ?
Now, I am really curious, what lets beremote.exe from Backup Exec 2010 decide to scan my Exchange 2010 logfiles, allthough those are completely excluded.
Best regards and many thanks in advance for your efforts to enlighten me,