From time to time in my support job I come across customers having problems, sometimes strange ones, that turns out in the end to be due to anti-malware software of some kind or another. By its nature anti-malware software has to be quite invasive if it is going to do things like checking resident files when they are accessed, scanning files that come into or leave a server, monitoring network connections or monitoring in process activity on memory allocators and the like. Like any software, from whatever vendor, anti-malware software sometimes has issues that get fixed as time goes on. It is therefore very important, in my opinion, to keep not only your anti-malware definitions up to date but your anti-malware software itself up to date. And if you are ever having trouble with system misbehaviour in an area where such software could be involved stop to consider whether it could be part of the problem. You can also perform diagnostic steps to consider whether it might be a cause of whatever issue you are having:
- Can it be safely disabled or removed as a temporary measure to determine if the problem goes away? (only you can make this determination for your environment)
- Are all aspects of the anti-malware software as up to date as they could be?
- Do you actually know what your anti-malware software does and how it does it?
- Could you temporarily try a different anti-malware software to see if the problem goes?
- Is the software configured in accordance with the vendors guidelines and also Microsoft guidelines (e.g. are the correct folder exclusions in place for the products you are running)?
- Is the anti-malware software you are using designed for the type of server you have, the role it is performing and the types of server products you are running?
Microsoft has a number of articles offering guidance on how to configure and use anti-malware on servers:
Antivirus Defense-in-Depth Guide (a bit old but still interesting)
Hope that helps