Summary
Your backup process takes longer to finish when real-time scan is enabled in OfficeScan. There are instances when real-time scan detects an infected file in the Volume Shadow copy but cannot enforce the scan action because Volume Shadow copies have read-only access.
Details
As a workaround, exclude the volume shadow copy from real-time scanning.
- Log in to the OfficeScan management console.
- For OfficeScan 10.6 and lower:
Click Networked Computers > Client Management, then select the server or workgroup where backup is located.
For OfficeScan 11.0/XG:
Click Agents > Agent Management, and then select the server or workgroup where backup is located. - For OfficeScan 10.6 and lower:
Click Settings > Scan Settings > Real-time Scan Settings.
For OfficeScan 11.0/XG:
Right-click the server or workgroup and then click Settings > Scan Settings > Real-time Scan Settings. - On the Target tab under Scan Exclusion List (Directories), type "\Device\HardDiskVolumeShadowCopy*" then click Add.
- Click Apply to All Clients to save the changes.
For more information about shadow copies and the Volume Shadow Copy Service, refer to this Microsoft article: What Is Volume Shadow Copy Service?
It is advised to apply the latest Microsoft patches for the Volume Shadow Copies service: A Volume Shadow Copy Service (VSS) update package is available for Windows Server 2003
