Thats great to hear that it can work without any issues as sooner or later
ask will come back again
We could not find the right combination which is not cpu hungry despite
multiple calls with microsoft. I wish they have the real working
combination published so we can try again.
My only question to your argument will be why oracle doesnt bundle it by
default in 2022 for their exacs and exacc solutuons. Security is sold as
major feature and malware protection is something they don't have on linux
is a question mark for me
On Sat, 5 Mar 2022 at 00:26 Niklas Iveslatt <niklas.iveslattx@xxxxxxxxxxx>
wrote:
I usually don't speak up much but I am very passionate about security and--
the protection of people's data in general. I have to say that some kind of
antimalware should be installed on all servers, especially on database
servers. It is 2022 for goodness sake and we have security breaches galore.
All the leading anti-malware vendors have tons of configuration options -
both for real-time and scheduled scan configurations.
In the last many years I have not seen a case where running antimalware,
properly configured, caused issues. This includes deployments we have done
on ExaCS, DBCS, and other very Oracle-centric solutions.
The requirement needs to be to have anti-malware installed on all servers
and then configure it to work with the workload. We as IT people have the
responsibility to enforce this in my view.
In the case of ms defender, it is a highly intelligent engine that is just
getting better and better over time and I see no reason why this should not
work - we just finished up an OCI project where this was deployed
successfully in a Peoplesoft environment running Oracle databases.
Niklas Iveslatt
Senior Partner
Arisant LLC ~ http://www.arisant.com
44 Inverness Dr. E Bldg. C Suite 2 ~ Englewood, CO 80112
<https://www.google.com/maps/search/44+Inverness+Dr.+E+Bldg.+C+Suite+2+~+Englewood,+CO+80112?entry=gmail&source=g>
mobile: 303.882.4461 ~ main: 303.330.4065 ~ fax: 888.889.0155
Need to send me something securely? *Click here*
<https://arisant.sendsafely.com/u/niklas.iveslatt>
On Fri, Mar 4, 2022 at 12:37 PM tefetufe <coskan@xxxxxxxxx> wrote:
Despite being on Exacc and ASM and exclude all binary folders for grid--
and db ms defender managed to give us trouble and I finally convinced the
requester team not to have defender on db systems
Issues
high cpu usage for the process (last thing you want is virus scan bursn
expensive cpu cycles)
I had a cluster crash where defender was looking so suspicious when issue
was happpening, maybe I just saw the excuse that I needed :)
Since defender is gone did not see any single stability problem
Also on vmware it gave us big hassle when we wipe huge db sitting on xfs
to refresh it. It was blocking the files to be deleted and all of our
refret automations failed due to being defended by defender.
My suggestion is avoid at all cost if you can
On Fri, 4 Mar 2022 at 19:29 Tim Gorman <tim.evdbt@xxxxxxxxx> wrote:
Rich,--
As documented HERE
<https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/microsoft-defender-endpoint-linux?view=o365-worldwide#common-applications-to-microsoft-defender-for-endpoint-can-impact>
...
*Common Applications to Microsoft Defender for Endpoint can impact*
*High I/O workloads from certain applications can experience performance
issues when Microsoft Defender for Endpoint is installed. These include
applications for developer scenarios like Jenkins and Jira, and database
workloads like OracleDB and Postgres. If experiencing performance
degradation, consider setting exclusions for trusted applications, keeping
**Common
Exclusion Mistakes for Microsoft Defender Antivirus
<https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/common-exclusion-mistakes-microsoft-defender-antivirus>**
in mind. For additional guidance, consider consulting documentation
regarding antivirus exclusions from third party applications.*
Personally, I think any sort of "protective" software running on a
database server is another good reason to use Oracle ASM, as A/V software
generally "protects" only filesystem-based files, and do not recognize (or
bother with) block-special or character-special devices. Just my opinion,
when you can't prevent A/V software from being used in the first place.
Hope this helps...
Thanks!
-Tim
On 3/4/2022 6:50 AM, Rich J wrote:
Hey all,
Anyone run into any issues running MS Defender on their Oracle DB
servers on Linux? This would be on OL7 for now (mostly 7.7).
One would think that the Oracle datafile directories plus the ADR tree
should be excluded. I'm just wondering if there's other common "gotchas"
that others have run into.
Thanks,
Rich
--
Coskan GUNDOGAR
Oracle DBA
Email: coskan@xxxxxxxxx
Blog: http://coskan.wordpress.com
Twitter: http://www.twitter.com/coskan
Linkedin: http://uk.linkedin.com/in/coskan
