Re: wdavdaemon / Microsoft Defender for Endpoint on Linux and slow Postgres recovery?

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Ron Johnson <[email protected]>
To: PostgreSQL General <[email protected]>
Subject: Re: wdavdaemon / Microsoft Defender for Endpoint on Linux and slow Postgres recovery?
Date: Tue, 2 Dec 2025 17:07:41 -0500
Message-ID: <CANzqJaB-emsdnCrhZrs1H5ax1A+89nfwEm7HF22CyHTsQeSwKg@mail.gmail.com> (raw)
In-Reply-To: <[email protected]>
References: <CAMon-aQz20Mv12T1RNL1T0eaWg-=nqu0WZuwVsh587rKbdf8aA@mail.gmail.com>
	<[email protected]>

On Tue, Dec 2, 2025 at 3:35 PM Christoph Moench-Tegeder <[email protected]>
wrote:

> ## Colin 't Hart ([email protected]):
>
> > I wonder if anyone here has any experience with configuring exclusions so
> > that the WAL files can be processed faster?
>
> https://learn.microsoft.com/en-us/defender-endpoint/linux-exclusions
> mind this:
>
> https://learn.microsoft.com/en-us/defender-endpoint/linux-exclusions#supported-exclusion-scopes
> and work from these examples (if you're allowed to):
>
> https://learn.microsoft.com/en-us/defender-endpoint/linux-exclusions#example-3-add-or-remove-a-folde...
>
> > Any advice on what to communicate with their IT department about using
> this
> > on their database servers? I've never encountered it on Linux before...
>
> "Be glad it only slows your database down. All too often, AV/Endpoint
> Protection Products just don't like the access pattern and eat your
> database for breakfast." There is this joke "it has been 0 days since
> Anti-Virus ate a database".
>

Things must have improved, since we had Carbon Black for a number of years,
and now use Coretex XDR.

CB would quite often consume 300% CPU, while XDR "only" uses 100% on
occasion, but have never corrupted or crashed a PG instance.  (This is
standard installations, with no exclusions.)

-- 
Death to <Redacted>, and butter sauce.
Don't boil me, I'm still alive.
<Redacted> lobster!

view thread (3+ messages)

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected]
  Subject: Re: wdavdaemon / Microsoft Defender for Endpoint on Linux and slow Postgres recovery?
  In-Reply-To: <CANzqJaB-emsdnCrhZrs1H5ax1A+89nfwEm7HF22CyHTsQeSwKg@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox