Documentation > Splunk > Release Notes > Running Splunk alongside Windows anti-virus products

Release Notes

 


What's new
Known issues for this release
Changelogs (what's been fixed) by version
Deprecated features
Credits

Running Splunk alongside Windows anti-virus products

Running Splunk alongside Windows anti-virus products

When running Splunk on a Windows computer that has an anti-virus product such as McAfee's VirusScan installed, Splunk strongly recommends that you exclude all Splunk processes (such as splunkd.exe, splunkweb.exe, splunk-wmi.exe and so on), as well as the entire %SPLUNK_HOME% directory from any kind of on-access scanning.

Splunk requires lots of disk I/O bandwidth to perform indexing tasks. In particular, disk write operations are very intensive, and this can clash with any product that installs a driver that intermediates between Splunk and the operating system. This includes anti-virus on-access scanner drivers. Failure to exclude the Splunk processes and installation directory from these scans can lead to poor performance, including but not limited to unresponsive servers.

Retrieved from "http://docs.splunk.com/Documentation/Splunk/4.3.2/ReleaseNotes/RunningSplunkalongsideWindowsantivirusproducts"

This documentation applies to the following versions of Splunk: 4.2 , 4.2.1 , 4.2.2 , 4.2.3 , 4.2.4 , 4.2.5 , 4.3 , 4.3.1 , 4.3.2 View the Article History for its revisions.


You must be logged into splunk.com in order to post comments. Log in now.

Was this documentation topic helpful?

If you'd like to hear back from us, please provide your email address:

We'd love to hear what you think about this topic or the documentation as a whole. Feedback you enter here will be delivered to the documentation team.

Feedback submitted, thanks!