I wasn't aware of the change either until very recently. I was convinced that the AV product of our favorite forum host was a memory hog despite all marketing to the contrary. I started digging and found out what was actually going on. (I can now say with confidence that their claims about Vipre being a spare user of system resources are true. Once they get the CRC4 definitions rolled into release 4, I think they'll pretty much have it nailed across the board from a performance standpoint.)
Those values for Kaspersky Enterprise are wild. From: Steve Burkett [mailto:steve.burk...@stemcor.com] Sent: Monday, September 21, 2009 8:11 AM To: NT System Admin Issues Subject: RE: OT Antivirus Thanks for the techy info Richard, wasn't aware of that change in reporting. Have got the behemoth 'Windows Internals 5' book by Russinovich sitting on my desk but have yet to read it! I had just grabbed the figures for each version from Taskmanager on the relevant platform: Kaspersky Antivirus for Windows Workstation : Windows XP Pro SP3 Kaspersky Antivirus for Windows File Servers : Windows Server 2003 Standard SP2 Kaspersky Antivirus for Windows Server Enterprise Edition : Windows Server 2008 Standard SP1 Looks like Process Explorer can split the Working Set total figure (which is what Task Manager shows for 'Mem Usage' under XP/2003) out into: WS Private (which is what 2008's Task Manager now shows for Memory by default) WS Shareable WS Shared On another of our 2008 servers I've currently got the following Kaspersky Antivirus Enterprise Edition related processes according to 2008's Task Manager: Kavfs.exe 39MB Kavfsscs.exe 2MB Kavfswp.exe 159MB Kavfswp.exe 145MB Kavtray.exe 1MB KLNagent.exe 2MB Ooh yeah! Nearly 350MB just to run your Server Antivirus client. Just to state again, this is for Kaspersky's Enterprise Edition version only, the standard Windows File Server version uses a tenth of that. It's like they've left loads of debugging code in there or something. They're up to Cumulative Fix Pack 7 on the Enterprise Edition so it's not a brand spankin' new product. From: Richard Stovall [mailto:richard.stov...@researchdata.com] Sent: 21 September 2009 12:39 To: NT System Admin Issues Subject: RE: OT Antivirus Which reporting program, which metric, and what OS do the values for memory usage represent? MS made a significant change in the default way Task Manager reports memory usage in Vista and later OSes which essentially makes comparison with values obtained from earlier versions of Task Manager useless. Old versions of Task Manager's "Mem Usage" column report the total Working Set of a process. Newer versions report the "Private Working Set" which is a much more significant metric (from everything I've read, that is). If the "Private Working Set" of the Kaspersky Enterprise Edition really is running at 250 MB, I would agree that it's an extremely high value. If you're running this on Server 2003, I think you have to install a 3rd party tool such as Process Explorer to report the "Private Working Set". You can't get it from Task Manager, and I can't find a counter for it in perfmon. Maybe from WMI, but I can't find anything there either. I just re-read the your post and it does seem that you're describing behavior seen on Server 2008, so I suppose it really is the Private Working Set that is so high. That's amazing. From: Steve Burkett [mailto:steve.burk...@stemcor.com] Sent: Monday, September 21, 2009 4:34 AM To: NT System Admin Issues Subject: RE: OT Antivirus Yup. Kaspersky does 2 different versions of AV for Servers: Kaspersky Antivirus for Windows File Servers and the newer Kaspersky Antivirus for Windows Server Enterprise Edition. If you buy the Business Space pack or above, you can use either the Enterprise Edition or the standard Windows File Servers edition. Server licenses are no longer differentiated from Client licenses. Ie. If you have 10 servers and 100 workstations, you need 110 licenses. One welcome bonus is you can get 1 free license for the consumer version (Kaspersky Internet Security) for each business license you purchase*, this is intended to protect your employee's home PC. Enterprise Edition 'is designed specifically for high-performance corporate servers that experience heavy loads'. In reality, it's the edition that supports Windows Server 2008 and Terminal Services. There is a service pack (MP4) coming out soon for the (older) KAV for Windows File Servers (v6) that will give it Windows Server 2008 (and R2) compatibility. Management is done via the Kaspersky Administration Kit, this works ok, you can define group policies etc and push out new installs from here. It's ok, the way they've done 'slave' servers for your remote sites is kinda clunky , but the admin kit is soon to be revamped along with the MP4 release. Enterprise Edition was kinda wedged in to the Admin Kit though, and is installed remotely in a different manner to the Windows File Server version. Again it's kinda clunky but is doable. Performance is fine on both editions, no real issues with sluggish response etc. Was some mention that they could affect VSS backups until you excluded the relevant processes. Have maybe had 3 issues with bad module updates/virus defs over the last 4 years. Frequency of def updates is impressive, and response time for Kaspersky UK business support is equally impressive. But the big problem is the RAM usage. Kaspersky are supposedly one of the lighter resource intensive AV's on the market and I'd agree to a point. On my workstation at the moment the KAV processes are using about 12MB of ram. Windows File Servers version uses around 25MB of ram (again, that's not bad) whereas Enterprise Edition uses around 250MB (!). I kid you not. This is apparently normal according the KAV team, who knows what they've done to balloon it out so much. They've even given you the option of not installing the GUI on server machines (and admin entirely from the Admin Kit) with Enterprise Edition but still the ram usage is 10x what the previous version used. When they bring out MP4 for the Windows File Server version we'll most likely be switching back to that from Enterprise Edition for our 2008 boxes because of this discrepancy in ram usage. We were ummming and aahhing about VIPRE Enterprise when we had to renew our Kaspersky subscription last January but we deemed it just a little too new to go for at the time and we knew that Kaspersky had been a sold performer for us over the last few years. That and the price per unit was pretty darned good, so we stuck with it. Will reevaluate next January. * Not available in all areas apparently, but Kaspersky UK was happy to oblige. From: Jonathan Kadoo [mailto:jka...@gmail.com] Sent: 19 September 2009 02:52 To: NT System Admin Issues Subject: OT Antivirus Hello all, just a quick question. Is anyone using Kapersky on their Windows 2008 production server? Do you like it? Pros and Cons? If not what other antivirus do you use excluding SAV. thanks Joanthan === STEMCOR CONFIDENTIALITY AND DISCLAIMER NOTICE This e-mail is intended only for the addressees named in it. The contents should not be disclosed to any other person nor copies taken. Any views or opinions presented are solely those of the sender and do not necessarily represent those of Stemcor unless otherwise specifically stated. Stemcor does not accept legal responsibility for the contents of this message nor responsibility for any change made to it after it was sent by the original sender. You are advised to carry out a virus check before opening any attachment as Stemcor does not accept liability for any damage sustained as a result of any software viruses. You should be aware that Stemcor reserves the right to read incoming and outgoing emails. === ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~