Server

Unfortunately, SBS has always been a bit of a special case in the server environment. Anyone that has dealt with service packs and SBS knows this very well. Check out the list of known issues and workarounds for service pack 2 here.

I'll write more about this when I have more time but essentially the low level kernel filters that come with McAfee are not very cluster aware. If you seem to have a lot of excessive I/O and/or contentions on your SAN, make sure you exclude "\Device\HarddiskVolume*" from scanning if you do not want McAfee scanning on a particular SAN drive.

Real world example of why this is important: Exchange information stores on a SAN. Most likely you have already excluded the logical drive paths to the information stores, but if you check the VirusScan On-Access Scan Statistics, you will notice a lot of activity on "\Device\HarddiskVolumeXX\EXCHSRVR\MDBDATA\*".

Why is this bad? It is a great way to corrupt your information store due to .LOG files getting yanked out and put into quarantine, and is practically the equivalent of the old "scanning the M: drive" problem that a lot of people using Exchange 2000 had, except much more dangerous.

Also noteworthy, any version of 8.0i before patch 11 has a very nasty non-paged pool memory leak that can and will eventually take down a server given enough time. The behavior will vary depending on the role of the server but typically you end up with event logs from the Srv source complaining about not enough memory available.

It makes sense if you think about it. It is actually a small black and white "Microsoft" image. Even if the link has some type of compression, you will get better 'real world' results with a JPG due to the non-compressability of most JPG images.

Read more about it here.

Handy "update" for the small mom and pop shops that rely on NTBACKUP for backups and restores. I often wondered why NTBACKUP never logged an event log about media full status. If you need this functionality, you can now get it by requesting hotfix 925694.