Обсуждение: wdavdaemon / Microsoft Defender for Endpoint on Linux and slow Postgres recovery?
wdavdaemon / Microsoft Defender for Endpoint on Linux and slow Postgres recovery?
От
"Colin 't Hart"
Дата:
Hi,
One of my clients has Microsoft Defender for Endpoint on Linux installed on their Postgres servers.
I was testing a database restore from pgBackRest. The restore itself seemed to complete in a reasonable amount of time, but then the Postgres recovery started and it was extremely slow to retrieve and apply the WAL files.
I noticed wdavdaemon taking most of the CPU, and Postgres getting very little.
I wonder if anyone here has any experience with configuring exclusions so that the WAL files can be processed faster?
AND
Any advice on what to communicate with their IT department about using this on their database servers? I've never encountered it on Linux before...
Thanks,
Colin
Re: wdavdaemon / Microsoft Defender for Endpoint on Linux and slow Postgres recovery?
От
Adrian Klaver
Дата:
On 12/2/25 06:47, Colin 't Hart wrote: > Hi, > > One of my clients has Microsoft Defender for Endpoint on Linux installed > on their Postgres servers. > > I was testing a database restore from pgBackRest. The restore itself > seemed to complete in a reasonable amount of time, but then the Postgres > recovery started and it was extremely slow to retrieve and apply the WAL > files. > > I noticed wdavdaemon taking most of the CPU, and Postgres getting very > little. > > I wonder if anyone here has any experience with configuring exclusions > so that the WAL files can be processed faster? > > AND > > Any advice on what to communicate with their IT department about using > this on their database servers? I've never encountered it on Linux before... Advice, don't let any Microsoft product contact anything you care about. > > Thanks, > > Colin -- Adrian Klaver adrian.klaver@aklaver.com
Re: wdavdaemon / Microsoft Defender for Endpoint on Linux and slow Postgres recovery?
От
Christoph Moench-Tegeder
Дата:
## Colin 't Hart (colinthart@gmail.com): > I wonder if anyone here has any experience with configuring exclusions so > that the WAL files can be processed faster? https://learn.microsoft.com/en-us/defender-endpoint/linux-exclusions mind this: https://learn.microsoft.com/en-us/defender-endpoint/linux-exclusions#supported-exclusion-scopes and work from these examples (if you're allowed to): https://learn.microsoft.com/en-us/defender-endpoint/linux-exclusions#example-3-add-or-remove-a-folder-exclusion > Any advice on what to communicate with their IT department about using this > on their database servers? I've never encountered it on Linux before... "Be glad it only slows your database down. All too often, AV/Endpoint Protection Products just don't like the access pattern and eat your database for breakfast." There is this joke "it has been 0 days since Anti-Virus ate a database". Regards, Christoph -- Spare Space
Re: wdavdaemon / Microsoft Defender for Endpoint on Linux and slow Postgres recovery?
От
"Colin 't Hart"
Дата:
Thanks. I just get
This setting is managed by your organization
so I'm going to have to talk with the IT guys... we have a meeting scheduled tomorrow.
/Colin
On Tue, 2 Dec 2025 at 21:34, Christoph Moench-Tegeder <cmt@burggraben.net> wrote:
## Colin 't Hart (colinthart@gmail.com):
> I wonder if anyone here has any experience with configuring exclusions so
> that the WAL files can be processed faster?
https://learn.microsoft.com/en-us/defender-endpoint/linux-exclusions
mind this:
https://learn.microsoft.com/en-us/defender-endpoint/linux-exclusions#supported-exclusion-scopes
and work from these examples (if you're allowed to):
https://learn.microsoft.com/en-us/defender-endpoint/linux-exclusions#example-3-add-or-remove-a-folder-exclusion
> Any advice on what to communicate with their IT department about using this
> on their database servers? I've never encountered it on Linux before...
"Be glad it only slows your database down. All too often, AV/Endpoint
Protection Products just don't like the access pattern and eat your
database for breakfast." There is this joke "it has been 0 days since
Anti-Virus ate a database".
Regards,
Christoph
--
Spare Space
On Tue, Dec 2, 2025 at 3:35 PM Christoph Moench-Tegeder <cmt@burggraben.net> wrote:
## Colin 't Hart (colinthart@gmail.com):
> I wonder if anyone here has any experience with configuring exclusions so
> that the WAL files can be processed faster?
https://learn.microsoft.com/en-us/defender-endpoint/linux-exclusions
mind this:
https://learn.microsoft.com/en-us/defender-endpoint/linux-exclusions#supported-exclusion-scopes
and work from these examples (if you're allowed to):
https://learn.microsoft.com/en-us/defender-endpoint/linux-exclusions#example-3-add-or-remove-a-folder-exclusion
> Any advice on what to communicate with their IT department about using this
> on their database servers? I've never encountered it on Linux before...
"Be glad it only slows your database down. All too often, AV/Endpoint
Protection Products just don't like the access pattern and eat your
database for breakfast." There is this joke "it has been 0 days since
Anti-Virus ate a database".
Things must have improved, since we had Carbon Black for a number of years, and now use Coretex XDR.
CB would quite often consume 300% CPU, while XDR "only" uses 100% on occasion, but have never corrupted or crashed a PG instance. (This is standard installations, with no exclusions.)
Death to <Redacted>, and butter sauce.
Don't boil me, I'm still alive.
<Redacted> lobster!