Application pool gets recycled due to anti-virus?

Posted on by No Comments ↓

This post has been republished via RSS; it originally appeared at: IIS Support Blog articles.

It's not the first time that I heard of my customers complaining about their anti-virus: after a certain activity (such as a regular scanning for system files), their application pools get restarted automatically.

When this issue happens, some customers are seeing the following event in System Event Log:

Log Name: System Source: Microsoft-Windows-WAS Date: XXXX Event ID: 5080 Task Category: None Level: Information Keywords: Classic User: N/A Computer: XXXX


Description:
The worker processes serving application pool '[Application pool name]' are being recycled due to 1 or more configuration changes in the application pool properties which necessitate a restart of the processes.

But the anti-virus didn't make any modification to the configuration file. How could this happen?

In fact, there may be several reasons. For example, when anti-virus scans the concerned file, it changed the "Last modification time"; It can also occur when WAS tries to detect if the configuration file has been changed, while anti-virus is scanning the file at the same time hence WAS detects the handle on the file and considers it being modified.


One effective way to avoid this scenario is by excluding the related configuration files of IIS from the anti-virus scanning scope.


Here is an exclusion list that you may consider configuring your anti-virus.


Attention: this is not an official list provided by Microsoft, it is simply a recommended list summarized according to our support experience. You should find your own compromise between security and performance. If you need any further information, please contact your anti-virus vendor.

  • Default folder for x86 compiled ASP.Net Code: %WINDIR%\Microsoft.NET\Framework\{version}\Temporary ASP.NET Files
  • Default folder for x64 compiled ASP.Net Code: %WINDIR%\Microsoft.NET\Framework64\{version}\Temporary ASP.NET Files
  • IIS Configuration Folder: %WINDIR%\System32\Inetsrv\Config
  • Default Content Location (where the web.config is located): %SYSTEMDRIVE%\Inetpub\WWWRoot (or the customized folder)
  • Default Logging Location: %SYSTEMDRIVE%\Inetpub\Logs\LogFiles (or the customized folder)
  • Default FREB Logging Location: %SYSTEMDRIVE%\inetpub\logs\FailedReqLogFiles (or the customized folder)
  • Default HTTP.SYS Logging Location: %WINDIR%\System32\LogFiles\HTTPERR
  • Default History Location: %SYSTEMDRIVE%\Inetpub\History
  • Default Backup Location: %WINDIR%\System32\Inetsrv\backup
  • Default folder for storing Compressed Content: %SYSTEMDRIVE%\Inetpub\temp\IIS Temporary Compressed Files
  • Default folder for compiled ASP templates: %SYSTEMDRIVE%\Inetpub\temp\ASP Compiled Templates
  • Default Configuration Isolation Path: %SYSTEMDRIVE%\Inetpub\temp\appPools
  • Default Folder for Error pages: %SYSTEMDRIVE%\Inetpub\custerr

 

Hope this is useful for you.

originally written by: Jin Wang
reviewed by: Muna AlHassan

Articles you may be interested in:

Microsoft Anti-Virus Exclusion List
http://social.technet.microsoft.com/wiki/contents/articles/953.microsoft-anti-virus-exclusion-list.aspx

IIS Application Pool Recycling Events
http://linqto.me/WASCodes

Common reasons why your application pool may unexpectedly recycle
http://blogs.msdn.com/b/johan/archive/2007/05/16/common-reasons-why-your-application-pool-may-unexpectedly-recycle.aspx

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.