Re: wdavdaemon / Microsoft Defender for Endpoint on Linux and slow Postgres recovery?

On Tue, Dec 2, 2025 at 3:35 PM Christoph Moench-Tegeder <cmt(at)burggraben(dot)net>
wrote:

> ## Colin 't Hart (colinthart(at)gmail(dot)com):
>
> > I wonder if anyone here has any experience with configuring exclusions so
> > that the WAL files can be processed faster?
>
> https://learn.microsoft.com/en-us/defender-endpoint/linux-exclusions
> mind this:
>
> https://learn.microsoft.com/en-us/defender-endpoint/linux-exclusions#supported-exclusion-scopes
> and work from these examples (if you're allowed to):
>
> https://learn.microsoft.com/en-us/defender-endpoint/linux-exclusions#example-3-add-or-remove-a-folder-exclusion
>
> > Any advice on what to communicate with their IT department about using
> this
> > on their database servers? I've never encountered it on Linux before...
>
> "Be glad it only slows your database down. All too often, AV/Endpoint
> Protection Products just don't like the access pattern and eat your
> database for breakfast." There is this joke "it has been 0 days since
> Anti-Virus ate a database".
>

Things must have improved, since we had Carbon Black for a number of years,
and now use Coretex XDR.

CB would quite often consume 300% CPU, while XDR "only" uses 100% on
occasion, but have never corrupted or crashed a PG instance. (This is
standard installations, with no exclusions.)

--
Death to <Redacted>, and butter sauce.
Don't boil me, I'm still alive.
<Redacted> lobster!