One of the common problems we see with antivirus is that it sends Exchange installs to a painful crawl. It becomes particularly apparent during the Languages step. I have personally witnessed this behavior during both Exchange 2010 and 2013 upgrades. The issue is the file-level antivirus. In particular real-time protection. If enabled it can cause Exchange installs to take several hours.
The solution–disable real-time protection before installing or upgrading Exchange.
In fact, make sure you have all the exceptions in place as outlined by this Microsoft TechNet article. At a very minimum I recommend to exclude–from all scans–the entire Exchange install directory, transport files, IIS files and, the entire drive (or mount point) where each database and its associated log files reside. If you have a DAG exclude the witness directory and the cluster database files.
Note: With all the hooks that antivirus has into the OS disabling real-time protection might not be enough. In some cases temporarily uninstalling antivirus might be the answer.
But how do we know its antivirus?
One of the common symptoms is high CPU utilization. Bringing up task manager we can see that antivirus is very active during the Exchange install.
As soon as we disable real-time protection CPU utilization drops and the Languages step completes in a few minutes.
Below are the instructions on disabling real-time protection for Microsoft SCEP.
Disable real-time protection (System Center Endpoint Protection)
To disable real-time protection in System Center Endpoint Protection (SCEP) perform the following steps:
Double-click the EndPoint Protection () icon in the taskbar.
Select the Settings tab. Select Real-time protection.
Uncheck Turn on Real-time Protection (recommended).
Click Save Changes.
How about you? Have you experienced upgrade slowdowns from real-time protection? Do you think we need file-level antivirus on Exchange servers at all? Drop a comment below.
Daedalus says
well another CU that gets stuck at this point… CU22 exchange 2016. thanks for the post. I uninstalled AV & ran this “Set-MpPreference -DisableRealtimeMonitoring $true ” took about 3 minutes to start back up again.
Gareth Gudger says
Thanks for great tip Daedalus! 🙂
Zsolt says
Thanks, save my day.
Works on E2019 as well.
John A says
Just had the same 5hing with ESET installed. Stuck in languages for an hour, disabled ESET and it started moving again. I could see ESET running at 20% processor useage.
Doodle says
Fixed for me. Thanks for sharing
kjstech says
Better yet, why don’t they offer a flag to skip installing languages. If I’m installing in an en-us region and I just want the one default language (English) I don’t want to waste all the extra time installing language packs I’ll never need.
miles says
I just had this issue trying to install CU6 on Server 2016.
In Settings if I tried to disable Defender, the setting wouldn’t take effect.
I had to run ‘Set-MpPreference -DisableRealtimeMonitoring $true’ from powershell to get it to stop, then the exchange setup took off.
Mehdi plus says
Thanks a lot, it works on windows server 2016 🙂
Jan says
Awesome, thanks for sharng!
Szabi says
Grate! Saved me!
Henrique Geraldi says
Awesome!!! And I was amazed how MSFT can’t fix this bug!!! On Exchange Server 2016 CU4 on Server 2016 @Jan/2017 this failure still happening!!! (Actually changing only from SCEP to Integrated Defender, so… same program =P ) ….your post saves me hours! (ok, I was stucked from 3 hours on Language step lol) Thanks a Lot!!!
Roy Røv (@royrov) says
I’ve had this problem. Now I just uninstall SC End Protection when I install new CU’s. In our environment, End Protection is installed again after a few moments. Maybe not recommended to uninstall, but it’s a quick solution.
Gareth Gudger says
Yep. I’ve had it come to that with certain AV providers. Despite disabling real time protection they still have their hooks and processes running.