Is there a way to use Ransomeware Protection on Windows MediaAgents, using a Disklibrary with Cluster Share Volumes ?
Once Ransomeware Protection is activated, the filter driver “CVDLP” with the altitude of 145180 (encryption) is added to the Filesystem Filter.
this results in redirected I/Os to all ClusterSharedVolumes :
BlockRedirectedIOReason : NotBlockRedirected
FileSystemRedirectedIOReason : IncompatibleFileSystemFilter
Name : volume21
Node : node1
StateInfo : FileSystemRedirected
as a result the Clusted Events are flooded with Warnings:
Cluster Shared Volume 'volume21' ('volume21') has identified one or more active filter drivers on this device stack that could interfere with CSV operations. I/O access will be redirected to the storage device over the network through another Cluster node. This may result in degraded performance. Please contact the filter driver vendor to verify interoperability with Cluster Shared Volumes.
Active filter drivers found:
even though I don’t experience any delay compared to Media access w/o Ransomeware Protection, I’d like to get rid of the warnings at least.
Best answer by johanningk
I found the solution :
- disable ransomware protection on all MAs in the Cluster
- check for CVDLP filter using fltmc.exe
- wait until all CSVs are reported to have direct access using
Get-ClusterSharedVolumeState |where FileSystemRedirectedIOReason -like 'IncompatibleFileSystemFilter'|ft name,node,StateInfo
- re-enable ransomware protection on all MAs in the Cluster
The MR Update didn’t seem to un-/reload the CVDLP filter during the Patch installation.
since these server have not been rebooted since this step ……
now everthings looks fine