Be Cautious when using ADRCI to view alert logs on Windows server with McAfee Antivirus installed

I like to automate things. You all know we can set an alias on Linux (.bash_profile file) to view a file using that alias.

For eg. you can set an alias on .bash_profile to view tailed database alert log using that alias.

alias alxdb="tail -100f /oracle/app/oracle/diag/rdbms/xxdb/xxdb/trace/alert_xxdb.log

Load the bash_profile

Now u can use alxdb alias to view your alert log directly

On Windows we don't have this functionality. We can use adrci to tail the alert log or third party software Cygwin or numerous other tools. But if you're not allowed to download any third party software on your server you're left with ADRCI utitity. If u know any other way to tail the alert log without using any third party tool please share.

I tried to emulate Linux alias functionality on Windows server. For this i created a batch file and text file.

Text file : adrci_xxdb.txt

 Text file contained below commands :

set home diag\rdbms\xxdb\xxdb

show alert -tail 100 -f -term

Batch file : ad.bat

this file contained below line

adrci script=C:\scripts\adrci_xxdb.txt

Now by typing ad.bat on cmd we can get tailed alert log output on windows cmd. Same as Linux alias. 

Everything was fine but there was one caveat. On my Windows Server McAfee antivirus was installed. So whenever i used ADRCI on Windows, McAfee used to consider it as a threat. Due to this McAfee Adaptive Threat Protection would eat up the memory allocated to database and leave it totally useless

Before using ADRCI

Database memory : 10 GB

McAfee ATP: 300 MB

After using ADRCI

Database memory : 200 MB

McAfee ATP : 10 GB

As you can see McAfee ATP ate up 98% memory of database. This is very dangerous.

I was lucky as i tried this only on TEST server. Before this i never had any issues with Mcafee antivirus on database server.

If you are facing this issue and still want to use ADRCI to tail your alert logs on Windows. Then you can exclude your oracle folders from McAfee scan or you can schedule the scan of the folders at other time.

It has also been found that there is a McAfee memory leak issue so tell your security team to update the antivirus. If it solves the issue then no need to exclude anything. As by excluding you're making that folders vulnerable to attack.

There is a oracle files and folder exclusion list on metalink :

Do we have an Anti Virus Exclusion List for OC? (Doc ID 2116347.1)

McAfee oracle exclusion detail : https://kc.mcafee.com/corporate/index?page=content&id=KB54817