I’m a bit curious about general dependencies of different anti-virus scanners w.r.t. the checkmk agent / monitoring in general - resulting in strange alerting effects and extra work for troubleshootings. In our site we are monitoring dozens of our customers‘ hosts. Frequently, their security policies or AV behaviour are outside our reference. But in this context, we are lately facing rising alerts because of time-outs due to „missing agent sections“ which again are leading to stale services. Worst of all we observe rising up/down host notifications as well with round trip averages beyond good and evil. We can clearly see a relationship between rising RTA and installation / activation of AV etc.
What are your experiences, solutions or suggestions? Don’t expect there might be a approach in best practice, except “deactivate the AV”?