Antivirus and antimalware¶
When antivirus and antimalware software products scan files in use by MCR,
these files can lock in a way that causes Docker commands to hang or causes
orphaned snapshots to leak disk space. To circumvent these problems, you can
add the Docker data directory to the software’s exclusion list, which is by
default /var/lib/docker
on Linux systems and %ProgramData%\docker
on
Windows Server systems. As a result of this action, though, viruses or malware
in local Docker images, writable layers of containers, or volumes will go
undetected.
Note
If you choose to exclude the Docker data directory from background virus scanning, Mirantis recommends that you schedule recurring tasks for stopping MCR, for scanning the data directory, and for restarting MCR. Make sure to stagger these recurring tasks, though, as running them in sync can cause a system outage.