Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
5128 Views 15 Replies Latest reply: Nov 8, 2011 10:31 AM by pwolfe RSS 1 2 Previous Next
krischu Newcomer 8 posts since
Aug 3, 2011
Currently Being Moderated

Aug 3, 2011 10:19 AM

How to minimize performance impact of McAfee?

I would like to ask the IT personell of a customers' site to switch off any McAfee checking on the entire

deployment of our products at the customers' site. That is:

 

Excluding all files and directories in which our distribution is deployed.

 

Exclude any network interception on all protocols and ports our software is using (DB-servers, other service)

 

 

Since I myself do not know McAfee products, I have no idea what to tell the customer he has to do.

 

Reason behind: We suspect performance degradation whenever McAfee products are intercepting

file- and network access.

 

The customer is using VSE Enterprise 8.8 and ePO server. Besides that VMWARE  vSphere 4 is being used.

 

--

Christoph

  • SamSwift Group Leader 651 posts since
    Nov 9, 2009
    Currently Being Moderated
    1. Aug 3, 2011 10:39 AM (in response to krischu)
    Re: How to minimize performance impact of McAfee?

    Hi,

     

    Any exclusion creates an element of risk - there are better ways of tweaking the product to ensure performance and security are balanced. I'm moving this over to the VSE folks for better attention.

     

    Kind regards,

     

    Sam

  • Tristan Veteran 790 posts since
    Dec 8, 2009
    Currently Being Moderated
    3. Aug 3, 2011 11:35 AM (in response to krischu)
    Re: How to minimize performance impact of McAfee?

    First step. What is your product? .Net app deployed via browser? Client side executable linking to SQL database? ...etc.. Knowing what your product is doing will make it easier to suggest a fix.

     

    If your customer is using EPO then i would have thought there must be a competent IT person onsite managing it.

     

    Simply provide him/her with Executable names, file extensions or file paths of your applications and they will be able to add the nessesary exclusions into EPO.

     

    One easy fix is to disable the scanning of network files on the client machines. If McAfee is on the file server there's no need to scan the files twice.

     

    There is also exclusions that could be added the DB server. These are usually suggested by the DB software supplier. For instance there are recommendations from Microsoft for SQL exclusions. http://support.microsoft.com/kb/309422. But as SamSwift (and Microsoft) says this will introduce an element of risk.

     

    Message was edited by: Tristan on 03/08/11 17:35:29 IST
  • Regis Champion 457 posts since
    Oct 6, 2010
    Currently Being Moderated
    5. Aug 4, 2011 7:54 AM (in response to krischu)
    Re: How to minimize performance impact of McAfee?

    Allow me to give you some perspective from the other side of the fence.

     

    If I had a dime for every vendor or individual who asked to switch off (security tool that they view as intrusive) for their "special egg" product or computer I'd have... a lot of dimes.    It's an easy kneejerk reaction to ask for something to be disabled so you don't have to dig to figure out the real problem.

     

    So, before you ask your customer to do this, ask yourself "Have I bothered to test my program with the major AV vendors?  If not, am I making my problem a problem for all must customers?"

     

    AV is mandated endpoint protection for an awful lot of regulated entities.  Kneejerking and saying "disable AV" without having done your own analysis on your own systems narrowing things down to a specific and reasonable subset of directories to be excluded is going to get some cold reception from your custeroms' information security department, and depending on the risk governance maturity of the organization, may get you excluded from consideration if you can't figure out how to run well with AV in place.

     

    Doing some testing and seeing what your database might benefit from by some targetted exclusions in its filestores might be an excellent place to start.

  • Tristan Veteran 790 posts since
    Dec 8, 2009
    Currently Being Moderated
    7. Aug 4, 2011 11:01 AM (in response to krischu)
    Re: How to minimize performance impact of McAfee?

    To my knowledge Virus Scan Enterprise doesn't do any packet filtering or port monitoring (that would be a firewall product) it does do some blocking of traffic on smtp and irc ports but they're out right blocks so would prevent your apps working not slow them down.

     

    Is this VSE we're talking about or another McAfee product?

  • Tristan Veteran 790 posts since
    Dec 8, 2009
    Currently Being Moderated
    9. Aug 5, 2011 3:32 AM (in response to krischu)
    Re: How to minimize performance impact of McAfee?

    Obviously a McAfee Firewall is going to be using network hooks!! (a lot more than VSE would if it does use any at all)

     

    Have you looked into it being a IP routing/DNS lookup issue?

     

    Does the client use a proxy server in their environment.?

     

    Do they use the Microsoft proxy client for ISA (or Forefront TMG as it's known now)? I which case are all your data packets a being routed via the proxy server and a delay being introduced that way.

     

    Do you use IP or FQDN to access your database? Is there a delay being introduced when DNS lookups are being performed.

     

    Have you definitively pin-pointed this slow down to being an issue caused by a McAfee product

1 2 Previous Next

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points