cancel
Showing results for 
Search instead for 
Did you mean: 

Linux OAS - scan everything or scan default and specified file types?

Jump to solution

All,

We are contemplating switching our scan logic for Linux and only scan McAfee default and specified file types in order to help alleviate the impact our OAS is having on customers servers.  Could you all share how your are configured for this, again specifically on Linux OAS policies?

Thx!

1 Solution

Accepted Solutions
McAfee Employee patrakshar
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: Linux OAS - scan everything or scan default and specified file types?

Jump to solution

Hi @lerrico 

List of files ENSLTP scans by default under "McAfee Default" list has been mentioned in the article https://kc.mcafee.com/corporate/index?page=content&id=KB89704

The recommended setting per security is in concern will be to select "All Files". 

My suggestion will be select all file types during scan, when the performance issue hits check the OAS log and figure out what type of files it is scanning most. If that file type can be excluded without any security risk then exclude those specific file type. 

4 Replies
McAfee Employee patrakshar
McAfee Employee
Report Inappropriate Content
Message 2 of 5

Re: Linux OAS - scan everything or scan default and specified file types?

Jump to solution

Hello @lerrico 

If I understand correctly you want to know how can be impact of On Access scanner  be reduced on a machine.

It does depend on environment to environment, however below should help:

Scan only what you need to

Scanning some types of files can negatively affect system performance. For this reason, select these options only if you need to scan specific types of files. Select or deselect these options in the What to Scan section of the On-Access Scan settings.

 

  • On network drives — Scans resources on mapped network drives.

    Deselect this option to improve performance.

     

  • Compressed archive files  Examines the contents of archive (compressed) files, including .jar files.

    Even if an archive contains infected files, the files can't infect the system until the archive is extracted. Once the archive is extracted, the On-Access Scan examines the files and detects any malware.

Specific to your question whether you should select All Files or Specified file type only, it will be depending on your machine usability. 

Example if this is service as a file server to all other clients then clients can store any type of files on the machine. In that case using Specific File type only not a good option from security perspective because it is possible you might miss some important file type scanning. So scanning All Type is best option during that time.

However another example may be you have a server which runs specific application and only a some specific file types gets change. In that case you do not need OAS to scan all file types but only specific file type scanning will do the job.

There is no specific best practice as such provided for this as it completely depends on the customer requirement. 

Re: Linux OAS - scan everything or scan default and specified file types?

Jump to solution

Thx for your reply however i was asking about specific files AND McAfee default which covers all of the known/major file types.  What i'm trying to determine is whether only scanning for those files would be sufficient instead of scanning everything on a Linux server that will have zero user interaction and currently has performance hits due to the kernel hook required for each file scan.

McAfee Employee patrakshar
McAfee Employee
Report Inappropriate Content
Message 4 of 5

Re: Linux OAS - scan everything or scan default and specified file types?

Jump to solution

Hi @lerrico 

List of files ENSLTP scans by default under "McAfee Default" list has been mentioned in the article https://kc.mcafee.com/corporate/index?page=content&id=KB89704

The recommended setting per security is in concern will be to select "All Files". 

My suggestion will be select all file types during scan, when the performance issue hits check the OAS log and figure out what type of files it is scanning most. If that file type can be excluded without any security risk then exclude those specific file type. 

Highlighted

Re: Linux OAS - scan everything or scan default and specified file types?

Jump to solution
Thx for the link. We do have scan all files currently configured however entertaining the idea of only scanning default/specificed types to help with the impact OAS has had on servers.
More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community