cancel
Showing results for 
Search instead for 
Did you mean: 

Re: Problem with ENS 10.6.1+November Update and Citrix XenApp 7.15

Jump to solution

Exactly, in the DOC i read:

Scan on write events or only when files are modified. It should be noted that this configuration is typically regarded as a high security risk by most antivirus vendors.

So i removed only "Scan on Read" from policy. But with 10.6.1 i should disable also Scan on Write.

For me this is not a solution. If on Viruscan 8.8 and ENS 10.5.1 this setting was not necessary.

McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 42 of 62

Re: Problem with ENS 10.6.1+November Update and Citrix XenApp 7.15

Jump to solution

Right, so they recommend to remove "scan on write". But you still have this enabled.

I'm sorry that you don't feel this is a solution however it is the recommended and required setup for you to run any AV and Citrix in the same environment. 

You can't compare ENS to VSE as they are built on entirely different architecture. From version ENS 10.5.4 onwards we also made alot of further improvements to secure your environment from threats. Certain configuration may therefore be nessesary for other applications to run smoothly. 

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

Re: Problem with ENS 10.6.1+November Update and Citrix XenApp 7.15

Jump to solution

For me it means: disable the scan on read and leave enabled ONLY the scan on write.

Not Disable scan on write.

I will ask Citrix for confirmation.

McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 44 of 62

Re: Problem with ENS 10.6.1+November Update and Citrix XenApp 7.15

Jump to solution

@xaba_sg I agree with Cara's interpretation and statements based on reading it, but also on experiencing working with customer environments using Citrix. However, I fully support your efforts to ensure you're being as secure as possible as well as reaching out to Citrix to confirm.

Keep in mind, the statement regarding security on the Citrix document has two caveats. They must make this type of statement as a disclaimer so even when there isn't risk associated with the actions they're recommending in regards to their processes, they are covering themselves in the event a user configures something incorrectly based on their recommendations or otherwise--so Citrix is not in any scope liable to claims made against them.
Also, their statement is true if one was to disable these types of scanning across their entire configuration. The benefit of what McAfee provides in the default, low, and high risk multiple scan configuration options towards a single system, is that we allow you to isolate and disable only for these specifically intended Citrix processes (and anything else you define as low-risk), and nothing else. Citrix is not taking this type of capability into account with their statement in the article, because not every AV solution provies this flexibility that also retains a positive security posture.

Hope that helps clarify a little further 🙂

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

Re: Problem with ENS 10.6.1+November Update and Citrix XenApp 7.15

Jump to solution

Why did not they write to disable both?
I still think that the document only indicates the disabling of the scan on read.
Scan on Read is more critical and it is not mentioned.

Citrix will clarify the question.

As mentioned, my security policy does not allow me to disable scan on write.

Do you think that this problem can't be solved with a Hotfix ?

Thanks for the other clarifications.

McAfee Employee chealey
McAfee Employee
Report Inappropriate Content
Message 46 of 62

Re: Problem with ENS 10.6.1+November Update and Citrix XenApp 7.15

Jump to solution

@xaba_sg

Please understand our software is working as designed. It needs to scan items based on your configuration. There will not be a hotfix for this as there is no issue I'm afraid.

The solution here is to change your configuration based on the needs of the application in question - in your case Citrix.

Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
mr
Level 8
Report Inappropriate Content
Message 47 of 62

Re: Problem with ENS 10.6.1+November Update and Citrix XenApp 7.15

Jump to solution

As already noted, we have avoided using processing scanning exclusions - this is a first for us to enable it.  Clearly there is high risk in allowing a process to go completely unchecked compared to individual or folder exclusions.

If McAfee is unable to reveal the changes that caused this to become an issue for security reasons, I understand.  If you are going to tell us it's not due to McAfee changes then I'm offended, quit skirting the issue.

Also mentioned already - Citrix lists exclusions but WARNS of the risk and does not address to what level they should be excluded (R/W or R or W).

At this point, I would assume a fix from McAfee would just be in the form an integrated exclusion anyway so I'm not holding out.

Re: Problem with ENS 10.6.1+November Update and Citrix XenApp 7.15

Jump to solution

@chealey

I repeat for the last time.

With 8.8 = no problem no exclusion

With 10.5.x = no problem no exclusion

With 10.6.x = problem and exclusion for read and write

I cant exclude process for read and write, it's dangerous.

If with other versions this problem was not present, 10.6.x should be fixed.

If this is not possible, we will add this problem to the already very long list of ENS problems.

Hoping to change it as soon as possible.

 

 

 

McAfee Employee jess_arman
McAfee Employee
Report Inappropriate Content
Message 49 of 62

Re: Problem with ENS 10.6.1+November Update and Citrix XenApp 7.15

Jump to solution

@xaba_sg At this point in time, I believe that it would be best if you could give Support a call regarding your SR and focus on working through the case rather than in a forum format in order to review your concerns live and collect comparison data. This way, a more amicable resolution and understanding can be reached on all sides. There is likely a complete explanation for the differences in behavior that can be found through detailed, data driven investigation.

The recommendations made here are the best available based on the circumstance described, past and current experience, as well as limited information and no performance/activity data reviewed. Chealey and others that have responded are doing their best to provide assistance given the above. If this is ever insufficient for any reason, and you truly desire further progress and/or resolution, then it is time to open a Service Request with Support.

 

Was my reply helpful?

If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?

mr
Level 8
Report Inappropriate Content
Message 50 of 62

Re: Problem with ENS 10.6.1+November Update and Citrix XenApp 7.15

Jump to solution

We both did open a ticket.

Other than pointing to process exclusions they were either unable or unwilling to discuss why this changed in version 10.6.1.

Anyway - it appears this will end in a less than desirable workaround with no details as to why it changed.

Thanks for trying.

More McAfee Tools to Help You
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • Visit: Business Service Portal
  • More: Search Knowledge Articles
  • ePolicy Orchestrator Support

    • Download the new ePolicy Orchestrator (ePO) Support Center Extension which simplifies ePO management and provides support resources directly in the console. Learn more about ePO Support Center