cancel
Showing results for 
Search instead for 
Did you mean: 

Artemis/GTI: What is your preference for On-Access and On-Demand?

Hi,

     We are considering increasing of current GTI sensitivity levels for our On-Access and On-Demand tasks and are curious what you have experienced in your travels. What do find as a comfortable level?

Thank you,

5 Replies
qgudex
Level 7
Report Inappropriate Content
Message 2 of 6

Re: Artemis/GTI: What is your preference for On-Access and On-Demand?

It really depends on your environment.  I'd suggest starting at the default level and adjusting from there.  In our environment, I learned I could run ours at "High" without issue.  I believe McAfee does not recommend "Very High" except in extremely high security environements; we've never tried it.

georgec
Level 13
Report Inappropriate Content
Message 3 of 6

Re: Artemis/GTI: What is your preference for On-Access and On-Demand?

I'm running low for OnAccess and High for OnDemand. You'll have to check and see how it impacts performance in your environment. Are you using the profiler in order to optimize resource usage through exceptions?

Reliable Contributor Nielsb
Reliable Contributor
Report Inappropriate Content
Message 4 of 6

Re: Artemis/GTI: What is your preference for On-Access and On-Demand?

We tested very low, low and right now medium. without any issues

pierce
Level 13
Report Inappropriate Content
Message 5 of 6

Re: Artemis/GTI: What is your preference for On-Access and On-Demand?

Both here set to Medium without any issues. Mostly it finds the random tools our helpdesk use that fall very much into a grey or 'what the hell do you have that for' bucket.

I had a email alert for every artemis detection when I moved from low/off to medium/medium and didnt have any false positives in 6 months of testing so disabled the alert, might be a good thing to test as you ramp up?

I also believe Medium is the recommended level that McAfee advise.

Re: Artemis/GTI: What is your preference for On-Access and On-Demand?

I have been running almost all our systems at high.   It is starting to account for a good percentage of our detections.   No false positives have been claimed by anyone or reported to me.   I think this is especially import for our "road warriors"   who may not be getting updated as often as I would like.   Gives us a cushion for those that fail to get the DAT updates.

Thanks

Herb

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator