cancel
Showing results for 
Search instead for 
Did you mean: 
avilt
Level 7
Report Inappropriate Content
Message 1 of 13

Backup Process & VSE Fine Tuning

Jump to solution

I am using a VSE 8.8 with ePO 5.1 on Windows, also using a centralized Symantec Netbackup software. I would like to speed up the backup time by fine tuning the VSE policies. Please advise.

1 Solution

Accepted Solutions

Re: Backup Process & VSE Fine Tuning

Jump to solution

C:\ProgramData is a hidden folder, are you sure you have Show hidden files, folders, and drives selected?

12 Replies

Re: Backup Process & VSE Fine Tuning

Jump to solution

Well for starters I would look at the logs within the C:\ProgramData\McAfee\DesktopProtection directory on one server that is taking a long time for backups to be performed and see what files/directories are holding it up. From there you can start adding them into low risk VSE policies or create exceptions.

Also google for Symantec Netbackup virus scan exclusions. I would not advise to just add all their recommended exclusions, but it is could be a start.

http://www.symantec.com/business/support/index?page=content&id=TECH152328

avilt
Level 7
Report Inappropriate Content
Message 3 of 13

Re: Backup Process & VSE Fine Tuning

Jump to solution

I am using VSE with ePO and I don't see the following directory on the client.

C:\ProgramData\McAfee\DesktopProtection

ansarias
Level 13
Report Inappropriate Content
Message 4 of 13

Re: Backup Process & VSE Fine Tuning

Jump to solution

I'll suggest to use below KB article:

https://kc.mcafee.com/corporate/index?page=content&id=KB68701


Also refer below PDF file. - Refer section : Configuring Performance Improvements

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/22000/PD22940/en_US/...


Re: Backup Process & VSE Fine Tuning

Jump to solution

C:\ProgramData is a hidden folder, are you sure you have Show hidden files, folders, and drives selected?

avilt
Level 7
Report Inappropriate Content
Message 6 of 13

Re: Backup Process & VSE Fine Tuning

Jump to solution

After defining a few exclusions as well as Low Risk Policy for backup process, the issue is resolved.

I have one query related to exclusion. Let's say I want to define an Exclusion for a particular application. Is it mandatory to define them in all three exclusion (Default/Low Risk/High Risk ) policies? Of course Low/High we can define process too.

wwarren
Level 15
Report Inappropriate Content
Message 7 of 13

Re: Backup Process & VSE Fine Tuning

Jump to solution

Let's say I want to define an Exclusion for a particular application. Is it mandatory to define them in all three exclusion (Default/Low Risk/High Risk ) policies?


No. That would be undesirable.

An exclusion punches a hole in your AV security. That means malware can live there and go undetected.

Always challenge why you need an exclusion.

The purpose of the scanning profiles is to allow you to add an exclusion that only applies to processes you specify, instead of having every process acquire that exclusion.

That means, processes who touch files in that excluded location who are not in your defined process list, we still have their actions scanned. It's still a hole, but it's a MUCH smaller one.

When you place the exclusion into all 3 profiles, the hole is enormous by comparison.

William W. Warren | S.I.R.R. | Customer Success Group | McAfee
avilt
Level 7
Report Inappropriate Content
Message 8 of 13

Re: Backup Process & VSE Fine Tuning

Jump to solution

Thank you for the explanation. Is my following understanding correct?

Default Profile Exclusion is for all processes -> Exclude this folders from scanning for all processes.

Low Risk Profile is linked to particular processes.-> Trust this process for the folders listed under exclusion list. Improves system performance by giving less priority to VSE.

High Risk Profile is linked to particular processes.-> Do not trust this process for the folders listed under exclusion list. Might degrades performance but with improved security.

The Low Risk & High Risk should be used when we are very sure about the processes that access particular folder/files.

Also it's always advisable to add exclusion under Low Risk than Default Profile Exclusion. Am I right?

Can I also assume that Default Profile Exclusion takes precedence over Low Risk & High Risk profiles?

Appreciate point by point answer.

wwarren
Level 15
Report Inappropriate Content
Message 9 of 13

Re: Backup Process & VSE Fine Tuning

Jump to solution

Default Profile Exclusion is for all processes -> Exclude this folders from scanning for all processes.


Not quite.

It means "If a process not listed in High or Low touches the excluded object, then do not scan".


Low Risk Profile is linked to particular processes.-> Trust this process for the folders listed under exclusion list. Improves system performance by giving less priority to VSE.


No. It means "If a process in this list touches the excluded object, then do not scan".


High Risk Profile is linked to particular processes.-> Do not trust this process for the folders listed under exclusion list. Might degrades performance but with improved security


No. It means "If a process in this list touches the excluded object, then do not scan".

William W. Warren | S.I.R.R. | Customer Success Group | McAfee
avilt
Level 7
Report Inappropriate Content
Message 10 of 13

Re: Backup Process & VSE Fine Tuning

Jump to solution

Understood. Now one more clarification on adding backup applications to low risk exclusion policy, McAfee Technical Articles ID:  KB68701.

I will add all the backup processes (under processes) and also the backup application path to Exclusion list. But the backup application accesses the entire drive (in case of image backup). Does it mean that the entire drive is excluded from scanning for backup process (listed under process) installed in a particular path (listed in Exclusion) ?