cancel
Showing results for 
Search instead for 
Did you mean: 
McAfee Employee wwarren
McAfee Employee
Report Inappropriate Content
Message 11 of 14

Re: Serve performance degradation after installation of P4

The purpose of the mfehidk.sys driver is to "hook" the operating system so it gets notified of any/all activities we _might_ be interested in analyzing further.

For the events we are interested in, the driver hands off to a companion driver (mfeavfk for scanning, mfeapfk for access protection, mfebopk for buffer overflow), otherwise it does nothing further but to pass the I/O on to the next entity in line.

In saying you experience a hit with only the mfehidk.sys driver, it suggests a couple things -

- there might be a bug in the driver

- there might be an interop issue playing out with another driver(s) in your environment

The latter can be confirmed/eliminated by reproduction attempts in a new/clean environment. An obvious one would be not using VMWare; they have drivers too you know; and that can cause issues (See KB79260 for example). Support can help work through the possibilities; reviewing MER data from a system will help so we can identify what other drivers are indeed present.

But if we can reproduce the issue ourselves, or it's reproducible in a clean environment then it smells like a bug.

It's one thing to incur performance overhead due to AV software being installed, but to cut throughput by 75%? That isn't right. Throwing exclusions or performance tweaks at metrics like that is like using a bucket to save the Titanic. So, something is definitely "off" here. And because we know plenty of others are using P4 without performance woes, I'm inclined to believe there's something environmental that hasn't been identified.

William W. Warren | S.I.R.R. | Customer Success Group | McAfee
Highlighted

Re: Serve performance degradation after installation of P4

Sure we use vmware - who doesnt? And I believe you tested P4 on vm machines....

Anyway we have the same issue on iron servers without  vmware tools.

Our test servers have plain win2k8r2 without any thirdparty software (apart of VS).

SR # <4-5606236293> if you interested - MER, procmon, ETLTrace logs.

pwolfe
Level 9
Report Inappropriate Content
Message 13 of 14

Re: Serve performance degradation after installation of P4

Not sure if this is of any use to anyone, however this is physical equipment, an older Dell Poweredge 2950 with 2008R2 8GB ram (McAfee EPO Server), and a newer R510 2008R2 Citrix Server (XenApp 6.5) with 32GB ram. Both are running VSE 8.8 P4, the Citrix Box is in heavy use at the time running an EMR, not great stats but useful I guess.......

mcafee_speed.jpg

justav
Level 9
Report Inappropriate Content
Message 14 of 14

Re: Serve performance degradation after installation of P4

Hey Pwolfe...stats are always useful, but in this case they are not.

I have as well multiple ePO servers and Citrix's.

Both have different exclusion sets, which make quite a difference on how VSE handle things.

my 5c

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community