cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 11 of 14

Re: Serve performance degradation after installation of P4

The purpose of the mfehidk.sys driver is to "hook" the operating system so it gets notified of any/all activities we _might_ be interested in analyzing further.

For the events we are interested in, the driver hands off to a companion driver (mfeavfk for scanning, mfeapfk for access protection, mfebopk for buffer overflow), otherwise it does nothing further but to pass the I/O on to the next entity in line.

In saying you experience a hit with only the mfehidk.sys driver, it suggests a couple things -

- there might be a bug in the driver

- there might be an interop issue playing out with another driver(s) in your environment

The latter can be confirmed/eliminated by reproduction attempts in a new/clean environment. An obvious one would be not using VMWare; they have drivers too you know; and that can cause issues (See KB79260 for example). Support can help work through the possibilities; reviewing MER data from a system will help so we can identify what other drivers are indeed present.

But if we can reproduce the issue ourselves, or it's reproducible in a clean environment then it smells like a bug.

It's one thing to incur performance overhead due to AV software being installed, but to cut throughput by 75%? That isn't right. Throwing exclusions or performance tweaks at metrics like that is like using a bucket to save the Titanic. So, something is definitely "off" here. And because we know plenty of others are using P4 without performance woes, I'm inclined to believe there's something environmental that hasn't been identified.

William W. Warren | S.I.R.R. | Customer Success Group | McAfee
Highlighted

Re: Serve performance degradation after installation of P4

Sure we use vmware - who doesnt? And I believe you tested P4 on vm machines....

Anyway we have the same issue on iron servers without  vmware tools.

Our test servers have plain win2k8r2 without any thirdparty software (apart of VS).

SR # <4-5606236293> if you interested - MER, procmon, ETLTrace logs.

Highlighted
Level 9
Report Inappropriate Content
Message 13 of 14

Re: Serve performance degradation after installation of P4

Not sure if this is of any use to anyone, however this is physical equipment, an older Dell Poweredge 2950 with 2008R2 8GB ram (McAfee EPO Server), and a newer R510 2008R2 Citrix Server (XenApp 6.5) with 32GB ram. Both are running VSE 8.8 P4, the Citrix Box is in heavy use at the time running an EMR, not great stats but useful I guess.......

mcafee_speed.jpg

Highlighted
Level 9
Report Inappropriate Content
Message 14 of 14

Re: Serve performance degradation after installation of P4

Hey Pwolfe...stats are always useful, but in this case they are not.

I have as well multiple ePO servers and Citrix's.

Both have different exclusion sets, which make quite a difference on how VSE handle things.

my 5c

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community