cancel
Showing results for 
Search instead for 
Did you mean: 

VirusScan Enterprise Running on Virtual Machines

I'm seeking some information or “best practices”on installing and configuration of ePO and VirusScan Enterprise on V-Machines?

We have setup a VMView environment for testing and we’vebeen instructed to make this OS as lean and as FAST as possible. 

Here is some information from VMWARE.

Whenever possible, do not use on-demand scanning, unless during a very long maintenance window, and only after testing the impact to the storage subsystem of running many concurrent full-system scans.

On linked clones, On Access Scanning should be limited to write I/O only, because the files that are on the replica image cannot be infected once deployed. For maximum effectiveness, perform a full system scan of all files on the golden master before shutting it down.

We are currently using VirusScan Enterprise 8.8.

3 Replies
Highlighted
Level 9
Report Inappropriate Content
Message 2 of 4

Re: VirusScan Enterprise Running on Virtual Machines

Well, stripping the VSE to its barebone OnAccess functionality is certainly a good idea. So ScriptScan, AccessProtection and similar stuff be gone. You also want to disable Artemis also called "heuristic network check". Furthermore reducing the OAS to "default and additional file types" instead of "all files" can boost performance although it depends a lot on exterior factors. Heuristics and compressed files can also be disabled for additional speed. Then be sure to check the exclusion recommendations of VMWare and other software providers involved in your solution.

Yeah, all of that significantly reduces security but that's always the tradeoff isn't it. Obviously you might want to take a look at McAfee MOVE if virtualization is involved.

Highlighted

Re: VirusScan Enterprise Running on Virtual Machines

RealEGT wrote:

On Access Scanning should be limited to write I/O only

Whatever you do, don't follow this advice. It is horribly wrong and will lead to very painful problems. For several years I have been combatting this "advice". On the surface it seems quite logical but it will lead to serious issues. Most viruses today don't start life as files written to disk. Also, without Read scanning turned on, you are completely bypassing the OAS scan cache.

Also, please do not disable self-protection. You can remove most other settings in Access Procetion but please leave the six items relating to the protection of the MFE agent and VSE. If you are going to use VSE please don't disable its core features.

And as mentioned above MOVE-AV provides an offload solution for VDI that you might find helpful. In several customer settings this has provided remarkable boosts to performance (relative to normal VSE).

Highlighted
Level 9
Report Inappropriate Content
Message 4 of 4

Re: VirusScan Enterprise Running on Virtual Machines

Well, there is no black and white in terms of VSE configuration. Every feature has its uses, risks and performance payload. For example, self protection is disabled in our environment. Our benefit is easier troubleshooting and software deployment (since we are not always allowed to use EPO deployment) and we pay for it with the security risk of yet unknown malware destroying our VSE installations (FakeAV especially). However, we have a fully automated restaging process of clients, that reinstalls the OS and all software within two hours so we can live with this risk quite well.

In my opinion advice is always about options, risks and tradeoffs, never about "whatever you do, don't ...".

Message was edited by: oaker on 26/09/11 13:49:11 IST
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community