2 Replies Latest reply on Feb 10, 2011 10:35 AM by clbarnett

    Performance issues with VirusScan Enterprise + AntiSpyware Enterprise 8.7.0i & Web Apps on Intranet

      Good afternoon,

       

      At this moment we're working with "VirusScan Enterprise + AntiSpyware Enterprise 8.7.0i".
      If we're try to work with our corporate bank (business critical) web applications, such as Bank Fusion and Equation.

      The computer performance is really terrible slowing down.

      It increases with at least 50 %.

      If I do the same on a computer running, for example, Microsoft Security Essentials, without McAfee, then the performance won't slow down.

      Is there someone with the same issues and maybe solving this problem?

      Or is there someone who knows that upgrading should be solving this mentioned problem?

       

      thanks

       

      AJ

        • 1. Re: Performance issues with VirusScan Enterprise + AntiSpyware Enterprise 8.7.0i & Web Apps on Intranet

          Hi abaaij ,

           

          Can you check Windows Task manager while you use the particular web application.

           

          And check which McAfee process is taking too much of memory.

           

           

          • 2. Re: Performance issues with VirusScan Enterprise + AntiSpyware Enterprise 8.7.0i & Web Apps on Intranet

            I'm going to basically copy and paste a response I just gave on a similar thread:

             

            First step is to contact your application vendor support and ask for their recommendations for anti-virus configuration.  If they have a documented recommendation of what files to exclude, follow their recommendation.

             

            Assuming this is a java-based web app, next step is to consider upgrading to VSE 8.8.  It will cache files that have been scanned and not rescan them if they are accessed again. You'll still take a performance hit when first loading the web app, but then performance should improve until DATs are updated.  This may be a good compromise between security and performance.

             

            Otherwise, welcome to the world of tuning your anti-virus. Check your on-access scan log (usually in c:\documents and settings\all users\application data\mcafee\desktopprotection or something similar).  Scroll towards the bottom of the log and look for 'scan timed out' entries.  Those items that aren't being scanned because they're timing out should probably be excluded. (No point in taking the performance hit of trying to scan them if they're going to time out and not get scanned anyways).   A log entry will look something like this:

             

            2/9/2011 10:45:53 PM Not scanned  (scan timed out)  NT AUTHORITY\SYSTEM C:\Program Files\Common Files\IBM\icc\cimom\bin\wmippa.exe C:\Program Files\IBM\Director\cimom\logs\SmartInterface.log

            Make sure when you read the log, you realize the first path and file name is the process that's accessing the file.  Don't exclude this from scanning; it's not being scanned.  It's the process that is causing McAfee to scan the second file.  So, in the above example, there's a process wmippa.exe that's running and accessing the file SmartInterface.log.  You wouldn't want to exclude wmippa.exe in your on-access scanning, you would want to exclude Smartinterface.log. You can use the process information to set up different on-access scan profiles for low- and high-risk processes; for more information on how to do that read the administrators guide.

             

             

            Sometimes things are slow but not actually causing timeout errors in the log.  Here's what I do to determine the best exclusions when performance is impacted by on-access scanning. Hopefully you have a blue vshield icon in your system tray.  Double-click on this icon and it should bring up 'On-Access Scan Statistics'.  In this box, look for a line 'Last File Scanned'.  While this is open, open your browser and go to the URL (or open your application).

             

             

            The 'last file scanned' will not show every file as it's being scanned, but you should get a good idea of what files are being scanned as the app is being loaded.  Hopefully you can determine a location (or locations) that are heavily scanned during application launch or use and then exclude those locations.  For example, you may determine that need to exclude the following files:

            %USERPROFILE%\Application Data\Sun\Java
            %SYSTEMROOT%\Sun\Java

             

            Be sure to carefully weigh the security implications of excluding files from scanning vs the performance gain.  Java is a common target for malware these days (probably because malware writers are aware that lazy admins often exclude too much java stuff because people complain about how slow java apps are when they are being scanned by av).  If possible, when writing the exclusion, exclude files on read but don't exclude on write. Use on-demand scans off-hours to fully scan the excluded paths.