3 Replies Latest reply on Jan 12, 2012 2:42 PM by joeleisenlipz

    Memory leaks with VirusScan 8.7.0 Patch 5 / VirusScan 8.8.0 in combination with Quest Change Auditor...

    diwi

      Hello,

       

      we are still using Windows Server 2003 SP2 x86 English as DC's. On top of that Quest Change Auditor is installed. In combination with McAfee VirusScan 8.7.0 Patch 4 everything is working fine. In combination with VirusScan 8.7.0 Patch 5 or VirusScan 8.8.0 (without patch), we are facing signification memory leaks, stop errors, logon problems etc.

       

      Is anyone using Quest Change Auditor in combination with McAfee VirusScan 8.7.0 Patch 5 oder VirusScan 8.8.0 (with or without patch 1)?

       

      Best regards,

      DiWi

        • 1. Re: Memory leaks with VirusScan 8.7.0 Patch 5 / VirusScan 8.8.0 in combination with Quest Change Auditor...
          joeleisenlipz

          We also use CA & VSE 8.8. We noticed a leak when we went from 8.7 p4 to 8.8 rtw. We are hoping that 8.8 p1 fixes the problem.

           

          Also, we included the CA agent software in a low-risk processes policy for all our DCs & Exchange servers.

           

          --Joel

          • 2. Re: Memory leaks with VirusScan 8.7.0 Patch 5 / VirusScan 8.8.0 in combination with Quest Change Auditor...
            diwi

            Thank god, we are not alone

             

            First of all, thanks for contributing, as McAfee-website-wide, there is no entry at all for servers with VirusScan and Quest Change Auditor!

             

            We did the same step from 8.7 p4 to 8.8 without patch with memory leaks and returned to 8.7 p4 !!! Last week I installed p5 for 8.7 and I got the same memory leaks! That was really bad! It turned out that 8.7 p5 uses same technologies as 8.8 according to McAfee support. I noticed there are some advises from Quest to exclude some processes in Buffer Overrun section (when using Antivirus software according to Quest release notes) and I excluded those processes but without great success, the memory leaks remained.

             

            You were talking about including CA agent software in a low-risk process policy. Could you please further inform me, what you exactly did?

             

            Regards,

            DiWi

             

            Message was edited by: diwi on 1/12/12 7:45:44 PM CET
            • 3. Re: Memory leaks with VirusScan 8.7.0 Patch 5 / VirusScan 8.8.0 in combination with Quest Change Auditor...
              joeleisenlipz

              We set the option in the Default Processes Policy to use separate High-/Low- Risk Process policies. Then created a special Low-Risk Processes Policy that includes the following processes:

               

              caadmain.exe

              caadservice.exe

              caadammain.exe

              caadamservice.exe

              qceeservice.exe

               

              And then configured the policy to only scan when these processes write, and not on read.

               

              We also made sure that **\Quest Software\ChangeAuditor\Agent\DBScripts\ChangeAuditorAgent.sdf was never scanned by OAS.

               

              This seemed to help with overall performance, but didn't make a difference for the memory leak.

               

              --Joel