This content has been marked as final. Show 14 replies
Hi Anwar, one thing you might want to look at is how many files are in the quarantine directory.
With cookie detections there were some laptops that had 5000 cookie detections. Event though my quarantine policy was 10 days not the defauly 28 days.
We manually removed all the cookies detections and rebooted. This cut down on login time considerable.
I contacted Mcafee and advised them. They advised that VS 8.5 Patch 8 will allow you not to quaratine cookies. In the mean time I have turnned off cookie detection. I will catch them with scans.
Since you don't use Epolicy you will have to adjust the quarantine setting / cookie detection manually. I suggest you first open
the Mcafee console and go into quarantine manager and deleted all the cookies, reboot and see if it helps.
FYI VS 8.7 doesn't quaratine cookies but I am also waiting for patch 1.
Now if I can figure out how to get CPU usuage down during updates I will be happier.
Hope this helps.
I think that you are far better of to not scan on reads at all.
And then you really should consider in excluding scanning on writes on selected directed directories aswell:
Thanks to Carlo and Henno for your replies.
I'll remember the cookies one. It's already caused us problems in the past; we have roaming profiles and user's cookies roam with them. Over time, you can build up a huge amount. Every time you log on, you pull down all your cookies; hundreds (perhaps thousands) of tiny files. Each of these would get scanned, taking login times to multiple minutes!
Henno, I hear what you're saying about excluding reads entirely. The problem is users bring in USB sticks (and, to a lesser extent, CD-Rs), and they are at high risk of being infected. Hence we need to ensure these get scanned on both reads and writes.
I tried changing various things; we use Novell Client as well. Enabling and disabling this didn't make any difference. We still use VirusScan Enterprise 7.1 extensively (I know I know, it stopped being supported a while ago, but it's working, is using the latest engine and DATs perfectly fine) but that has nowhere near the delay; hence I think I can eliminate both the 5300 scan engine and DATs as possible causes.
If you disable reads, then it would be impossible to infect a system, since it involves a write on the system.
Scanning on reads has been disabled at our school for higher education for years (5500 systems, 26000 students and 3000 employees), we never had an infection from this setting.
It just kill's performance.
But, what if the infection is already on a removable device (CD, DVD, USB drive)? Since the computer may not be the one doing the writing, it will not catch the infected file if you only read from the device.
Not sure if you are still having this problem but we were experiencing the same, 2 - 3 minutes to boot the PC up (hanging on applying computer settings). Disabling OAS worked fine (booted straight away).
After a bit of hunting around i came across KB60534 from McAfee. It basically says to change the 'Network Location Awareness' from manual to automatic. McAfee uses this service when windows boots up but has to wait for it to start hence the wait. Changing it to automatic starts the service immediately.
Although it says it is for v8.7 it works a treat for v8.5.
Also, just works for XP machines.
Hope this helps,
I'm very curious and interested about this cookie thing.
Could you explain which setting lets VSE put coockies in quaratine and under which conditions ?
Under onaccess scanning general properties for VS 8.5 there is a place to enable cookie scanning.
I turned that off and let on demand scans clean up cookies.
For VS 8.7 they did not quarantine cookies.
Virus scan 8.5 patch 8 was supposed to fix this and the readme say it does
1. VirusScan Enterprise with the AntiSpyware Module
can now be set so that it no longer places cookie
detections in the quarantine folder. They instead
are deleted permanently as part of the clean
By setting the DWORD "DisableCookieBackups"
registry entry to 1, cookie detection quarantines
no longer occur.
But how or can you do this in Epolicy is the question.
:eek: I don't have (see) that setting! :confused:
I just checked on a laptop I'm using with VSE 8.5i v:18.104.22.1681 ...
How can that be ? I never saw anything related to OAS scanning cookies...