We are considering increasing of current GTI sensitivity levels for our On-Access and On-Demand tasks and are curious what you have experienced in your travels. What do find as a comfortable level?
It really depends on your environment. I'd suggest starting at the default level and adjusting from there. In our environment, I learned I could run ours at "High" without issue. I believe McAfee does not recommend "Very High" except in extremely high security environements; we've never tried it.
I'm running low for OnAccess and High for OnDemand. You'll have to check and see how it impacts performance in your environment. Are you using the profiler in order to optimize resource usage through exceptions?
We tested very low, low and right now medium. without any issues
Both here set to Medium without any issues. Mostly it finds the random tools our helpdesk use that fall very much into a grey or 'what the hell do you have that for' bucket.
I had a email alert for every artemis detection when I moved from low/off to medium/medium and didnt have any false positives in 6 months of testing so disabled the alert, might be a good thing to test as you ramp up?
I also believe Medium is the recommended level that McAfee advise.
I have been running almost all our systems at high. It is starting to account for a good percentage of our detections. No false positives have been claimed by anyone or reported to me. I think this is especially import for our "road warriors" who may not be getting updated as often as I would like. Gives us a cushion for those that fail to get the DAT updates.