2 Replies Latest reply on Oct 20, 2015 2:07 PM by rmetzger

    msbuild and On-Access?

    kj_dietrich

      Not sure if this is the appropriate venue for this question.  If not, please advise.

       

      Background:

       

      I have only been able to find at most, sporadic forum conversations regarding how the On-Access part of VirusScan Enterprise interacts with msbuild in a development environment.  We have a server with Team Foundation Server configured as a build server that is having serious issues working properly whenever On-Access is enabled.  If On-Access is enabled, the server will try building the solution for 45 minutes and then ultimately fail.  If we disable On-Access, the server builds and succeeds in 4 minutes.  Additionally, we have a static code-analysis application that (which uses Visual Studio/msbuild), for a specific analysis, takes ~3 hours to run without On-Access enabled.  With On-Access enabled, the reports that it generates vary greatly in regards to quantities of findings.  Unfortunately, in our development environment, we are not permitted to just disable On-Access all together.  We've attempted to add exceptions to the working directories, but On-Access still scans all read/writes in those directories regardless of exception settings. 

       

      Is there any way to prevent On-Access from interfering with build activities?  Currently, it is blocking all efforts to run automated builds and static code analysis.  This server is a dedicated build server and because of On-Access, it can't build without manual intervention. 


      Thank you.

        • 1. Re: msbuild and On-Access?
          Hayton

          This question relates to VSE but was posted in the Consumer section.  Moved to Business > Endpoint Security > VirusScan Enterprise for attention.

          • 2. Re: msbuild and On-Access?
            rmetzger

            Hi kj_dietrich,

            kj_dietrich wrote:

             

            I have only been able to find at most, sporadic forum conversations regarding how the On-Access part of VirusScan Enterprise interacts with msbuild in a development environment.  We have a server with Team Foundation Server configured as a build server that is having serious issues working properly whenever On-Access is enabled.  If On-Access is enabled, the server will try building the solution for 45 minutes and then ultimately fail.  If we disable On-Access, the server builds and succeeds in 4 minutes.  Additionally, we have a static code-analysis application that (which uses Visual Studio/msbuild), for a specific analysis, takes ~3 hours to run without On-Access enabled.  With On-Access enabled, the reports that it generates vary greatly in regards to quantities of findings.  Unfortunately, in our development environment, we are not permitted to just disable On-Access all together.  We've attempted to add exceptions to the working directories, but On-Access still scans all read/writes in those directories regardless of exception settings.

             

            Is there any way to prevent On-Access from interfering with build activities?  Currently, it is blocking all efforts to run automated builds and static code analysis.  This server is a dedicated build server and because of On-Access, it can't build without manual intervention.

            Yes, there is a way to Optimize On-Access to minimize interference with build activities, without totally sacrificing security (which happens if disabling the On-Access scanner).

             

            KB55139 — Understanding High-Risk, Low-Risk, and Default processes configuration and usage

            On Access Scanner - Improve Performance & Maintain Security


            You will need to analyze the bottlenecks in performance, then adjust the OAS process exclusions accordingly. This will be specific to your environment and is not generic.

            <edit>

            A tool that may help in identifying the processes that are involved in your environment is available.

            see URL=http://mer.mcafee.com/enduser/downloadmcprofiler.aspx


            McAfee Profiler

            McAfee Profiler captures top processes and files that are accessed by the VirusScan Enterprise (VSE) On-Access Scanner (OAS). Based on the data collected, an administrator can choose files or processes to exclude from scanning to lessen the impact on the system.

            Additional information can be found here:

            • KB69683 - FAQs for McAfee Profiler

            </edit>

             

            I try not to exclude anything at all, without good reason, and only after all other means have been employed. High/Low-Risk process exclusions, make exclusions limited to the place where the builds are controlled, allowing for low interference during the build process, but secure otherwise. It will take some time and work to get the best configuration in your environment, but it is well worth the effort.


            I hope you find this helpful.

            Ron Metzger