I have only been able to find at most, sporadic forum conversations regarding how the On-Access part of VirusScan Enterprise interacts with msbuild in a development environment. We have a server with Team Foundation Server configured as a build server that is having serious issues working properly whenever On-Access is enabled. If On-Access is enabled, the server will try building the solution for 45 minutes and then ultimately fail. If we disable On-Access, the server builds and succeeds in 4 minutes. Additionally, we have a static code-analysis application that (which uses Visual Studio/msbuild), for a specific analysis, takes ~3 hours to run without On-Access enabled. With On-Access enabled, the reports that it generates vary greatly in regards to quantities of findings. Unfortunately, in our development environment, we are not permitted to just disable On-Access all together. We've attempted to add exceptions to the working directories, but On-Access still scans all read/writes in those directories regardless of exception settings.
Is there any way to prevent On-Access from interfering with build activities? Currently, it is blocking all efforts to run automated builds and static code analysis. This server is a dedicated build server and because of On-Access, it can't build without manual intervention.
Yes, there is a way to Optimize On-Access to minimize interference with build activities, without totally sacrificing security (which happens if disabling the On-Access scanner).
You will need to analyze the bottlenecks in performance, then adjust the OAS process exclusions accordingly. This will be specific to your environment and is not generic.
A tool that may help in identifying the processes that are involved in your environment is available.
McAfee Profiler captures top processes and files that are accessed by the VirusScan Enterprise (VSE) On-Access Scanner (OAS). Based on the data collected, an administrator can choose files or processes to exclude from scanning to lessen the impact on the system.
Additional information can be found here:
- KB69683 - FAQs for McAfee Profiler
I try not to exclude anything at all, without good reason, and only after all other means have been employed. High/Low-Risk process exclusions, make exclusions limited to the place where the builds are controlled, allowing for low interference during the build process, but secure otherwise. It will take some time and work to get the best configuration in your environment, but it is well worth the effort.
I hope you find this helpful.