5 Replies Latest reply on Oct 26, 2016 2:34 AM by fabiansz

    ENS 10.2 on Server working/experience? (Terminal Server, DC, DB-Server [SQL/Oracle])?

    bretzeli

      Hello,

       

      Any feedback welcome on Endpoint 10.2 running on Servers. If possible from resellers who have several different sized customers. Any rollout done on DC (2008R2/2012R2), File-Server, Print Servers, DB-Servers?

       

      We have migrated most of our customer from Small Business to Enterprises from VSE 8.8 to ENS 10.2 workplace side. We did beginn migration of some smaller customers Server side.

      Here are the products we used on first customer server side.

       

      * Terminal Server 2008R2 with Citrix > ENS 10.2 was running fine (Bad side was a DB Server)

      * Small Business 2011 (SBS) > Hate this product but > ENS 10.2 was running fine

       

      Problems we have seen on Servers:

       

      Re: ENS 10.2 slow access to network executables  (Slow access to Executables when they reside on a Server share with mounted drive letter 1-30 seconds delay)

       

      DB-Server had delay in certain database based apps during starting time and using certain functions.

       

      Database Server > Had problems exceptions as per KB foer VSE8.8 and Oracle/SQL/SYBASE done but had to UNINSTALL and downgrade to VSE 8.8 again. Server was blocking/satlling for some seconds every 10-15 minutes. All exlcusion Directory, Files-Extension done as per 8.8 (Migrated policy) but did not get it running clean. The customer we had problems is a Small Business with all on one DB-Server (MS SQL 2008R2, Sybase, Oracle 11G etc.)

       

      I had no problems with the SQL Express running on the EPO Server itself and ENS 10.2.

       

      We realy did not spend too much time because this is only a Small Business customer. For sure we can't run into such problems with our larger custimers server side.

       

      INTEl/MCAFEE: Any updated Exceptions for ENS10.2 as KB or PDF? All we find is for VSE 8.8.

       

      Thank you for any feedback in the direction.

       

      Regards

      Mike

        • 1. Re: ENS 10.2 on Server working/experience? (Terminal Server, DC, DB-Server [SQL/Oracle])?
          davei

          I am very interested in feedback from McAfee on this too.

           

          We run a 2012 R2 Xenapp 7.6 environment.  ENS great for fat client endpoints.  Currently use MOVE 3.6 Agentless, with VSE 8.8 on the handful of physical Windows servers we have.

           

          MOVE great but without guest integration it has it's issues, and can only offer a small subset of what ENS offers - eg. anti-Ransomware tech etc.  This is very important to us as we get bombarded with Ransomware via email and it is only a matter of time...

           

          So I'm interested in the concept of running ENS 10.2 in our Xenapp environment.  Performance, exclusions, pros/cons, do's/don'ts etc.

          • 2. Re: ENS 10.2 on Server working/experience? (Terminal Server, DC, DB-Server [SQL/Oracle])?
            fabhoo

            Hello everyone,

             

            we upgraded from VSE 8.8 to ENS 10.2 a few weeks ago and we have a lot of performance issues since then.

             

            davei, we are running exactly the same Citrix environment and although i followed the Citrix recommendations for exclusions and added a lot of Citrix processes to the low-risk Profile, performance remains very poor.
            Session logon with ENS off: 40 Seconds (this is too Long as well!)
            Session logon with ENS on: 80 Seconds

             

            We spend a lot of time trying to improve Performance, not very successful until now...

            • 3. Re: ENS 10.2 on Server working/experience? (Terminal Server, DC, DB-Server [SQL/Oracle])?
              sivakumarc

              Hello Fabhoo,

               

              Did you placed the exclusions under On- Access Scan  and On Demand scan.?

              On demand scan in this ENS 10.2 version is designed as Zero impact scanning. like all other developers Mcafee also uses the WMI.  zero impact scanning will work with WMI (windows management instrumentation) .It is based on keyboard strokes, mouse movement and full screen mode. So when system is idle, WMI will send a message to Mcafee to scan and mcafee scanner will start within 3 minutes. I would appreciate if you can share info on exclusions that you have configured now. is it under OAS or ODS? if it is placed under both policies and still you experience the performance issue, lets deep dive.

              • 4. Re: ENS 10.2 on Server working/experience? (Terminal Server, DC, DB-Server [SQL/Oracle])?
                bretzeli

                We have seen a SNS Alert that Mcafee ENS 10.5 BETA is out.

                 

                Threat Intelligence enhancements

                • Dynamic Application Containment — Adds the
                       ability to contain a specific instance of an application.
                • New McAfee-defined queries — Includes additional
                       predefined queries for Real Protect.
                • Real Protect — Inspects suspicious files and activities
                       on an endpoint to detect malicious patterns using machine-learning
                       techniques.



                Firewall enhancements

                • Ability to determine if a domain is
                       reachable using HTTPS protocol.



                Threat Prevention enhancements

                • Ability to configure a Windows registry
                       scan location for on-demand scans.
                • Ability to create custom Access Protection rules to
                       protect Windows services.
                • Management of Exploit Prevention signatures and
                       Application Protection rules.



                Web Control enhancements

                • Support for 64-bit Firefox.



                Endpoint Migration Assistant enhancements

                • Automatic migration of settings for entire
                       System Tree or one group.
                • Simultaneous migration of workstation and server
                       settings in Threat Prevention policies.
                • Migration of Firewall Trusted Applications to Access
                       Protection.

                Migration of additional Firewall signatures to
                support all Exploit Prevention features.

                • 5. Re: ENS 10.2 on Server working/experience? (Terminal Server, DC, DB-Server [SQL/Oracle])?
                  fabiansz

                  Hoi bretzeli :-)

                   

                  I am trying to get official statements from Intel/McAfee for month now. One statement from support was: "there aren't any....." [suggested exclusions for ENS and Microsoft]. They recommended reading the VSE8 Best Practice Guide...."it is still valid for ENS".

                  A representative told me on the phone, that on clients ENS does not need any exclusions, it works fine without them (that's my experience, too). But on servers he would recommend to follow the suggestions from Microsoft concerning ADS, SQL, Exchange etc. And there is already a predefined Exchange Policy from McAfee!

                   

                  On the other hand, there is documentation around explaining how the AMCore Trust Model works. According to that, exclusions & process definitions do not make sense anymore.

                   

                  So, what now? I don't know.

                  We are slowly migrating some (test) servers to ENS 10.2 without any exclusions....No issues so far...