5

Our corporate standard is McAfee Enterprise, unfortunately this is non-negotiable.

On two types of servers I'm responsible for, SQL & Web, we have noticed major performance issues with the corporate standard setup.

  • Max scan time 45sec
  • One policy for all processes
  • Scan ALL files on write, read and open for backup
  • Heuristics: Find unknown programs, trojans and macros
  • Detect unwanted programs
  • Exclude: EVT, LDF, LOG, MDF, VMD, , windows file protection)

This of course still causes major slowdowns. IIS .NET recompiles are slow especially with SharePoint, SQL backups and restores, SQL Analysis Services, Integration Services and temp data from them as well.

I have looked from time to time, for some best practices on setting up McAfee of SQL & SQL Analysis Service, SQL Integration Service, Visual Studio, Sharepoint, and .NET web servers in general.

How do people setup McAfee enterprise on their corporate serves keeping security intact, but affecting performance as minimally as possible?

Has anyone run across white papers on these setups? Obviously some are case by case, but there must be some best practices out there somewhere.

Wayne Arthurton
  • 245
  • 2
  • 11

3 Answers3

3

I only maintain McAfee on the desktops, but I have found this KB for McAfee exclusions and suggestions on servers:

https://kc.mcafee.com/corporate/index?page=content&id=KB66909

And there is the Microsoft page:

http://support.microsoft.com/kb/822158

The user maintained McAfee sticky forum post that includes McAfee specific wilcards etc.:

http://community.mcafee.com/message/20623#20623

I am adding them to the ePo in case the networks guys get around to asking for them.

Seanchán Torpéist
  • 1,808
  • 2
  • 14
  • 10
0

I would consider scanning only on writes, not reads. I'd also suggest doing a weekly scan instead of daily if you're doing that. If I'm not mistaken Mcafee has some whitepapers on their portal about how to configure the scanning client for servers with specific apps (exchange, AD, etc).

Tatas
  • 2,091
  • 1
  • 13
  • 19
  • I appreciate the decision to do writes and not reads, but I need something documented. I have spent some time on the McAfee portal, but have been unable to come up with these document that so obviously should exist. Do you happen to have a link to one? – Wayne Arthurton Apr 29 '10 at 18:20
  • https://kc.mcafee.com/corporate/index?page=content&id=KB57308 That's just an example page. Search their knowledge base for more. – Tatas May 03 '10 at 19:42
  • Excellent. Thanks. Using similar strings I can get great stuff. Much appreciated. – Wayne Arthurton May 10 '10 at 20:53
0

Also, exclude SQL Backup files based on the extensions you are using. This will reduce the latency on capturing your backups to disk so you can ship 'em off. Exclude .NDF, which is customary to use for additional data files for SQL Server.

K. Brian Kelley
  • 9,004
  • 31
  • 33