1 Reply Latest reply on Aug 11, 2009 2:28 AM by phoffmann

    Templates or BKM's for A/V Deployment

    Binskin Apprentice

      Currently im looking to rollout around 400 A/V clients to a number of workstation / servers with different roles, i was curious if any documentation (or simply customer experiences) existed around how to get the best performance (or least impact) on client workstations and servers ie:

       

      Server Type - Domain Controller

      Real Time Protection - Scan all File Types

                                       Exclude - X:\abc

                                                   - *.xyz

      Virus Scan - Exclude ...

       

      Server Type - Citrix Server

      ...

      ...

      ...

       

      Server Type - File Server

       

      Workstation with < 1 gb RAM

      Real time disabled

      Scheduled scans daily at 2pm ?

       

      Etc

       

      Looking forward to any feedback - Ben

        • 1. Re: Templates or BKM's for A/V Deployment
          phoffmann SupportEmployee

          Well - there's no "single BKM" here, as it's all down to personal flavour, and at the end of the day only "you" (as in "your organisation") can decide where the cut-off point between security and accessbility is. Any security feature is a compromise between availability and accessibility (which includes performance) - if you had "the best AV software ever" it would do you no good if it were constantly consuming 99% CPU power, for instance.

           

          So a lot of this stuff is a case of "it depends" - which is really down to the details of your organisation.

           

          A few things I can certainly suggest:

           

          1 -Make sure you read this thread -- http://community.landesk.com/support/thread/3509?tstart=0 - it's an "important to know" type thing, in regards to the instances of the scanningprocesses you should see (and how to reduce them, if a system should be strapped for resources).

           

          2 - Make sure that you've got a fair bit of space on C:\ -- the real-time scanner works (among other things) by creating essentially a "hash database" of files it has scanned, and then checking the hash of a file that's being executed against that database to see if it has changed (which will prevent a full scan of the file if it hasn't changed).

           

          Normally, you "only" need 50-80 MB for such a database, but if your server is handling a lot of files that are going through it, then this DB can grow quite a bit potentially.

           

          Some folks only have 1-2 GB of free space on C:\, so I'm just raising that as a "potential issue" to be aware of, if disk space is in short supply.

           

          3 - Try to keep track of when you schedule what. Scheduling a VULSCAN to run at the same time as a full AV-scan (or vice versa) is not very advisable, since they're both rather I/O intensive on the hard drive .


          That's about all I can come up with at this (early) hour.

           

          Paul Hoffmann

          LANDesk EMEA Technical Lead