Virus Scanning Busy Web Server

Hello,

We have McAfee Enterprise v8.7i installed on a Win2k3 STD 32bit Web Server.

I've been playing around with the On-Access Scanner settings to try to get
the virus scanner to scan files only when being written to, but no matter
what settings I adjust, it seems the web server just has too much going on
for McAfee not to run at 100% CPU to monitor all the changing files.

My question is, what are the essential/best Anti-Virus settings for busy web
servers?

Should I just monitor the C: system drive, or the D: data drive?
Should I worry more about changing files on the C:\WINDOWS folder vs the
D:\Inetpub folder?
Should I exclude Temp folders? (or is this a prime spot for viruses to
create themselves?)

Thanks for any input in advance,
--
Brock Hensley
http://BHensley.com
==

Brock,
McAfee should not be running at 100% even if the server is heavily used, so
maybe the problem is not the settings.
You'd expect the server to have very few writes, so it should be possible to
set the on-access scanner to scan on writes and not reads; but I don't think
that should be necessary,
Anthony
http://www.airdesk.com



"Brock Hensley" <> wrote in message
news:ED4AD753-EC43-4CCD-B1EA-...
> Hello,
>
> We have McAfee Enterprise v8.7i installed on a Win2k3 STD 32bit Web
> Server.
>
> I've been playing around with the On-Access Scanner settings to try to get
> the virus scanner to scan files only when being written to, but no matter
> what settings I adjust, it seems the web server just has too much going on
> for McAfee not to run at 100% CPU to monitor all the changing files.
>
> My question is, what are the essential/best Anti-Virus settings for busy
> web servers?
>
> Should I just monitor the C: system drive, or the D: data drive?
> Should I worry more about changing files on the C:\WINDOWS folder vs the
> D:\Inetpub folder?
> Should I exclude Temp folders? (or is this a prime spot for viruses to
> create themselves?)
>
> Thanks for any input in advance,
> --
> Brock Hensley
> http://BHensley.com
> ==

Hello,

I have configured the on-access scanner with minimal options; checking only
files on Write as well.

Yes, the actual McAfee process doesn't pass 25% CPU, however, when OAS is
enabled, several application pools start using the rest of the CPU, causing
100% pegged CPU. These site's are probably just writing more, but I'm not
sure why the application pool is affected rather than McAfee.

--
Brock Hensley
http://BHensley.com
==
"Anthony [MVP]" <> wrote in message
news:7AEC6735-7A71-43D4-ADE6-...
> Brock,
> McAfee should not be running at 100% even if the server is heavily used,
> so maybe the problem is not the settings.
> You'd expect the server to have very few writes, so it should be possible
> to set the on-access scanner to scan on writes and not reads; but I don't
> think that should be necessary,
> Anthony
> http://www.airdesk.com
>
>
>
> "Brock Hensley" <> wrote in message
> news:ED4AD753-EC43-4CCD-B1EA-...
>> Hello,
>>
>> We have McAfee Enterprise v8.7i installed on a Win2k3 STD 32bit Web
>> Server.
>>
>> I've been playing around with the On-Access Scanner settings to try to
>> get the virus scanner to scan files only when being written to, but no
>> matter what settings I adjust, it seems the web server just has too much
>> going on for McAfee not to run at 100% CPU to monitor all the changing
>> files.
>>
>> My question is, what are the essential/best Anti-Virus settings for busy
>> web servers?
>>
>> Should I just monitor the C: system drive, or the D: data drive?
>> Should I worry more about changing files on the C:\WINDOWS folder vs the
>> D:\Inetpub folder?
>> Should I exclude Temp folders? (or is this a prime spot for viruses to
>> create themselves?)
>>
>> Thanks for any input in advance,
>> --
>> Brock Hensley
>> http://BHensley.com
>> ==
>

Brock,
I think this is a fault, rather than your AV settings.
If you don't mind experimenting, try taking McAfee off; you can either leave
it off for a while, or install a different AV.
If its an AV fault then I think you will need to take it up with McAfee (try
different patch levels etc)
Anthony
http://www.airdesk.com


"Brock Hensley" <> wrote in message
news:1C5A2CCF-22D5-4342-97A0-...
> Hello,
>
> I have configured the on-access scanner with minimal options; checking
> only files on Write as well.
>
> Yes, the actual McAfee process doesn't pass 25% CPU, however, when OAS is
> enabled, several application pools start using the rest of the CPU,
> causing 100% pegged CPU. These site's are probably just writing more, but
> I'm not sure why the application pool is affected rather than McAfee.
>
> --
> Brock Hensley
> http://BHensley.com
> ==
> "Anthony [MVP]" <> wrote in message
> news:7AEC6735-7A71-43D4-ADE6-...
>> Brock,
>> McAfee should not be running at 100% even if the server is heavily used,
>> so maybe the problem is not the settings.
>> You'd expect the server to have very few writes, so it should be possible
>> to set the on-access scanner to scan on writes and not reads; but I don't
>> think that should be necessary,
>> Anthony
>> http://www.airdesk.com
>>
>>
>>
>> "Brock Hensley" <> wrote in message
>> news:ED4AD753-EC43-4CCD-B1EA-...
>>> Hello,
>>>
>>> We have McAfee Enterprise v8.7i installed on a Win2k3 STD 32bit Web
>>> Server.
>>>
>>> I've been playing around with the On-Access Scanner settings to try to
>>> get the virus scanner to scan files only when being written to, but no
>>> matter what settings I adjust, it seems the web server just has too much
>>> going on for McAfee not to run at 100% CPU to monitor all the changing
>>> files.
>>>
>>> My question is, what are the essential/best Anti-Virus settings for busy
>>> web servers?
>>>
>>> Should I just monitor the C: system drive, or the D: data drive?
>>> Should I worry more about changing files on the C:\WINDOWS folder vs the
>>> D:\Inetpub folder?
>>> Should I exclude Temp folders? (or is this a prime spot for viruses to
>>> create themselves?)
>>>
>>> Thanks for any input in advance,
>>> --
>>> Brock Hensley
>>> http://BHensley.com
>>> ==
>>
>