McAfee SAV85E - Active VirusScan - PC Guide de l'utilisateur

McAfee VirusScan Enterprise 8.8Best Practices Guide

4. Confirming VirusScan, DAT file, and engineversionsThe importance of an update strategy cannot be overstated. Without the latest VirusScanEnterprise

To schedule automatic DAT and engine updates, refer to 8. Configuring DAT files and Engineupdates.5. Enabling "Artemis"Artemis, the heuristi

6. Configuring daily memory scansOn-demand scanning of processes and memory is the early warning system for your VirusScanEnterprise protected compute

• Memory for rootkits• Running processesThe following ePolicy Orchestrator 4.5 display shows the memory rootkits and running processesscan configured:

• Cookies• RegistryClick the following Scan Options:• Include subfolders• Scan boot sectorsThe following ePolicy Orchestrator 4.5 display shows these

• Set the specific information depending on how often you configured the on-demand scanto run.The following ePolicy Orchestrator 4.5 display shows the

8. Configuring DAT files and Engine updatesAll of the previous sections describing on-demand and on-access scanning require the VirusScanEnterprise DA

You must click Schedule and configure how often and when you want to update these packages.Refer to theMcAfee VirusScan Enterprise 8.8 software Produc

Configuring Performance ImprovementsSome of the default settings for VirusScan Enterprise might not be the best settings for optimalperformance. These

Changing a system registry to improve performanceBy default the McAfee Agent registry setting is configured to run at normal priority. Changingthe McA

COPYRIGHTCopyright © 2010 McAfee, Inc. All Rights Reserved.No part of this publication may be reproduced, transmitted, transcribed, stored in a retrie

8 Restart the McAfee Framework Service using the following steps:• Click Start | Run, type services.msc.• From the General tab, scroll up or down and

Table 1: Low-risk processesEffectProcessApplicationImproves overall performanceFrameworkService.exeMcAfee AgentImproves DAT update performanceMcScanCh

Configuring file exclusions on Windows DomainControllerTo improve VirusScan Enterprise on-access scan performance, configure exclusions for somefiles

Active Directory and Active Directory-Related FilesCreate exclusions for the following files and folders:Main NTDS Database Files• Default path — %win

FRS Database Log files• Default path — %windir%\ntfrs\• Path and file name(s):• %FRS Working Dir%\jet\log\*.logNOTE: If registry key is not set.• %DB

• sysvol ExcludeNOTE: If any one of these folders or files have been moved or placed in a different location,scan or exclude the equivalent element.•

Configure an exclusionPerform the following steps to configure an exclusion for your administrator tool:NOTE: The following process uses the open sour

each of these files is opened Windows Explorer decompresses these files looking for icons toadd to the icon cache. As each file is opened the on-acces

The following figure shows the corresponding Windows Set Priority setting for the on-demandscan set priority configured as Normal in Task Manager.Conf

Setting the system utilization for the scan to low provides improved performance for otherrunning applications. The low setting is useful for systems

ContentsPreface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Configuring on-demand scan file scan threads forbest performanceIf you are running on-demand scans on a system with dual core processors, or very fast

2 Start the windows Registry Editor and navigate to the following local machine key:HKLM\Software\McAfee\DesktopProtection\Tasks3 Depending on whether

Additional changeIf you still experience unresponsiveness, McAfee recommends you change the way the DATSare being consumed by the engine. Before you m

Configuring the scan cacheTo configure the scan cache settings using the ePolicy Orchestrator, access the VirusScanEnterprise 8.8.0, General Options P

Other Common Configuration ChangesYou can make changes to the VirusScan Enterprise 8.8 default configuration to add or improveother performance charac

Configuring exclusions on Exchange servers withGroupShieldMicrosoft Exchange Server 2010 system running McAfee GroupShield should have VirusScanEnterp

Add all of the exclusions lists in the following tables:• Exchange Application-related extension exclusions• Exchange Database-related extension exclu

Exchange Application-related extension exclusionsApplicable to...ExclusionExchange Server 2010**\Microsoft\Exchange Server\**\*.configExchange Server

Applicable to...ExclusionExchange Server 2010**\Microsoft\Exchange Server\**\*.002Exchange Unified Messaging-related extension exclusionsApplicable to

Configuring on-access scanning of trusted installersThe Microsoft Windows Trusted Installer, or TrustedInstaller service, protects certain systemfiles

PrefaceContentsAudienceConventionsHow this guide is organizedFinding product documentationAudienceMcAfee documentation is carefully researched and wri

These two events are displayed in the VSE: Threats Detected that appear on your ePolicyOrchestrator dashboard.NOTE: By filtering these events there is

Index1051 and 1059 events, filtering 39AActive Directory exclusions 22archive files exclusions 26Artemis, minimum settings 11audience for this guide 4

TTrusted Installerconfigure on-access scanning 39UUnable to scan password protected, 1051 event 39Vvirtual machine protection settings, table 7VirusSc

How this guide is organizedThis document is meant as a reference to use along with the VirusScan Console and ePolicyOrchestrator user interfaces.• Get

Getting StartedTo properly use VirusScan Enterprise 8.8 you must understand what it does and what is newin this release.What it is and doesVirusScan E

Configuring Essential SecurityThe VirusScan Enterprise settings described in this chapter have protected hundreds of customersfrom malware attacks. Mc

• Prevent termination of McAfee processesThe following ePolicy Orchestrator 4.5 display shows VirusScan Enterprise self protectionconfigured.2. Config

3. Setting buffer overflow minimum protectionBuffer overflow attacks compose greater than 25% of malware attacks. Without buffer overflowprotection en