Wednesday, February 25, 2009

[THIN] Re: mcafee host intrusion prevention and terminal server

Hi,

 

Try excluding the following for better performance:

 

  1. Scan local drives only. DO NOT scan network drives.
  2. Only scan “Incoming” files (ie. write events).
  3. Exclude the pagefile(s) from being scanned.
  4. The “%ProgramFiles%\Citrix” folder contains many configuration and log files that are always changing, especially the Local Host Cache (imalhc.mdb) and Resource Manager Local Database (RMLocalDatabase.mdb). You could exclude the whole folder. More specifically, the main ones are:
    - “%ProgramFiles%\Citrix\Citrix Resource Manager\LocalDB”
    - “%ProgramFiles%\Citrix\Citrix Resource Manager\SummaryFiles”
    - “%ProgramFiles%\Citrix\Independent Management Architecture”
    - “%ProgramFiles%\Citrix\logs”
  5. Exclude the Print Spooler (%SystemRoot%\System32\spool\PRINTERS) folder. Note that in our deployments we typically place these folders on the non-System Drive. 
  6. If you do not exclude the Profiles, then exclude the user‘s Presentation Server Client bitmap cache (”%UserProfile%\Application Data\ICAClient\Cache” or “%AppData%\ICAClient\Cache”) used for ICA pass-through connections by the locally installed PNClassic and PNAgent.

Think I got it from this from the thinlist community in the past J…so thanks everyone!!!

 


From: thin-bounce@freelists.org [mailto:thin-bounce@freelists.org] On Behalf Of Steve Snyder
Sent: Thursday, 26 February 2009 10:44 AM
To: thin@freelists.org
Subject: [THIN] mcafee host intrusion prevention and terminal server

 

anyone using it? like it? hate it? caveats? known issues?

basically it got pushed to my farm last night while users were logged on and working and today I'm having some performance issues affecting some users.

Thought I'd see if there's any good/bad history before I go ask the culprits "why'd you break my farm?!?"

No comments: