cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
441
Views
0
Helpful
4
Replies

McAfee Virusscan Enterprise 8.0i and CSA issues

tsteger1
Level 8
Level 8

We are testing McAfee Virusscan Enterprise 8.0i and have run into performance issues when it is installed with CSA. Is anyone else using both products? If we uninstall one or the other performance is fine. This isn't across the board but I wanted to find out what other are experiencing.

I also wanted to find out how the network drivers interact with each other; priority, process, etc.. I know that it does not install buffer overflow protection with CSA installed.

Thanks

4 Replies 4

umedryk
Level 5
Level 5

Please find the documents on the same here : go to www.cisco.com/univercd, select the Network Security drop down menu, select IDS from there and click on troubleshooting.

I'm not sure what you are referring to here, would you please clarify? I know this is a link to the documentation but I could find nothing there about McAfee or troubleshooting.

Thanks

5mlattimore
Level 1
Level 1

Im testing them as well and am using a limited CSA ruleset. How many rules do you have enabled? Are you running in TESTMODE?

I have not seen any performance issues yet. Are you running on XP desktops?

My understanding is that the CSA Trojan Detection rule installed by default has buffer overflow protection

We are seeing a lot of alerts related to buffer overflows from sloppy application code, NOT trojans, but regular desktop apps like IE, Notes, Word etc

We have 850 hosts using a customized rule set in protect mode. We have what amounts to a distributed firewall with network protection rule set (Network shield, Trojan and Worm).

We have XP and 2000 desktops. One thing I noticed is if you install McAfee first, you get the buffer overflow protection installed. If CSA is first, it is not even an install option. McAfee states the two are not compatable in their documentation.

We noticed a couple fo machines with performance issues but I attribute that more to configuration Darwinism than conflicts.

I am still curious as to how the two network drivers coexist, which one gets to go first, etc...