McAfee potentials impacts

Support for security such as Firewalls and securing linux
Post Reply
amedix
Posts: 27
Joined: 2015/10/30 05:58:13

McAfee potentials impacts

Post by amedix » 2017/07/25 09:37:24

Hi,

I've been asked by my manager to give a list of a potential impacts in system level when installing McAfee on a CentOS/RedHat machine ? In an other word what to check in a system after installing Macfee ?

It's first time I will install an antivirus on a linux server :-)


Thanks in advance.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: McAfee potentials impacts

Post by TrevorH » 2017/07/25 11:51:34

Mcafee has a linux version?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

amedix
Posts: 27
Joined: 2015/10/30 05:58:13

Re: McAfee potentials impacts

Post by amedix » 2017/07/25 12:45:41

I was also surprised when I heard in my new job that the IT direction got Mcafee agent to install in their RedHat machines.

MartinR
Posts: 714
Joined: 2015/05/11 07:53:27
Location: UK

Re: McAfee potentials impacts

Post by MartinR » 2017/07/25 12:55:46

https://www.mcafee.com/uk/products/viru ... linux.aspx - seems so. In the past these have just looked for MS viruses hiding in Linux servers, what the current offering does I have no idea.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: McAfee potentials impacts

Post by TrevorH » 2017/07/25 15:20:04

So, as far as "impacts" go, if it doesn't have a kernel module then I wouldn't expect much of an impact. If it does... well I'm not sure I'd run it.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

amedix
Posts: 27
Joined: 2015/10/30 05:58:13

Re: McAfee potentials impacts

Post by amedix » 2017/08/02 10:50:54

Hi,

I'm about to install McAfee on a RHEL7 box and to measure the performances on the system level (CPU, RAM, Disk).

I want to compare performances between the pre-install and post-install mode.

What is the most significant column of the command iostat (or any other command) output I have to take into consideration ? I would be grateful if you give an example.


Thanks in advance.

macattack2241
Posts: 6
Joined: 2017/08/18 15:56:54

Re: McAfee potentials impacts

Post by macattack2241 » 2017/08/18 17:02:55

Hi, I've worked with McAfee Virus Scammer for Enterprise Linux (VSEL) extensively and found it to be quite a resource hog when it comes to how scans are handled. On-Access scanning can seriously affect RHEL 7's performance to the point of maxing out the CPU load due to it constantly scanning any files that are opened, compressed, etc. It was an ongoing battle with the security team to have them set to On-Demand scanning and when they would push back I would just alter the config for VSEL's scanning and make it immutable.

Standard location of On Access Scanning type for VSEL:

/var/opt/NAI/LinuxShield/etc/nailsd.cfg

nailsd.cfg:146:nailsd.profile.OAS.allFiles: true

*set OAS to false and then set immutable flag on the config*

I do not recommend using any virus scanner on Linux as its not necessary if you are using good security practices DACs + MACs (SELinux is my favorite). In the years that I used VSEL on my systems due to security policies, it never once found a virus and I found myself constantly having to update the definitions (/opt/NAI/LinuxShield/bin/nails task –run 1) since they're almost always out of sync with the HBSS master.

Post Reply