Hi all,
Need some clarification on what the best practive with using a terminal server with on-access scanning read with scanning of remote files.
The remote on-access scanning feature was enabled on servers yesterday to allow a data control policy to work with detecting data uploads to the web.
Currently this data control policy is rolled out to laptops and desktops with on-access read scanning of remote files. No issues with performance on these machines have been detected. However, when this configuration was enabled on a terminal server it caused performance issues as reported by users. I was monitoring the terminal server performance (CPU, disk, network and memory); at no point was the performance of this machine taking a hammering in my eyes (8GB RAM, Xeon E5504, Server 2008) with a gigbit connection to the file server.
The server became so unresponsive it has to be manually rebooted as remote sessions became unusable.
Is there likely to be a siginicant impact to performance with this feature enabled? What security risks would there be with remote on-access disabled on a terminal server? From what I can understand if a virus was emailed in, got passed the exchange filters, was saved to the file server by a user using Outlook on an exchange server it would be detected until the file server performed a scheduled full disk scan as on-access write scanning is not used.
Thanks
This thread was automatically locked due to age.
