Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 1 subscriber
  • Views 2496 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Best practices for Endpoint to run on developer workstations and 3D artists workstations.

Rs33

Hi Guys, 

Looking for some information on best practises for Endpoint to run on develper workstations and 3d artists workstations.

We have around 40 software developers here that write Game code and a handful of artists. Our last solution, Kaspersky, crippled many of the machines performance wise, so we are looking to switch to this product.

Speaking to the lead Dev, he asks:

"Ideally we would be able to monitor what files are being scanned by the AV when we do a compile so we can be sure there's nothing in there that's causing slow down - it can churn through several gigabytes of data during a full build cycle."

Is this possible?

We are also blocking scanning of pdb, .ilk, .cc, .h extensions and dev related folders.

I have taken note of the suggestions mentioned here:
/search?q= 19719

Any help would be great, 

Many thanks, 

:38877


This thread was automatically locked due to age.
  • 0

    Hi,

    The logflags registry key mentioned in this post:

    /search?q= 25731

    will log what the driver sees. If you set the value to FFFFFFFF it will log very verbose information.  Needless to say the log file sav.txt (C:\ProgramData\Sophos\Sophos Anti-Virus\logs\) will grow rather large rather quickly and it will slow the computer quite dramatically.  You could experiment will values between depending on what you are looking for.

    Even just using Procmon filtering on file operations by savservice.exe would get you useful info and the procmon summaries of files and folders accessed is helpful.

    I suppose one thing to consider is that the cache of "files scanned" is what ultimately gives an on-access scanner its speed as this saves the engine having to re-scan the file each time it is touched if it hasn't changed.  Of course over time this cache is built up and the computer is running well but is then invalidated when an update takes place.  So to prevent files being re-scanned at maybe important times, it would be good if the computer hadn't just updated or the file had already been seen with the current virus data.  So maybe an update schedule based around a full build cycle might be worth experimenting with.  The build presumably has an average time to complete and maybe starts at certian times?  It would be interesting to get an average without AV and with AV, maybe then with certain components such as HIPS disabled to see how they compare.  Then factor in changes such as update times and see how the average times vary. 

    Hope this offers something to think about.

    Regards,

    Jak

    :38887