Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Sharepoint's performance with TrendMicro IPS & DeepSecurity

Posted on 2014-04-15
4
Medium Priority
?
1,370 Views
Last Modified: 2014-04-20
I've heard of Symantec Endpoint Security have issues (performance
& sort of locking) with MS Sharepoint.

Q1:
Does TrendMicro's  IPS agent & TrendMicro's anti-virus software
have similar or known performance (& locking & impact to Sharepoint's
NTLM & Kerberos authentication) issues with MS Sharepoint?

Q2:
One site requests for Symantec Endpt Security to exclude Sharepoint
& MS HL7 from being scanned.  Is it generally acceptable to Security
Governance to exclude Sharepoint folders & its DB from IPS & malware
/AV scan?  Or can someone pinpoint specific files to exclude to improve
the performance?

Q3:
Can point me to URLs/links that document known TrendMicro IPS &
anti-malware/virus performance issue with Sharepoint & HL7?
0
Comment
Question by:sunhux
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 10

Assisted Solution

by:Mohit Nair
Mohit Nair earned 80 total points
ID: 40003304
Q1:Does TrendMicro's  IPS agent & TrendMicro's anti-virus software
have similar or known performance (& locking & impact to Sharepoint's
NTLM & Kerberos authentication) issues with MS Sharepoint?
Ans : Nothing against symmantec, but yes trend micro antivirus doesnt consume much CPU as compared to symmantec when it comes to scanning or filtering. So the performance risk is less. No locking impact and its independent of the type of authentication used in SharePoint.

Q2:
One site requests for Symantec Endpt Security to exclude Sharepoint
& MS HL7 from being scanned.  Is it generally acceptable to Security
Governance to exclude Sharepoint folders & its DB from IPS & malware
/AV scan?  Or can someone pinpoint specific files to exclude to improve
the performance?
Ans: Rather than using symmantec end point security try Trend micro portal protect for SharePoint. Thats the product you need to avoid breaking security governance.

Q3:
Can point me to URLs/links that document known TrendMicro IPS &
anti-malware/virus performance issue with Sharepoint & HL7?
Ans: Not that I have come across but would suggest you to call trend micro customer support for this information when you buy the subscription. They will be happy to help.
0
 

Author Comment

by:sunhux
ID: 40007115
Yes, I did call up TM cust support & the reply was there's no known
performance/locking impact.  However, TM advised if clustering
solutions with heartbeat is used, avoid certain TM's IPS signature.

Trying to get a 2nd opinion here in EE.

Other than Windows OS & Redhat OS clustering, an acquaintance
suggested that heartbeat could be used in applications clustering
too.

What are the apps that send heartbeat?  Oracle RAC?  Glassfish?
Weblogic?   Can anyone list out any other apps?
0
 
LVL 65

Accepted Solution

by:
btan earned 1920 total points
ID: 40010869
if it is sharepoint, I see TM more on leveraging portalprotect from the application front end and probably you can catch this whitepaper (pdf) on TM performance using this and best practice for performance tuning.  (they compared it with Forefront though not SEPM), Another simplified shorter version available here (pdf)

PortalProtect integrates tightly with Microsoft SharePoint. For PortalProtect to perform optimally, it is recommended that you follow and implement the recommendations from Microsoft’s Best Practice Analyzer Tool. Trend Micro worked closely with Microsoft to include the recommended settings for SharePoint in this tool. Make sure all the settings for both SharePoint and PortalProtect are implemented to allow both products to perform optimally
The following files and directories should be excluded from the file-based anti-virus scanner running in the SharePoint servers:
- Backup folder (Default folder: \PortalProtect\storage\backup)
- Temp folder (Default folder: \PortalProtect\Temp)
- SharedResPool folder (Default folder: \PortalProtect\SharedResPool)

There is also a generic scan exclusion list from TM

Microsoft Sharepoint Portal Server
<drive>: \ Program Files \ SharePoint Portal Server
<drive>: \ Program Files \ Common Files \ Microsoft Shared \ Web Storage System
<drive>: \ Windows \ Temp \ Frontpagetempdir
M:\
Microsoft SharePoint Servers Foundation 2010
Drive:\Program Files\Common Files\Microsoft Shared\Web Server Extensions
Drive:\Windows\Microsoft.NET\Framework64\v2.0.50727\Temporary ASP.NET Files
Drive:\Users\ServiceAccount\AppData\Local\Temp
Drive:\Users\Default\AppData\Local\Temp
Drive:\Users\<the account that the search service is running as>\AppData\Local\Temp
Drive:\WINDOWS\system32\LogFiles
Drive:\Windows\Syswow64\LogFiles

Also Microsoft has advise on Certain folders may have to be excluded from antivirus scanning when you use file-level antivirus software in SharePoint

For TM using PortalProtect, its risk scan using Intelliscan has has option such as uses “true file type” identification and recommended to enable it as compared to the option such as "Specified file type" tat can be performance impact. We will want to catch those file ext change (e.g. exe to txt etc) that attempt to bypass scan based on that too and skip those that is not executable (also to reduce false positive and perform opt).

Likewise, we also want to take note that a manual scan in general will require significant server resources. Hence better to make sure we understand the settings and target databases. It is not very optimal to run manual scans outside of regular business hours unless absolutely necessary. And if incremental scans viable due to performance impact, we can leverage on that if product support e.g. TM configure incremental
scanning to scan only content since the last scheduled/manual scan occurred.

Always subscribe alert on performance alert for diskspace, service failure restart, quarantine file oversize, scanning delayed, failure in push signature to client as they are symptom for "failing server"
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
A recent project that involved parsing Tableau Desktop and Server log files to extract reusable user queries for use in other systems. I chose to use PowerShell to gather the data, and SharePoint to present it...
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

664 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question