I have used McAfee VirusScan Enterprise with ePolicy Orchestrator for the last 5 years. This sort of problem has plagued us the whole time (With misc machines at misc times.) I started monitoring this thread as I am pretty sure the consumer and corporate versions have a signigicant amount of shared code. My latest problem is mcshield (vse8.8) taking 50-100% CPU on a Core2Duo system for long periods of time. It is random, intermittent and completely swamps the machine making it almost useless. It does not seem to happen to all machines which leads me to believe it is a conflict with some sort of software, but have not been able to tell what even after many many hours of troubleshooting with tools like Process Montior, Process Explorer, TCPView, etc. To work around the problem, I am now using a virtual machine with 10GB RAM and 8 CPU cores. On this one, I see the CPU of one core go to near 100% at times (mcshield) but it doesn't affect much as the system has 8 cores.
I have pretty well run out of things to try after disabled most of the advanced protections and exempting everything that it could possibly hang up on, there is not much left. I have also followed the McAfee Best Practices Guide to the letter and it made no difference. Calls with support in the past have been painful wastes of time while they pretend they've never heard of such a problem, then finally try it in house and are suprised when they can duplicate my results. It usually ends with "we just released version X and if you upgrade, the problem is solved. No patch for the current version" Only to return a few months down the road.
Let me be clear, our systems are old and slow (although many are dual core and still experience this sort of problem), and this doesn't happen constantly, but it has been happening frequently to random systems at random times for 5 years with VSE8.0, 8.5, 8.7 and now 8.8.
To those who wonder what is different about the corporate versions, it is mainly that they can be deployed and updated automatically from a central server. Settings can be controlled centrally and you can generate reports about what is being blocked (Mostly Tracking coookies). It doesn't really protect any better and from what I have seen it is really only marginal at catching things. We have been infected with fake spyware over and over and over and McAfee will scan the obvious malware and say it is clean with up to date DAT files. Many times I find the malware just by know where to look, then scan it with other products and it is flagged right away even though McAfee will give it a pass. Give it a week and McAfee will catch it too. That is way way way too long.
I am now looking at and trialing several other products as I AM DONE WITH MCAFEE. Too many hours wasted for me and my users. The only reason I didn't replace it several years ago was that I have been busy with larger and much more important migrations, upgrades etc as our company went through massive structural changes. The time to just suffer with the problem was less than to implement a new product. And I figured and some point they would improve the product. Nope...
No comments:
Post a Comment