Dredd123
Contributor
Contributor

Trend ServerProtect Real Time Scan Kills Performance

Jump to solution

I have just virtualised a Windows 2003/Citrix Presentation Server 4.5 server onto a vSphere host with a NetApp FAS2020 using NAS as the datastore where the VM is stored. There are no other VM guests on the host at the moment, and the NetApp is not being used for any other purposes yet (i.e. nothing should be taxing the hardware). I have found that ServerProtect V5.58 real time scan running on the Citrix server maxes out the CPU to constant 100% once about 8 users are logged on. If I disable realtime scan, everything goes back to normal.

Clearly I need to be able to protect users Citrix sessions from malware. What is the best way to achieve this with Citrix/Terminal Servers on VMware?

Does anyone have a newer version of ServerProtect or even OfficeScan running successfully within Citrix/Terminal Services hosted on VMware?

Thanks,

D.

0 Kudos
1 Solution

Accepted Solutions
Texiwill
Leadership
Leadership

Hello,

Moved to the Security Forum.

Reinstalling Trend after a P2V could help but may not.

Trend also makes programs specifically for virtualization and vSphere that will do A/V scans using the vStorage API which will not as drastically impact performance, this is something to look into. Maybe not 'real-time' but will allow better overall scanning.


Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, 2010

Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]

Also available 'VMWare ESX Server in the Enterprise'[/url]

Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]

Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2022,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

View solution in original post

0 Kudos
6 Replies
JimKnopf99
Commander
Commander

Hi,

is that a newly installed Server or P2V?

Frank

If you find this information useful, please award points for "correct" or "helpful".

If you find this information useful, please award points for "correct" or "helpful".
Dredd123
Contributor
Contributor

It is a P2V of an HP server (I know not best practice but we will be going to XenApp 6 and Windows 2008 R2 soon so didn't want to have to rebuild the Citrix farm twice within a couple of months).

0 Kudos
JimKnopf99
Commander
Commander

Have you do a deinstallation?

Deinstall, reboot, delete Trend Micro reg keys and install.

Also check the System logfiles.

Sometimes there are entrys that some Files where skiped by realtime Scan.

It depends on the Folder but maybe it is possible for you to skip this Folder for your realtimescan.

Frank






If you find this information useful, please award points for "correct" or "helpful".

If you find this information useful, please award points for "correct" or "helpful".
Texiwill
Leadership
Leadership

Hello,

Moved to the Security Forum.

Reinstalling Trend after a P2V could help but may not.

Trend also makes programs specifically for virtualization and vSphere that will do A/V scans using the vStorage API which will not as drastically impact performance, this is something to look into. Maybe not 'real-time' but will allow better overall scanning.


Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, 2010

Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]

Also available 'VMWare ESX Server in the Enterprise'[/url]

Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]

Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2022,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos
Dredd123
Contributor
Contributor

I tried an uninstall and reinstall of ServerProtect but the problem still remained.

I have decided to deploy the latest version of OfficeScan (10.5) to see if it behaves any better.

0 Kudos
Texiwill
Leadership
Leadership

Hello,

Be sure not to have your VMs all scanning their disks at the same time. Stagger things across time else A/V will impact performance greatly.


Best regards,
Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, 2010

Now Available: 'VMware vSphere(TM) and Virtual Infrastructure Security'[/url]

Also available 'VMWare ESX Server in the Enterprise'[/url]

Blogging: The Virtualization Practice[/url]|Blue Gears[/url]|TechTarget[/url]|Network World[/url]

Podcast: Virtualization Security Round Table Podcast[/url]|Twitter: Texiwll[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2022,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos