-
Notifications
You must be signed in to change notification settings - Fork 21
McAfee Process Handling
This information is regarding the processes run on the LEAF servers under the McAfee installation. The intention is to limit the resource usage of these processes to allow stronger operation on the server and, subsequently, a smoother user experience on the LEAF platform.
When ENSL is installed with OAS enabled (without Deferred Scan), it blocks access to the file until ENSL scans it and finds it to be clean. If the file isn't clean, ENSL takes the specified action and then blocks access to the file. A file scan might complete in milliseconds or might take longer for bigger files.
We observed that in high I/O intensive environments (for example, Hadoop and splunkd), a small delay in getting events from the system (due to the scan of files) causes a delay in performance and the operation of the application. So, blocking the events while scanning caused operation issues. To address this issue, ENSL 10.7.5 and later provide the "Deferred Scan" option. Both the READ and WRITE events get scanned but aren't blocked during scanning.
With Fanotify, ENSL uses a "Deferred Scan" option that enables users to perform the scan in a non-blocking manner to support high I/O intensive applications to run smoothly.
- NOTE: Deferred Scan is applicable only on Fanotify-based systems.
/opt/McAfee/ens/tp/bin/mfetpcli --getdeferredscan
/opt/McAfee/ens/tp/bin/mfetpcli --usefanotifyservice mfetpd restart/opt/McAfee/ens/tp/bin/mfetpcli --setdeferredscan enableservice mfetpd restart
/opt/McAfee/ens/tp/bin/mfetpcli --getoascpulimit-
/opt/McAfee/ens/tp/bin/mfetpcli --setoascpulimit 60(can be 50- 99%) /opt/McAfee/ens/tp/bin/mfetpcli --getoascpulimit