Network and Storage Protocols

Switch NetApp Storage Scanning off and to scan only process that is being written to disc

EWALDNETSEC
3,120 Views

Hii Guys

I'm new with this mcafee product, can anyone please show me where on the epo policies I can switch off the storage scanning to only scan files to that is being write to the harddrive.

The same you can do with VSE 8.8

Thanks

2 REPLIES 2

Darkstar
3,120 Views

since this is a per-share setting you can change it for every CIFS share that you have. From the CLI you can do it with

cifs shares -change SHARENAME -vscan -novscanread

This command changes the policy to only scan on writes, not on reads. There's more info about CIFS virus scanning in the "Data Protection Online Backup and Recovery Guide"

-Michael

RichardSopp
3,120 Views

This would be easier if I could give you screen shots as an example but for security reasons I can't so here's hoping I can talk you through this.  I worked through this example using ePo 4.5.

This setting is not configured under the VirusScan Enterprise for Storage module - its actually in the core VSE product.

You first want to make a copy of "On-Access Default Process Policy" for either the VirusScan Enterprise 8.7.0 or 8.8.0 products you have registered in your inventory.

I would suggest you add something to the name that refers to NetApp or NAS so you don't confuse it with other VSE policies you have in your environment.

Edit the policy.

Make sure you have "settings for server" selected.

On the scan items tab, in the scan files section, check "when writing to disk", uncheck "when reading from disk", check "on network drives" (this one is important as McAfee treats Vscan requests as network drives because ONTAP sends the scan request to the McAfee server as a UNC path of the file to be scanned).

Click the save button in the bottom left hand corner.

Put the servers you are using to scan you NAS device in a container in ePo and apply you newly created "On-Access Default Process Policy for NAS" policy to the container.

Issue an agent wake up call to get your scanner servers to inherit the new policy.

Try that on for size.  If you get stuck just post a follow-up question.

Public