This article addresses the supportability of anti-virus scanners installed on ElectricAccelerator hosts, servers and Electric Make (eMake) machines. Also, compatible configurations with virus scanners and ElectricAccelerator are listed.
ElectricAccelerator is not certified to run with any specific anti-virus applications.
The following information is a compilation of support knowledge related to configuring anti-virus applications to successfully work with ElectricAccelerator. This information is not an official recommendation, just lessons-learned to assist you in avoiding known problems when anti-virus applications are configured to the contrary.
General issues to consider when configuring virus scanners on an ElectricAccelerator server are as follows:
- When and how to scan
- When and how not to scan
- What to scan
- What not to scan
- Verifying anti-virus settings
- Performance considerations
When possible, scan manually or on a scheduled basis during downtime (non-work time). This limits virus scanning’s performance impact during normal operations, especially ElectricAccelerator use. This impact could be significant depending on client speed, network bandwidth, server performance, and the number of clients accessing the cluster.
Shut down ElectricAgent on cluster host(s) being scanned. This avoids any possibility of the scanner’s affecting or being affected by ElectricAccelerator.
Avoid “realtime” or “on-access” scans on cluster agent machines. Depending on how aggressive the virus scanner is, on-access scanning can disable EFS creation/access. The final step in the on-access operation is typically to rename temporary containers, and ElectricAgent creates many of these containers as part of its process. On-access scans may lock a file to perform some operations, resulting in the inability of ElectricAgent to rename the file. This may result in errors from ElectricAgent such as “unable to open/rename file.” This can also generate spurious serializations and false conflicts.
It is recommended to disable heuristic scans, for example TrendMicros IntelliTrap.
Scan source files on the eMake machine.
Scan the derived objects after the build completes on the eMake machine. This catches files added or modified by a virus. Real-time scanning on the eMake machine may adversely affect performance.
Do not scan the EFS temporary directories (on the cluster machines): Scanning this part of the drive scans all files mounted on this system. The EFS lookup/creation phase of a file open in EFS can lead to serious performance degradation because the scan attempts to open all files in the temporary space.
- We have two groups defined in the TrendMicro server used by our build and test machines. One for servers and one for desktops.
- Both groups have basically this setup:
- Real Time scan is enabled
- IntelliScan uses TrueType file type detection
- We do not scan mounted drives
- We exclude these directories (the list will vary from environment to environment):
- c:\Documents and Settings\build.Electric-Cloud\Local Settings\Temp
- c:\Documents and Settings\build\Local Settings\Temp
- c:\User\build.Electric-Cloud\Local Settings\Temp
- c:\User\build\Local Settings\Temp
- n:\ (samba share… just in case)
- IntelliTrap is disabled
- Firewall is disabled
- Behavior Monitoring is disabled
- Web Thread detection is disabled
- TrendSecure toolbars are disabled
- Mail scan is disabled
To test your anti-virus software’s whitelisted directories, a text file can be created that is 100% safe and is used for testing anti-virus software. Instructions on how to generate the file (called the “EICAR Standard Anti-Virus Test File”) are available on the EICAR website. If the 68-byte file is generated in a whitelisted directory and is flagged by anti-virus software, it means that there is an issue with its configuration. This string is:
Real-time scan everything (agents and eMake) - 8% slower than no scan
Real-time scan except for TEMP (on agents) - 4% slower than no scan
Real-time scan except for TEMP (on agents and eMake) - not much slower than no scan