cancel
Showing results for 
Search instead for 
Did you mean: 

Realtime protection on write only

Novice

Realtime protection on write only

Hi,

 

Citrix recommends to set realtime protection to only work while writing to disc.

I can't find that option Policy Manager anymore - using version 12.31

2 REPLIES
Superuser

Re: Realtime protection on write only

THAT is a bad idea!
if the malware is new, it it might get written to disk because the signatures are old. And then it wil not be detected ever again!

 

Do not follow any such recommendations! F-Secure is designed to work "Out of the Box". If something is not working it is a bug and needs fixing. Following some recommended exclusion guides is a bad idea, as attackers will try these places first.

 

Please read and anderstand this (copied from Citrix https://support.citrix.com/article/CTX127030 ):

 

Warning! This article contains antivirus exclusions. It is important to understand that antivirus exclusions and optimizations increase the attack surface of a system and might expose computers to a variety of real security threats. However, the following guidelines typically represent the best tradeoff between security and performance. Citrix does not recommend implementing any of these exclusions or optimizations until rigorous testing has been conducted in a lab environment to thoroughly understand the tradeoffs between security and performance. Citrix also recommends organizations to engage their antivirus and security teams to review the following guidelines before proceeding with any type of production deployment.

Matthias
----------
perComp is a Platinum Partner of F-Secure since 1994. Any advice or help given by me in this forum is voluntarily and to my best knowledge based on working with the products since 1997. Direct contact for customers please check our homepage http://www.percomp.de

Superuser

Re: Realtime protection on write only

Hello,

 

> And then it wil not be detected ever again!

 

I think it is recommended to conduct scheduled full-computer virus scans once every 1-2 weeks and that would discover the threat retro-actively, since "manual scan" policies uses a separate set of configuration compared to real-time protection.

 

I think it must be admitted that anti-virus scanning engines, like the Aquarius are consuming so much system resources and a terminal server (Citrix, M$ or otherwise), that deals with possibly dozens or hundreds of remote desktops, may have serious reasons to minimize real-time scanning impact, because the end-user experience must not become sluggish.

 

Maybe the F-Secure Ultra Core will arive one day and lift the resource burden, but until that time compromises must be made and accepted.

 

Best Regards: Tamas Feher, Hungary.