We are also trying to go with ENS Threat Prevention and Web Control modules on our Horizon Instant clone VDI machines but so far haven't been able to get a satisfactory performance in our test environment. Did you follow any KB article to install it on your master image ? We installed ePO_5.6_Agent and then McAfee_Endpoint_Security_10.6.1.1560.2_Standalone_Client_Install/SetupEP.exe and then ran maconfig -enforce -noguid to clear GUID. All applications are taking 5 or more seconds to open.
Comparisons are a little tough, being that the product architecture and available features are fairly distinct.
MOVE, whether Agentless or Multi-platform, was designed to optimize the performance hit in a virtual environment, when implemeting any product that performs real-time scanning. For MOVE, that design was to reduce overall load from a host/hypervisor perspective. In reducing that overall load, it doesn't necessarily mean that a we will see better performance from an individual system level, if we say compare ENS performance on the same system that is offloading scanning to a MOVE SVM. Why? Because, ENS has built-in scan avoidance, and MOVE does not.
The scan avoidance that ENS provides, may or may not equate to better system performance, with the ultimate determining factor being the applications that are used on the system. When it comes to Citrix, both products will most likely have a need to perform custom scan configuration. For example, excluding UserProfileManager.exe as a process exclusion would most likely be necessary for both products.
We then get into the details of the architecture of MOVE, where with Multi-platform the MOVE Client is essentially a light-weight filter driver, and that is pretty much it, so very little resource overhead on the protected endpoints. The systems are managed, so they will contain a McAfee Agent to perform policy retrieval, whereas with MOVE Agentless and VMware environments, it does not require any McAfee software installed on the endpoint in order for scanning to occur (even more lightweight). That being said, these aspects alone can probably used for a general comparison, but how the scanning is achieved is completely different.
Personally, I have worked with customers that tested both, and some decide to stick with MOVE over ENS, and others take the traditional "thick client" install of ENS over MOVE. With ENS, you will have the ability to make use of other technologies, such as:
Script scanning (browser plugin)
ATP (Adaptive Threat Protection)
With MOVE, we do have the ability to leverage TIE-enabled lookups, as we do when using the ATP module, or blade, for ENS.
The additional features that ENS Threat Prevention and ATP can provide, are most likely the best defining determination as to whether or not a customer prefers one over the other. If the intention is to just have the disk activity checked by a scanner using standard DAT information (and possible TIE-enabled lookups), perhaps MOVE is the better choice. If the environment is such that a feature such as Access Protection is required, then MOVE is not an option.
Was my reply helpful?
If this information was helpful in any way, or answered your question, will you please select "Accept as Solution" in my reply, or give kudos as appropriate, so together we can help other members?
Taking into account what was just said, i would like to link this very helpfull link to create the whitelist for MOVE and to make sure that the performance hit on the vdi's is as little as possible (while mantaining a good security)
Thanks for the detailed post. Can you also provide some information on how to install McAfee ENS for VMware Horizon instant clones VDI as well. We simply installed it on the Instant Clone Master image and removed the Maconfig GUID and added antivirus exceptions as per VMware document. Is there anything else we could do to improve performance. Currently it takes about 3 minutes to login to the Instant clone VDI Machines and CPU Utilization is about 15% higher than what we had without ENS. Is it recommended to run scan on on Master image before publishing it in desktop pools ? Thanks much.
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership: