Slow performance with Java-based applications

Technical Articles ID: KB58727
Last Modified: 2023-01-03 21:21:28 Etc/GMT

Environment

Endpoint Security (ENS) Threat Prevention 10.x

Problem

Slow performance occurs with Java-based applications when ENS is installed.

Cause

Java uses .JAR and .CLASS archive files. ENS include the ability to scan these archive types for malicious content. Archive scanning requires that each file in the archive is extracted and scanned individually. For large archives or programs that access multiple archives, this requirement can cause slow system performance and an increase in the CPU resources used by the McShield.exe process.

Solution 1

Disable archive scanning (disabled by default)

NOTE: There is minimal risk when archive scanning is disabled. When an archive is extracted, each file must still be scanned before it is saved.

To disable archive scanning with ENS:

Log on to the ePO console.
Click Menu, Policy, Policy Catalog.
Select Endpoint Security Threat Prevention from the Product drop-down list.
Select On-Access Scan from the Category drop-down list.
Click the name of your policy.
Click Show Advanced.
Deselect Compressed archive files.

NOTE: For ePolicy Orchestrator (ePO) managed computers, you must make this change in the On-Access Default Processes Policies for VSE. Click the Advanced tab, deselect Scan inside archives, and then click Apply.

Solution 2

Exclude files with JAR, CLA, JAV extensions from Default Processes scanning

Only exclude by extension in the following situations:

If many processes access Java files
If the processes should not be added to the low risk profile processes

NOTE: Trellix does not advise that you disable scanning of file types (exclusion by extension) that any process accesses. But, you can exclude these file types if they are known to be safe.

Related Information

How to configure exclusions in ENS:
When configuring exclusions, always apply the principle that the more precise the exclusion, the smaller the potential security risk. For instructions to configure exclusions, see "Preventing Threat Prevention from blocking trusted programs, networks, and services" section of the Endpoint Security 10.7.x Product Guide.

Knowledge Center

Slow performance with Java-based applications

Environment

Problem

Cause

Solution 1

Solution 2

Related Information

Previous Document ID ^(Secured)

Affected Products

Languages:

Title

Title

Knowledge Center

Slow performance with Java-based applications

Environment

Problem

Cause

Solution 1

Solution 2

Related Information

Previous Document ID (Secured)

Affected Products

Languages:

Choose your region

Title

Title

Previous Document ID ^(Secured)