Hi All,

I'm new to Kaspersky and we have purchased Kaspersky Business Space for our 6 servers and 70 clients. We have 2003 servers, Exchange 2007 and also use 3 Citrix servers (Presentation Server 4.5) to distibute some applications. All in all a fairly standard set up. I'm early in to my Kaspersky implementation, I've set up my Administration server and installed the server version to my 6 servers and workstation version to a couple of test workstations. I've read most of the manuals but I find they lack clear information of how the products relate to each other.

For example, I'm a user on a PC and I open a word file from a shared folder from one of my file servers. What are the sequence of events? Does the server scan the file because a client has requested to open it? Does it then get scanned again on the PC that requested the file, by the workstation scanner? What actually happens when the file is opened? What are the sequence of events in the background? Is it over the top to scan at both ends?

The reason I ask, is that I've noticed that it is noticably slow opening files, applications have become more sluggish especially via Citrix. I'd really like to understand in my own mind what is happening in the background. I realise that there are many settings I can play with and I have started to dabble with exclusions and trusted areas. I'm also considering disabling pro-active protection and scanning on the servers during the working day and just scanning them over night. As long as the workstations are scanning the shared files on the servers on access, we're pretty well covered right? I'd appreciate any feedback on this and would like to hear how others have configured their 'similar' environments. We use HP DL380G5 servers (quad core) I'd also appreciate some guidance on the multi-processor settings.

Many thanks in advance, Kevin.

Hi,



There are several way to scan a file :

• Smart mode: This mode is aimed at speeding up file processing and return them to the user. When it is selected, a decision to scan is made based on analyzing the operations performed with the file.
  For example, when using a Microsoft Office file, Kaspersky Anti-Virus scans the file when it is first opened and last closed. All operations in between that overwrite the file are not scanned.
  Smart mode is the default.
• On access and modification – File Anti-Virus scans files as they are opened or edited.
• On access – only scans files when an attempt is made to open them.
• On execution – only scans files when an attempt is made to run them

You should know that KAV has 2 technologies called iSwift and iChecker which can help to optimize the way files are scanned. Also iSwift works in network, it means that KAV for Server can exchange datas with KAV for Workstations about scanned files.




What product have you installed on your Citrix server ? I hope you're using the Enterprise Edition of KAV 6.0 for Windows Servers, which is the best product to protect this kind of environment, talking about performances. With this product, Anti-Virus influence is decreased on each terminal session (a separate copy of the Anti-Virus is not run in each session).

OK thanks for the advice. I currently have the 'normal' File Server version installed, so I'll remove it and replace it with the Enterprise Edition to see if things improve.

Many thanks,

Kevin.

Just for information for anyone still following this post, I'm running on Enterprise Edition now on my Citrix servers and all seems well, performance it very good and no complaints from any users, yet...!