While we do have the much maligned McAfee, I do have exclusions set up, including paging files, PST and OST files, etc. We're not seeing CPU grabs of files which is the most common (but still infrequent) issue we see with McAfee.
From: Steven Peck [mailto:[email protected]] Sent: Friday, September 30, 2011 2:06 PM To: NT System Admin Issues Subject: Re: Outsourcing Exchange Check that your local AV isn't grabbing the OST file? On Fri, Sep 30, 2011 at 1:28 PM, David Lum <[email protected]<mailto:[email protected]>> wrote: The argument is that WDE is accessing the disk making Windows wait for it. However, this would show up in a perfmon trace wouldn't it? PGP wouldn't show anywhere but if an "under the OS" process is tying up the disk and Windows apps are waiting wouldn't Windows perfmon see that as excessive queue length or something? Currently they're yanking PGP from a couple dozen machines as a test so I guess they'll get their answer that way. FWIW we didn't use OST's when Exchange was local. Dave From: Michael B. Smith [mailto:[email protected]<mailto:[email protected]>] Sent: Friday, September 30, 2011 1:13 PM To: NT System Admin Issues Subject: RE: Outsourcing Exchange I don't believe it is the culprit. I've architected, built, designed, run, and maintained six different hosted Exchange environments over the last 12 years - none of them cared ONE SINGLE JOT NOR TITTLE whether whole disk encryption was in use or not. WDE (whether TrueCrypt, PGP, or BitLocker) works at a layer beneath the file system. Nothing in user mode (that is, nothing that isn't reading the raw blocks from the disk) should care. It never sees the encrypted data. I can assure you - Outlook doesn't read the raw disk blocks. It would take some serious convincing for me to be convinced that it makes any difference. Microsoft's standard laptop image uses BitLocker for their employees. MOST of them are on Office 365 these days. I just don't buy it. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com From: Jonathan Link [mailto:[email protected]]<mailto:[mailto:[email protected]]> Sent: Friday, September 30, 2011 4:02 PM To: NT System Admin Issues Subject: Re: Outsourcing Exchange I still don't see how WDE is the culprit here. Whether Exchange is local or not, the OST is getting updated constantly, no? With a hosted environment those changes just get replicated on a less frequent interval than with Exchange in the "local" environment. On Fri, Sep 30, 2011 at 3:34 PM, David Lum <[email protected]<mailto:[email protected]>> wrote: We never ran into an issue until we outsourced. We had PGP WDE and Office 2007 for over a year w/ no issue, as soon as we outsourced and relied on .OST files...poof... From: Jonathan Link [mailto:[email protected]<mailto:[email protected]>] Sent: Friday, September 30, 2011 12:11 PM To: NT System Admin Issues Subject: Re: Outsourcing Exchange Coming into this late. We have PGP WDE and use Outlook 2007. I've never had any corrupted OSTs like this. We are not outsourced, so that could conceivably be a factor, but I'm really having trouble seeing it. Doesn an OST behave so diffrently when the host server is in the cloud, rather than local? On Fri, Sep 30, 2011 at 1:31 PM, Michael B. Smith <[email protected]<mailto:[email protected]>> wrote: Now; that being said - the challenge with desktop transformation tends to be application compatibility. I have clients where MSFT office plus a few web apps are 100% of their applications. That may not apply to you. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -----Original Message----- From: David Lum [mailto:[email protected]<mailto:[email protected]>] Sent: Friday, September 30, 2011 1:22 PM To: NT System Admin Issues Subject: RE: Outsourcing Exchange So if I said "Hey team, let's run with this", how many FTE hours do you estimate would it take to spool this up and spit it out to the first 50 victi...err...users from soup to nuts? 1. Download toolkit 2. Install MDT 2010 3. Figure out how to make it work using light-touch (no SCCM, we're back at SMS 3 currently) 4. Configure package to be deployed 5. Pull trigger on the victims. Dave -----Original Message----- From: Michael B. Smith [mailto:[email protected]<mailto:[email protected]>] Sent: Friday, September 30, 2011 9:53 AM To: NT System Admin Issues Subject: RE: Outsourcing Exchange MDT 2010 Update 1 can handle that for you, pretty darned easily. Regards, Michael B. Smith Consultant and Exchange MVP http://TheEssentialExchange.com -----Original Message----- From: David Lum [mailto:[email protected]<mailto:[email protected]>] Sent: Friday, September 30, 2011 12:45 PM To: NT System Admin Issues Subject: RE: Outsourcing Exchange We have talked about Bitlocker, but there's no guarantee that will be any better. Heck our Exchange provider didn't know PGP was an issue, and 'll bet PGP is more prevalent than Bitlocker. We're being steered to Win7/Office 2010/Remove PGP as all being needed to help resolve these issues. At 500 employees at least 450 are on XP / Office 2007 and 300+ have PGP on them. The Win7/2010 end state is desirable, it's the compressed timeframe that isn't. Dave -----Original Message----- From: Kurt Buff [mailto:[email protected]<mailto:[email protected]>] Sent: Friday, September 30, 2011 9:38 AM To: NT System Admin Issues Subject: Re: Outsourcing Exchange What OS? If it's Win7, what's the cost differential between using the PGP product vs. Win7 Enterprise/Ultimate and Bitlocker? On Fri, Sep 30, 2011 at 09:03, David Lum <[email protected]<mailto:[email protected]>> wrote: > Our outsourcing vendor has identified PGP's Whole Disk Encryption as a > major contributing factor to some major issues we're having so we're > starting to remove it permanently from several users' machines to make > the outsourced work and "we need to find a suitable workaround for those > systems". > > > > This strikes me as insane. Comments? > > David Lum > Systems Engineer // NWEATM > Office 503.548.5229<tel:503.548.5229> // Cell (voice/text) > 503.267.9764<tel:503.267.9764> > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ > <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to > [email protected]<mailto:[email protected]> > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
