1. Manuals
  2. Brands
  3. McAfee Manuals
  4. Software
  5. DFFCDE-AA-DA - Endpoint Encryption For Files
  6. Product manual

Appendix B: Best Practices - McAfee DFFCDE-AA-DA - Endpoint Encryption For Files Product Manual

Product guide
Hide thumbs
Table of Contents

Advertisement

Appendix B: Best Practices

This section provides some recommendations for large scale deployments of EEFF.
NOTE:
Consult your Endpoint Encryption representative if you have special considerations for
your environment. The definition of a large-scale installation is any deployment with 1000 users
and above.
Key caching
Try to make use of the encryption key caching feature. This might not be possible due to security
reasons. However, considering this option for any encryption key created will help reduce the
communication payload on the McAfee Agent to ePO.
Tune encryption intensity for network
When encrypting large folders on a network share through a policy, it is recommended to tune
the network encryption intensity.
Configure these values to tune the network encryption intensity:
• I/O Utilization: 30% (Set in Encryption options policy)
• Bandwidth limit: 100 KB/sec. (Set in Network policy)
• Network latency: 600 ms. (Set in Network policy)
• Maximum number of clients to encrypt folders: 10
You can limit the size of the files to be encrypted (Set in the Encryption options policy).
Explicitly encrypt large shares in advance
Use a manual (explicit) encryption method for large network folder(s) encryption, rather than
encrypting them through a folder encryption policy.
Initiate the encryption from a single machine, after logging on with an appropriate EEFF user,
then let the encryption run (maybe overnight).
The reason is to avoid extreme payload on the file server(s) from many clients seeking to
enumerate, fetch, encrypt, and upload files to/from the server(s). This reduces the risk of
network failure and file server payload overflow is minimized.
Exclude EEFF client program directory
Irrespective of the anti-virus solution used on the clients, it is recommended to exclude the
EEFF program directory from real-time anti-virus scanning.
By default, the EEFF program directory is [SYSDRIVE]\Program Files\McAfee\Endpoint
Encryption for Files&Folders.
Typically, most anti-virus solutions can be policy controlled to exclude certain directories from
real-time scanning. Consult the operating manuals for your anti-virus solution for further details.
42
McAfee Endpoint Encryption for Files and Folders version 4.0.0 Product Guide

Advertisement

Table of Contents
loading

Related Manuals for McAfee DFFCDE-AA-DA - Endpoint Encryption For Files

Related Content for McAfee DFFCDE-AA-DA - Endpoint Encryption For Files

This manual is also suitable for:

Endpoint encryption for files and folders 4.0.0

Table of Contents