Best practices to deploy CylancePROTECT on servers
There is no special consideration in regards to devices in a server role (examples: SQL or Exchange) when installing CylanceProtect. It is best to not set any exclusions during deployment. In this way, if/when performance issues are detected, then exclusions can be configured gradually.
Some key points and observations to advise on:
- When "Watch For New Files" is enabled, exclude the logs folder (related to the SQL) so the performance is not greatly impacted during this activity.
- Depending on the policy settings assigned to the respective device (Exchange, SQL or other), and when auto quarantine (AQT) is enabled, executable files will be prevented from running until a Cylance Score can be calculated.
As far as the Exchange server is concerned, having "Watch For New Files" enabled, may slow down system operations. Anytime a new file is added to the device, it will be scanned. Although the scanning of files is lightweight, scanning a large number of files at one time could cause the device to slow down.
- Enable"Â Background Threat Detection" and have itÂ Run Once.
- Make sureÂ Execution ControlÂ is enabled
- Disable "Watch For New Files".
Cylance Protect Admin Guide can also be useful:Â https://support.viperline.com/uploads/CylancePROTECT_Admin_Guide_2.1_rev34.pdf