The following new features in MACC 8.x can cause performance issues when MACC 8.x is running:
SHA-2:
For enhanced security, MACC 8.x uses the SHA-2 format. SHA-2 provides 256-bit hash, compared to 160 bit in SHA-1, and is considered more secure than SHA-1. MACC computes SHA-2 for each binary and stores it in the local allow list. Before execution of the binary can occur, the hash of the binary is checked against the allow list. If the hash does not match, the execution is blocked.
Compared to SHA-1, SHA-2 takes a longer time to compute the file hash adding to the performance issue. As part of the boot time protection, the hash is computed during all operations. These operations include solidification, execution, and validating files during boot process. Performance impacts of increased client boot time, solidification time, and file execution time are to be expected.
In addition to SHA-2, MACC 8.x also computes the file hash for MD5 and SHA-1. Doing so allows for backward compatibility. It also allows information sharing with other dependent components that require the file hash in MD5 or SHA-1 format.
Corrupt Inventory Rollback:
This feature is enabled by default. It creates a backup copy of the local allow list. If the allow list corrupts, MACC can recover it from a backup copy immediately rather than be forced to resolidify the system. This backup copy is created during the boot sequence, which increases system boot time. For more details about this feature, see KB88222.