Switching Anti-Virus on our servers from Symantec to Trend-Micro

Version 1

    Details

    We've received a request from our Systems team to identify any file exclusions that HEAT requires for Trend-Micro Anti-Virus.  I've attached an email with the question from the Systems team


    Resolution

     

    What files, folders and/or registry keys should be included in an anti-virus Exclusion list?


    IPCM:

    The data and applications directories:

    Should be excluded because there are some files that we ‘watch’ for timestamp changes to re-upload them, which gets us sideways of virus scanners that also update the timestamp to know they have evaluated them for viruses. It creates a loop – virus scan runs so it updates the timestamp. We think someone changed the file, so we import it, changing the timestamp so we know we have imported it. This triggers the virus scanner to run since the timestamp is newer than it scanned last. Rinse, Repeat. This is why we exclude those directories from the on access scans of the virus scanners.


    HEAT Discovery:

    Executable / binaries: c:\program files(x86)\Frontrange Solution\
    Logs and messages (Note: from 2016.1 this folder can be modified in the installer): c:\ program files(x86)\common files\FRS\
    Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\FrontRange Solutions\SAAS\IM\Client
    For client agent included and under 2015.2 there was an additional key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\NetSupport\NetInstall


    HEAT Service Management:

    The installer will extract files on temp folder that you can see using %tmp% or %temp% and it will be the different folder based on the login account. This is normal process that is handled by Microsoft Windows Installer.

    After that we will install some of prerequisites which will be installed into C:\Program Files or C:\Program Files (x86).

    HEAT SM will be installed on C:\Program Files\HEAT Software\HEAT (by default) and it could be changed by customer during installation process.

    Using SCW, customer can change logs and cache folder which is defaulted to C:\Logs and C:\HEATCache