4 Replies Latest reply on Nov 7, 2008 6:15 AM by Marckson

    Antivirus in LDMS Core Server

    Rookie

      If you are deploying file-level scanners on LDMS servers, which that the appropriate exclusions, such as directory exclusions, process exclusions, and file name extension exclusions, are in place for both scheduled and real-time scanning?
      Obs.: SQL database is on another server. I use Symantec EndPoint Protection 11.

       

      Regards.

        • 1. Re: Antivirus in LDMS Core Server
          Employee

          This is a pet peeve for me, so feel free to ignore any excess vitriol.

           

          If it's in the Management Suite directory, we're going to use it. Sooner or later, it'll need to run. When it does, and that AV client pops it for some stupid reason like "it wants to send email" or "that's not a word processor" or "this one piece of malicious code also uses TCP 5007", you'll get problems with your LANDesk installation. But you won't call Symantec or McAfee for support, because you already know they won't answer... instead, you'll call LANDesk, and it'll take us a while to find the problem because most of these tools don't log very well or ignore the exceptions unless they came from an administrator workstation or something else like that.

           

          Whitelisting sucks. If you must use a whitelisting AV client at all, you should factor in an additional ongoing head count to maintain it, because keeping up with the changes required is a full-time job unless you start doing blanket exceptions. If you must use an AV client on the core, tell it to whitelist Program Files\LANDesk. If they won't let you do that, call your AV administrator any time that anything goes wrong and tell him that AV broke it until he can prove otherwise.

           

          • 2. Re: Antivirus in LDMS Core Server
            MarXtar ITSMMVPGroup

            Working around the vitriol

             

            i think you are asking about avoiding scanning what the LANDesk scanner is scanning to reduce load and to avoid the AV scanning every file that the scanner tries to scan?  As Jack says, you should be able to exclude the LANDesk directories as the easiest way of doing this.

             

            Mark Star - MarXtar LANDesk Enhancements

            Home of Power State Notifier & Wake-On-WAN for LANDesk

            • 3. Re: Antivirus in LDMS Core Server
              MarXtar ITSMMVPGroup

              This discussion talks about the problem and gives some ideas of specific files to exclude but as it says it isn't perfect.

               

              Re: Slow logins after installing LD Agent

               

              Mark Star - MarXtar LANDesk Enhancements

              Home of Power State Notifier & Wake-On-WAN for LANDesk

              • 4. Re: Antivirus in LDMS Core Server
                Rookie

                I made these exclusions:

                 

                Directory Exclusions:

                 

                C:\Program Files\LANDesk

                C:\Inetpub\wwwroot (Because IIS – Global.asa file)

                 

                http://support.microsoft.com/default.aspx?scid=kb;en-us;302424&Product=f

                http://support.microsoft.com/kb/248013/en-us

                 

                Process Exclusions:

                 

                AgentPortal.exe

                Alert2WinLog.exe

                AlertService.exe

                AlertSync.exe

                Amclient.exe

                ClientDBUtil.exe

                collcon.exe

                CreateMonitorRoot.exe

                DashboardReportService.exe

                fwregister.exe

                Gatherproducts.exe

                instmsxml.exe

                Issuser.exe

                lddetectsystem.exe

                LDInv32.exe

                Ldiscn32.exe

                LocalSch.EXE

                miniscan.exe

                policy.client.config.exe

                policy.client.invoker.exe

                proxyhost.exe

                residentAgent.exe

                Residentagent.exe

                restartmon.exe

                setupmirror.exe

                Softmon.exe

                sqlbrowser.exe

                sqlservr.exe

                sqlwriter.exe

                vcredist_x86.exe

                Vulscan.exe

                wscfg32.exe