search cancel

What exclusions should be considered for Symantec Management Platform and Agents to function correctly with an anti-virus solution installed?

book

Article ID: 154301

calendar_today

Updated On:

Products

IT Management Suite Client Management Suite Server Management Suite

Issue/Introduction

What exclusions are necessary for Symantec Management Platform (SMP) and Agents to function correctly with an anti-virus (AV) solution installed?

 

Environment

ITMS 8.x

Resolution

On the SMP / Notification Server:

The following folders in C:\ProgramData\Symantec\SMP\EventQueue should be excluded from AV:

    • EvtInbox
    • EvtQFast
    • EvtQLarge
    • EvtQPriority
    • EvtQSlow
    • EvtQueue
    • Temp

Exclude files in the Software Library

Exclude Patch Packages (Tools and Downloads): C:\Program Files\Altiris\Patch Management\Packages

Exclude C:\Program Files\Common Files\Altiris.  We use the 7z.dll in this folder to recreate AeXNSCHTTPS.exe.  See KB: Unable to save SMP Communication Profile

 

On the SQL Server:

Consider excluding the database files (files with extensions of .ldf, .mdf, and .bak).

 

Windows Computers:

Exclude the following on all Altiris Agents:

  • <InstallDrive>:\Program Files\Altiris\ and all sub folders
  • C:\ProgramData\Symantec\Symantec Agent\ and all sub folders

 

MacOS and Linux machines:

MAC / Linux machines follows the same logic as far as file types to exclude. For example, you may want to exclude the agent logs:

opt/altiris/notification/nsagent/var/aex-client.log

or just the full agent directory:

opt/altiris/
OR opt/altiris/notification/nsagent/

Temporary files created for events should be considered as well:

/tmp/*.nse
/tmp/syminvdata.out

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Disclaimer: Symantec Management Platform and ITMS testing is being performed without third party software installed.

The recommendations in the KB are provided as is based on our experience and updated if further issues surface.

Additional Information

Notes:

The files in the EvtInbox folder are zero-footprint inventory files from client machines
The files in the EvtQ* folders are generally inventory and notification data from client machines
The files in the Temp folder are temporary files that the system is using

As well, in certain situations you should consider for excluding the Windows %temp% folder, typically found at C:\Windows\Temp, but its location can change for some of the Windows operating systems. In this folder, exclude .tmp files.  These .tmp files can be .nse files that IIS may temporarily store (either created, compressed or uncompressed) at this location before placing them in the NScap queues.

A consideration to exclude the <install drive>:\Program Files\Altiris\Symantec Installation Manager\Installs\Altiris folder for .msi files can be made if the AV client will modify or block the .msi files used for installations.