Recommended Anti-virus exclusions for NS servers

book

Article ID: 180906

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server)

Issue/Introduction

 

Resolution

Question
Is Altiris vulnerable, or can act/has acted in the past as a vector for transferring infections - viral, spyware, etc; and if so, what recommendations would you make to minimize this?

Answer

 

 

Any other location in the Altiris folder structure including the <drive>:\Program Files\Altiris\Notification Server\NSCap\Bin directory should be checked for malware.

NOTE:: As the Notification Server processes literally thousands of .tmp files during the course of the day, it is important that the above antivirus exclusions be set all the time (i.e. not just during the periodic "full" scan but by the on access scan as well).

Ensure that your system's virus checking software can check for spyware and infectious files. 

Note: The Notification Server does not automatically forward or send infected files.  However, if a package is created with infected files and then a corresponding software delivery policy was enabled, then the NS would be sending the "bad" files.  The NS does not have a built in mechanism to detect "bad" files.  

For performance reasons, an exclusion should be made for the  following:

Any *.tmp files in the following folders:

  • <drive>:\Program Files\Altiris\Notification Server\NSCap\EvtInbox
  • <drive>:\Program Files\Altiris\Notification Server\NSCap\EvtQFast
  • <drive>:\Program Files\Altiris\Notification Server\NSCap\EvtQLarge
  • <drive>:\Program Files\Altiris\Notification Server\NSCap\EvtQSlow
  • <drive>:\Program Files\Altiris\Notification Server\NSCap\EvtQueue
  • <drive>:\Program Files\Altiris\Notification Server\NSCap\Temp
  • <drive>:\Windows\Temp  = The directory corresponding to the %TEMP% environment variable as defined for the SYSTEM profile (not the user profile)
    IIS uses this directory as a temporary storage point for very small incoming http POST requests.                                                                                                                                    
     

NOTE:: If you are on the platform SMP 7.1, an exclusion should be made on the folder EvtQPriority as well:

 

  • <drive>:\Program Files\Altiris\Notification Server\NSCap\EvtQPriority