Question
Is Altiris vulnerable, or can act/has acted in the past as a vector for transferring infections - viral, spyware, etc; and if so, what recommendations would you make to minimize this?
Answer
Any other location in the Altiris folder structure including the <drive>:\Program Files\Altiris\Notification Server\NSCap\Bin directory should be checked for malware.
NOTE:: As the Notification Server processes literally thousands of .tmp files during the course of the day, it is important that the above antivirus exclusions be set all the time (i.e. not just during the periodic "full" scan but by the on access scan as well).
Ensure that your system's virus checking software can check for spyware and infectious files.
Note: The Notification Server does not automatically forward or send infected files. However, if a package is created with infected files and then a corresponding software delivery policy was enabled, then the NS would be sending the "bad" files. The NS does not have a built in mechanism to detect "bad" files.
For performance reasons, an exclusion should be made for the following:
Any *.tmp files in the following folders:
NOTE:: If you are on the platform SMP 7.1, an exclusion should be made on the folder EvtQPriority as well: