AntiVirus - UIM, UMP, CABI and Operator Console pre-install and operational requirements

book

Article ID: 205483

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM) Unified Infrastructure Management for Mainframe CA Unified Infrastructure Management SaaS (Nimsoft / UIM)

Issue/Introduction

What are the requirements concerning Anti-Virus for pre and post installation and ensuring normal ongoing operation for:

- UIM (DX Infrastructure Manager)
- UMP
- CABI
- Operator Console
- Hubs/Robots and probes

Environment

Release : 9.2.0 or higher

Component : UNIFIED INFRASTRUCTURE MGMT

- installation or upgrades
- probe operations

Resolution

Important notes on AntiVirus

Configure your Operating Systems

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/unified-infrastructure-management/20-3/installing/pre-installation-planning/configure-your-operating-systems.html

Firewalls and Virus Scanners

Before you install CA UIM:

Shut down any antivirus software.
(Optional) Shut down your firewall. While not always necessary, this action maximizes your chance of a successful installation. 

If you keep your firewall running:

- Ensure the port between the CA UIM system and the database system is open.
- Specify a starting port during CA UIM installation (the recommended default is port 48000).
- Ensure that an adequate range of ports are open (for example, ports 48000 through 48020).

At a minimum, the first three ports assigned (controller, spooler, and hub) must be open. The port that is used for the distsrv probe communication is dynamically assigned.

- Reenable the firewall and anti-virus software when installation is completed.

Firewall Port Reference:

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/unified-infrastructure-management/20-3/installing/pre-installation-planning/firewall-port-reference.html

Troubleshooting Additional Scenarios

Also if you examine our troubleshooting section, for example:

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/unified-infrastructure-management/20-3/troubleshooting/troubleshooting-additional-scenarios.html

"We recommend that you exclude the entire UIM folder from the anti-virus scanning. This alert can occur in multiple probes. Therefore, excluding the entire UIM folder from anti-virus scanning is recommended."

Additional Information

Anti-Virus Protection and Nimsoft programs and folders
https://knowledge.broadcom.com/external/article/47887/

Upgrade UIM Server
https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/unified-infrastructure-management/20-3/upgrading/ca-uim-upgrade-step-3-deploy-the-upgrade/upgrade-uim-server.html

Turn off Anti-Virus Scanning
Turn off any anti-virus scanners running on the server. These scanners can significantly slow down the installation. You can turn your anti-virus scanner back on after the upgrade is complete.

If you don't exclude the Nimsoft application from Anti-Virus, it may interfere with installation as well as normal operation. This can apply to any/all software applications not just enterprise monitoring. During installation you can temporarily disable AV, then reenable it. During normal operation, specific exclusions must be in place as per the content in this KB Article.

UIM works with TCP ports and if a firewall blocks them, it would not communicate. The ports being used that need to be allowed are well documented. For more detailed information please refer to the techdocs page:

Firewall Port Reference

Note that in some cases UIM component ports are configurable instead of using their default port(s).

Supplemental Notes

Essentially, it is important to achieve a balance between ensuring a secure and virus-free server environment, while not interfering with the reliability and performance of servers or applications. Virus scanning is often a cause of installation failures, upgrade processes failing, and/or operational performance issues.

This may happen due to the lack of properly configured anti-virus exclusions and/or AV may cause outages of applications and services due to contention or file locking, or application processes being blocked by default. Fortunately, Security Admins can check the AV logs for such evidence.

Aside from most applications and numerous business applications, even Microsoft publishes/documents a fairly long list of files and folders that they recommend should be excluded from AV scanning. Information regarding recommended AV scan exclusions for Applications or Operating Systems are easily searched and found on the web. It is a very common practice.

Note also that you can sign up for proactive notifications for DX Infrastructure Management (Unified Infrastructure Management) which include Security Advisories, here:

https://support.broadcom.com/user/notifications.html

Last but not least, any partner, customer or user of UIM that finds a specific breach or vulnerability can open a support case and report it to Broadcom, and Development/Engineering will address it.