AntiVirus - UIM, UMP, CABI and Operator Console pre-install and operational requirements
Article ID: 205483
Updated On:
Products
Issue/Introduction
What are the requirements concerning Anti-Virus for pre and post installation and ensuring normal ongoing operation for:
- UIM (DX Infrastructure Manager)Environment
Release : 9.2.0 or higher
Component : UNIFIED INFRASTRUCTURE MGMT
Resolution
Important notes on AntiVirus
Configure your Operating Systems
Firewalls and Virus Scanners
Before you install CA UIM:
Shut down any antivirus software.
(Optional) Shut down your firewall. While not always necessary, this action maximizes your chance of a successful installation.
If you keep your firewall running:
- Ensure the port between the CA UIM system and the database system is open.
- Specify a starting port during CA UIM installation (the recommended default is port 48000).
- Ensure that an adequate range of ports are open (for example, ports 48000 through 48020).
At a minimum, the first three ports assigned (controller, spooler, and hub) must be open. The port that is used for the distsrv probe communication is dynamically assigned.
- Reenable the firewall and anti-virus software when installation is completed.
Firewall Port Reference:
Troubleshooting Additional Scenarios
Also if you examine our troubleshooting section, for example:
"We recommend that you exclude the entire UIM folder from the anti-virus scanning. This alert can occur in multiple probes. Therefore, excluding the entire UIM folder from anti-virus scanning is recommended."
Additional Information
Anti-Virus Protection and Nimsoft programs and folders
https://knowledge.broadcom.com/external/article/47887/
Turn off Anti-Virus Scanning
Turn off any anti-virus scanners running on the server. These scanners can significantly slow down the installation. You can turn your anti-virus scanner back on after the upgrade is complete.
If you don't exclude the Nimsoft application from Anti-Virus, it may interfere with installation as well as normal operation. This can apply to any/all software applications not just enterprise monitoring. During installation you can temporarily disable AV, then reenable it. During normal operation, specific exclusions must be in place as per the content in this KB Article.
UIM works with TCP ports and if a firewall blocks them, it would not communicate. The ports being used that need to be allowed are well documented. For more detailed information please refer to the techdocs page:
Note that in some cases UIM component ports are configurable instead of using their default port(s).
Supplemental Notes
Essentially, it is important to achieve a balance between ensuring a secure and virus-free server environment, while not interfering with the reliability and performance of servers or applications. Virus scanning is often a cause of installation failures, upgrade processes failing, and/or operational performance issues.
This may happen due to the lack of properly configured anti-virus exclusions and/or AV may cause outages of applications and services due to contention or file locking, or application processes being blocked by default. Fortunately, Security Admins can check the AV logs for such evidence.
Aside from most applications and numerous business applications, even Microsoft publishes/documents a fairly long list of files and folders that they recommend should be excluded from AV scanning. Information regarding recommended AV scan exclusions for Applications or Operating Systems are easily searched and found on the web. It is a very common practice.
Note also that you can sign up for proactive notifications for DX Infrastructure Management (Unified Infrastructure Management) which include Security Advisories, here:
https://support.broadcom.com/user/notifications.html
Last but not least, any partner, customer or user of UIM that finds a specific breach or vulnerability can open a support case and report it to Broadcom, and Development/Engineering will address it.
Feedback
