ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

UIM Upgrade Plan queries and Crowdstrike

book

Article ID: 237105

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM) DX Unified Infrastructure Management (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM) Unified Infrastructure Management for Mainframe

Issue/Introduction

We are upgrading UIM to 20.4 on this Sunday 20th march. We do not have antivirus running on UIM servers but have Crowdstrike running on them. Will it also need to be in disabled state?

Cause

- Installation

Environment

Release : 20.3

Component : UIM - INSTALL

Resolution


Crowdstrike Falcon may be blocking, filtering, or detecting and blocking what it thinks is 'malware' and hence my interfere with the UIM install process.

During installation/upgrades, please ask the Security team to temporarily disable any/all Anti-Virus as this may interfere with the installation process.

This includes and extends to any/all security applications installed locally on the Windows, Linux or UNIX server that may interfere through blocking, filtering, or the need for ‘whitelisting’ of DX UIM components, connections or message traffic.

If the antivirus application cannot be disabled, then you MUST ensure that the installer application and all Nimsoft programs, directories/files are completely excluded from Anti-Virus scanning before and during the upgrade. After the upgrade is complete you can normally re-enable Anti-Virus.

AntiVirus - UIM, UMP, CABI and Operator Console pre-install and operational requirements
https://knowledge.broadcom.com/external/article/205483

As an example of how CrowdStrike may interfere with the UIM install, Crowdstrike may detect one or more files as malicious under the Nimsoft directory, e.g., presence of the file "7za.exe.tmp" in the directory "Program Files (x86)\Nimsoft\robot\pkg\temp\7za.exe.tmp" on 1 or more multiple servers.