Antivirus detections over Nimsoft Processes during upgrade tests
search cancel

Antivirus detections over Nimsoft Processes during upgrade tests

book

Article ID: 237595

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM) DX Unified Infrastructure Management (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM) Unified Infrastructure Management for Mainframe

Issue/Introduction

Cybersecurity team has informed us about a threat detection during our TEST environment during the  upgrade to 20.3.2 version.

We would like to know if security team should exclude these alerts from our Nimsoft environment, since we're going to run this same upgrade in PROD in a few days and it would be convenient to avoid this type of issue. Please read below the information sent by the Cybersecurity Team.

"We received a few detections on XXXSXXX02 for the following file: conf_data_engine.exe"

Environment

  • Release : 20.3.2 or higher
  • Component : UIM - INSTALL

Cause

  • Anti-Virus

Resolution

Disable Anti-Virus
 
During installation/upgrades, please ask the Security team to temporarily disable any/all Anti-Virus as this may interfere with the installation/upgrade process.
 
This includes and extends to any/all security applications installed locally on the Windows, Linux or UNIX server that may interfere through blocking, filtering, or even the need for proactively ‘whitelisting’ of DX UIM components, connections or message traffic.
 
Any/all Anti-Virus/Security software MUST be disabled on the Primary hub before proceeding otherwise you may experience unforeseen issues due to some form of interference, such as blocking, filtering, malware blocking-prevention, false-positive malware detection, e.g., applications such as Carbon Black, CrowdStrike, Symantec Endpoint Protection, Kaspersky, McAfee, Bit9, etc.
 
If the antivirus application cannot be disabled, then you MUST ensure that the installer application and ALL Nimsoft programs, directories/files are completely excluded from blocking, scanning, filtering, etc., before and during the upgrade. After the upgrade is complete normally you can re-enable Anti-Virus but the exceptions must remain in place for the programs to run unabated.

If you have not excluded UIM/OC from security software or Anti-Virus applications that can end up blocking/filtering applications/ports/protocols/connections, and it may also happen at a time when you don’t expect it. In that case, you may have to reach out to your Security team, there may be delays in obtaining a response and this may interfere with the progress of your install, upgrade or monitoring.

Powered by Wolken Software