Antivirus scanning of DX UIM components
search cancel

Antivirus scanning of DX UIM components

book

Article ID: 137152

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM)

Issue/Introduction

  • This article provides important information regarding best practices for Anti-Virus scanning and configuration for UIM/Nimsoft installations, upgrades and uninterrupted operations.

Environment

  • Any UIM Release

Cause

  • Anti-Virus scanning configuration requirements

Resolution

The UIM/Nimsoft application needs to read and write files continually on local drives. Log file, queues, configuration files and licenses all require read / write activity. 

If this activity is delayed, by virus scanning, an application can timeout. 

***Under ideal circumstances you should EXCLUDE the Nimsoft root directory and all sub-directories from being scanned.***  

If that is not possible, you can use these more specific directories:

DX UIM/Nimsoft Primary Hub Server

  • Nimsoft / probes
  • Nimsoft / hub
  • Nimsoft / archive
  • Nimsoft / robot
  • Nimsoft / niscache
  • Nimsoft / Unified Reporter or CABI
  • Nimsoft / UMP
  • Nimsoft / install
  • Nimsoft / SLM
  • Nimsoft / NIS
  • Nimsoft / jre
  • Nimsoft Robot Server
  • Nimsoft / robot
  • Nimsoft / probes
  • Nimsoft / jre

Operator Console (OC) Robot

  • All of the Nimsoft / wasp directories as well...

Active anti-virus scanners slow down UMP installation significantly. Before you begin installation, turn off any anti-virus scanning on the Primary Hub Server.

For servers being monitored:

  • We highly recommend excluding the UIM/Nimsoft probe processes from the active scan.

  • IMPORTANT: There is no other workaround for this if there are 'aggressive' AV scans running against Nimsoft files and folders.

  • For each Nimsoft administrator/Windows user running the Infrastructure Manager client application, the %Temp%\util folders should also be excluded.

  • Note that if a program is blocked, most of the time either a scan/scan logs will identify what is being blocked, event log will show crashes, exceptions, hangs, or ONLY Informational messages BUT it could be interfering, e.g., Carbon Black/Bit9 will block a program and then report it in the event log.

  • Notes regarding UIM/Nimsoft installations/upgrades:

  • Firewalls and Virus Scanners - you must shut down any anti-virus software before installing the Nimsoft Server. You may also want to shut down the firewall. While this is not always necessary, it will maximize your chance for a fail-safe installation.

Important: Remember to turn the firewall and anti-virus software back on after you have finished the Nimsoft Server installation. If you elect to keep your firewall running during installation, (this is NOT recommended), you must minimally observe the following: 

■ The port between the Nimsoft Server and the database server must be open.

■ Specify a starting port during the Nimsoft Server installation. The recommended default is port 48000.

■ Ensure that an adequate range of ports are open (for example, ports 48000 through 48050). Minimally the first three ports assigned must be open (controller, spooler, hub).

Note that the port used for distsrv (probe/package distribution server) is dynamically assigned.

Note that in general, a security scan usually finds and logs whatever executables/programs are being put in question/filtered/blocked in their relevant / associated logs so its helpful to be able to review the logs if you suspect interference.

Additional Information

The UIM help documentation on ports and protocols may be helpful to your security team as well: Firewall Port Reference