Skip to content
DataMiner DoJo

More results...

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Search in posts
Search in pages
Search in posts
Search in pages
Log in
Menu
  • Blog
  • Questions
  • Learning
    • E-learning Courses
    • Open Classroom Training
    • Certification
      • DataMiner Fundamentals
      • DataMiner Configurator
      • DataMiner Automation
      • Scripts & Connectors Developer: HTTP Basics
      • Scripts & Connectors Developer: SNMP Basics
      • Visual Overview – Level 1
      • Verify a certificate
    • Tutorials
    • Video Library
    • Books We Like
    • >> Go to DataMiner Docs
  • Expert Center
    • Solutions & Use Cases
      • Solutions
      • Use Case Library
    • Markets & Industries
      • Media production
      • Government & defense
      • Content distribution
      • Service providers
      • Partners
      • OSS/BSS
    • DataMiner Insights
      • Security
      • Integration Studio
      • System Architecture
      • DataMiner Releases & Updates
      • DataMiner Apps
    • Agile
      • Agile Webspace
      • Everything Agile
        • The Agile Manifesto
        • Best Practices
        • Retro Recipes
      • Methodologies
        • The Scrum Framework
        • Kanban
        • Extreme Programming
      • Roles
        • The Product Owner
        • The Agile Coach
        • The Quality & UX Coach (QX)
    • DataMiner DevOps Professional Program
  • Downloads
  • More
    • Feature Suggestions
    • Climb the leaderboard!
    • Swag Shop
    • Contact
      • General Inquiries
      • DataMiner DevOps Support
      • Commercial Requests
    • Global Feedback Survey
  • PARTNERS
    • All Partners
    • Technology Partners
    • Strategic Partner Program
    • Deal Registration
  • >> Go to dataminer.services

Any specific experiences that you can share on the use of Anti-Virus programs on DMAs?

Solved3.15K views10th July 2023antivirus cybersecurity security
5
Ben Vandenberghe [SLC] [DevOps Enabler]9.06K 31st July 2020 0 Comments

AV software can be a bit of a pain sometimes, then again often it is also a necessity considering the growing importance of cybersecurity.

The key concerns are typically making sure that the AV doesn't take away too much of the computing resources that the DMA needs, or blocks certain things that are vital for the proper functioning of the DataMiner System.  To a large extent I guess this is mainly a matter of properly configuring the AV software in the first place, so that it can happily coexist with the DataMiner software and doesn't negatively impact it, and there are some guidelines/recommendations for that in the DataMiner System Requirements.

But I was wondering if aside from those guidelines, anybody had any further practical experiences to share on that specific topic?  What kind of AV products have you seen being used on DMAs?  What kind of typical issues, if any, have you seen?  And what caused those issues and how were they resolved?  Any further recommendations or past experiences that can help people to use AV in symbiosis with DataMiner?

Marieke Goethals [SLC] [DevOps Catalyst] Selected answer as best 10th July 2023

3 Answers

  • Active
  • Voted
  • Newest
  • Oldest
5
Davy Degrande [SLC] [DevOps Advocate]1.43K Posted 31st July 2020 3 Comments

Some anti-malware programs seen are: Symantec EndPoint Protection, Trend Micro Inc., Sophos EndPoint Security

One is more invasive than the other, typically a file scan is performed and can affect DataMiner in a way that it's just file access rights which is less of a problem.

More invasive ones are when anti-malware is injecting dll's to monitor system vulnerabilities which seem to affect DataMiner operation a lot more.

Some have even 'quarantined' specific dll's ore exe's of DataMiner because they were doing network related calls.

For normal DataMiner operations it's good practice to always add the DataMiner folder, potential database data folders and dll's and exe's to the exclusions of the anti-malware software.

Marieke Goethals [SLC] [DevOps Catalyst] Selected answer as best 10th July 2023
Ben Vandenberghe [SLC] [DevOps Enabler] commented 31st July 2020

Thanks Dave, great input. And for the last paragraph there, I would assume that the things that need to be excluded are fully covered by what is specified in the requirements doc? (copied below)

Exclude the directory C:Skyline DataMiner and the data directory of the database.
Exclude all DataMiner processes (process names starting with SL) and your chosen database application (Cassandra, MySQL, MSSQL).

Davy Degrande [SLC] [DevOps Advocate] commented 31st July 2020

Ben that is indeed summed up how the AV needs to be configured.

Wouter Bogaert [SLC] [DevOps Advocate] commented 6th August 2020

If you want to be sure that nothing is injected in one of the DataMiner processes, know that you can use the CheckAntiVirusDlls BPA (Best Practice Analyzer) to verify this.
It can currently detect injection by the 3 anti-malware programs mentioned by Davy.

4
Ruben Vandepitte [SLC] [DevOps Advocate]2.28K Posted 1st August 2020 1 Comment

I remember a situation where a severe memory leak in one of the the AV processes running on the DataMiner server caused unexpected restarts of our software every few weeks.

Therefore, if you know there's AV software running on the system, I'd say it's good practice to also monitor those processes in DataMiner in a similar way as we normally do for our own SL* processes (CPU, VM size, handles, ...).

Ben Vandenberghe [SLC] [DevOps Enabler] Posted new comment 1st August 2020
Ben Vandenberghe [SLC] [DevOps Enabler] commented 1st August 2020

Great input Ruben. Thanks!

4
Brent Alleweireldt [SLC]1.53K Posted 31st July 2020 7 Comments

Another issue with an AV was caused by a failover setup and a central McAfee-setup.

This McAfee setup used a central management platform to monitor the health of the DMA-servers based on the ip. In a failover setup the online agent will use a virtual IP for all his network communication. This caused issues in the McAfee manager as it did not expect the virtual IP and viewed the online agent as unreachable.

They worked around the issue by always setting the "SkipAsSourceFlag" when an agent came online, but this negatively impacts DataMiner functionality.

Duc Ngo Posted new comment 28th March 2021
Ben Vandenberghe [SLC] [DevOps Enabler] commented 31st July 2020

Great one Brent. Very valuable intel, it’s not the first thing that would come to my mind that this failover scheme could interfere with functionality of an AV.

Duc Ngo commented 18th March 2021

Hi Brent,

We have a customer that is looking at antivirus software, with McAfee being one of the options. Could you please advise how setting the “SkipAsSourceFlag” will negatively impact DataMiner functionality?

I see from your other ticket (https://community.dataminer.services/question/network-adaptor-not-working-after-failover/?hilite=SkipAsSource) “The skipAsSource flag is indeed added to the NIC. With this flag enabled, the Primary IP will be skipped when communicating with other devices on the network, this way the DMA will always respond using the Virtual IP”

Does this impact on logging onto the Primary IP of the server? e.g. Remote Desktop session.

Duc Ngo commented 25th March 2021

Hi Brent,

Could you please advise how setting the “SkipAsSourceFlag” will negatively impact DataMiner functionality?

Thanks,
Duc

Brent Alleweireldt [SLC] commented 25th March 2021

Hey Duc,

The SkipAsSourceFlag is used to force the online DMA to respond using the Virtual IP to the outside world. This effectively means that from the outside world it is impossible to say which agent is online using just the IP. It gets added to every IP on the agent except for the Virtual IP. This is important for the features where the outside world listens for data coming from the DMA based on IP.

So setting this flag to false will impact this, I do not know all the features that will break but notable examples are, trap sources and devices filtering incoming data sent by he dma using the ip.
Setting it to false with not impact the ability to send data, Remote Desktop Session,… to the Primary or Virtual IP.

Do note that the flag is managed by Dataminer, this means that the flag will be set every time the agents switches. Manually changing this is not recommended by Skyline

Duc Ngo commented 26th March 2021

Thanks Brent for the response. How would we set the SkipAsSourceFlag in DataMiner?

Thanks,
Duc

Show 2 more comments
Please login to be able to comment or post an answer.

My DevOps rank

DevOps Members get more insights on their profile page.

My user earnings

0 Dojo credits

Spend your credits in our swag shop.

0 Reputation points

Boost your reputation, climb the leaderboard.

Promo banner DataMiner DevOps Professiona Program
DataMiner Integration Studio (DIS)
Empower Katas

Recent questions

Correlation Engine: “Test rule” doesn’t result in a hit, despite functional rule 1 Answer | 2 Votes
When using the Setter = true attribute, will the copy action always be executed first? 1 Answer | 2 Votes
Multiple Set on Table parameters for DVE’s 1 Answer | 2 Votes

Question Tags

adl2099 (115) alarm (62) Alarm Console (82) alarms (100) alarm template (83) Automation (223) automation scipt (111) Automation script (167) backup (71) Cassandra (180) Connector (109) Correlation (69) Correlation rule (52) Cube (150) Dashboard (194) Dashboards (188) database (83) DataMiner Cube (57) DIS (81) DMS (71) DOM (140) driver (65) DVE (56) Elastic (83) Elasticsearch (115) elements (80) Failover (104) GQI (159) HTTP (76) IDP (74) LCA (152) low code app (166) low code apps (93) lowcodeapps (75) MySQL (53) protocol (203) QAction (83) security (88) SNMP (86) SRM (337) table (54) trending (87) upgrade (62) Visio (539) Visual Overview (345)
Privacy Policy • Terms & Conditions • Contact

© 2025 Skyline Communications. All rights reserved.

DOJO Q&A widget

Can't find what you need?

? Explore the Q&A DataMiner Docs

[ Placeholder content for popup link ] WordPress Download Manager - Best Download Management Plugin