Any specific experiences that you can share on the use of Anti-Virus programs on DMAs?

Solved3.17K viewsantivirus cybersecurity security
5
0 Comments

AV software can be a bit of a pain sometimes, then again often it is also a necessity considering the growing importance of cybersecurity.

The key concerns are typically making sure that the AV doesn't take away too much of the computing resources that the DMA needs, or blocks certain things that are vital for the proper functioning of the DataMiner System.  To a large extent I guess this is mainly a matter of properly configuring the AV software in the first place, so that it can happily coexist with the DataMiner software and doesn't negatively impact it, and there are some guidelines/recommendations for that in the DataMiner System Requirements.

But I was wondering if aside from those guidelines, anybody had any further practical experiences to share on that specific topic?  What kind of AV products have you seen being used on DMAs?  What kind of typical issues, if any, have you seen?  And what caused those issues and how were they resolved?  Any further recommendations or past experiences that can help people to use AV in symbiosis with DataMiner?

Marieke Goethals [SLC] [DevOps Catalyst] Selected answer as best 10th July 2023

3 Answers

5
1.43K 3 Comments

Some anti-malware programs seen are: Symantec EndPoint Protection, Trend Micro Inc., Sophos EndPoint Security

One is more invasive than the other, typically a file scan is performed and can affect DataMiner in a way that it's just file access rights which is less of a problem.

More invasive ones are when anti-malware is injecting dll's to monitor system vulnerabilities which seem to affect DataMiner operation a lot more.

Some have even 'quarantined' specific dll's ore exe's of DataMiner because they were doing network related calls.

For normal DataMiner operations it's good practice to always add the DataMiner folder, potential database data folders and dll's and exe's to the exclusions of the anti-malware software.

Marieke Goethals [SLC] [DevOps Catalyst] Selected answer as best 10th July 2023
Ben Vandenberghe [SLC] [DevOps Enabler] commented

Thanks Dave, great input. And for the last paragraph there, I would assume that the things that need to be excluded are fully covered by what is specified in the requirements doc? (copied below)

Exclude the directory C:Skyline DataMiner and the data directory of the database.
Exclude all DataMiner processes (process names starting with SL) and your chosen database application (Cassandra, MySQL, MSSQL).
Davy Degrande [SLC] [DevOps Advocate] commented

Ben that is indeed summed up how the AV needs to be configured.
Wouter Bogaert [SLC] [DevOps Advocate] commented

If you want to be sure that nothing is injected in one of the DataMiner processes, know that you can use the CheckAntiVirusDlls BPA (Best Practice Analyzer) to verify this.
It can currently detect injection by the 3 anti-malware programs mentioned by Davy.
You are viewing 1 out of 3 answers, click here to view all answers.