Which files and folders in Security Manager should be excluded from a real time antivirus scan? (NETIQKB48332)

  • 7748332
  • 02-Feb-2007
  • 26-Oct-2010

Environment

Security Manager 6.X

Situation

Which files and folders in Security Manager should be excluded from a real time antivirus scan?
Do I need to exclude the queue and cache files from real time antivirus scanning?

Does NetIQ Technical Support have any recommended best practices concerning which files to exclude from virus checking?

Which files should not be virus scanned?

Resolution

NetIQ Technical Support recommends that you exclude the following files from antivirus scanning for Security Manager 6.X
 
Central Computers Agent Cache Files Exclusion:

 

(W2K3)
E.g.


%\Documents and Settings\All Users\Application Data\NetIQ\  

 

Note: Exclude all subdirectories and files under this directory.

 

(W2K8)

 

E.g.

%:\programdata\netiq\security manager

 

Note: Exclude all subdirectories and files under this directory.

NOTE: In cases where the above path is not in the default location, type this environment variable: Start | Run |  "%allusersprofile%\netiq\security manager" to find the correct path.

 

Central Computers Program Files Exclusion:

 

E.g

%:\Program Files\NetIQ Security Manager\OnePoint

 

Note: Exclude all subdirectories and files under this directory.

 

SQL Server data Files Exclusion:


Exclude the .MDF and .LDF Security Manager Database files. Most importantly the one point databases Eea_data.mdf and Eea_data.ldf files.

E.g.


%\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data

 

Log Archive Exclusion files Exclusion:


Exclude the entire log archive volume that will cover all of the daily archives, the CubeExport, and the index_Data directory.

 

E.g.

%:\NetIQSMLogArchive\

<Log_Archive_Directory>\index_data
<Log_Archive_Directory>\CubeExport


 

Note: By default the CubeExport and Index_data directory are located under the log archive volume but it is possible to change the location of those directories.

 

Cause

AV scanning the temporary queue and cache files, on any agent or central computer, can potentially create write contention to the files. This contention causes Security Manager to generate an unhandled exception.

In addition, AV scanning on the log archive server can potentially cause write contention as well, as a number of directories contain temporary files.

This includes anything in the index_data folder as well as the cubeexport folder.

 

 

Additional Information

Formerly known as NETIQKB48332

Feedback service temporarily unavailable. For content questions or problems, please contact Support.