000016001 - Anti-virus agent best practices for enVision

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000016001
Applies ToenVision Core Other
Best Practices
IssueAnti-virus agent best practices for enVision
Can I install antivirus software on Envision?

Antivirus Configuration Best Practices

?         DO NOT INSTALL the Anti Virus software on D:\ as this is your swap space

?         Isolate enVision in its own Group or Group Anti Virus Policy

?         Do not scan EMC Celerra NAS if enVision IPDB is stored there.  This NAS is already hashed, and EMC has Celerra-AV scanning if necessary that is more efficient.

?         No On-Demand scans during Top of Hour, Midnight (UTC) during enVision daily Indexing.

?         Configure first action to be Quarantine, DO NOT DELETE.

?         Some Anti Virus software require various ports and services to communicate to the server if you plan on deploying in a managed format. Where possible, it is recommend that you not enable these services or open these ports.  Rather, one can typically leave the Anti Virus client in un-managed mode and configure it to seek updates daily on its own.

?         Exclude any hashed enVision LogSmart IPDB log storage locations (E:\nic\lsnode\data is default on an enVision ES appliance)

?         Exclude D:\tmp directory from scanning (Nuggets are read only as ASCII text)

?         Exclude %_Envision%\database\* from scanning.

?         Ensure that you are scanning %_envision%\ftp_files\*, as this FTP drop site is a potential entry point for malware.

NotesNOTE:  Should the installation of any 3rd party software impede functionality of Envision, RSA is committed to lending limited support to determine conflict resolution.  However, RSA cannot quality assure that every vendor's product will work flawlessly when installed on Envision.  That said, the inevitable resolution may be to remove the offending 3rd party software.
Legacy Article IDa49537