-
Título
AntiVirus exclusion settings for Foglight and Agent Managers -
Descrição
What folders should be excluded from AntiVirus settings in order to avoid any impact on the FMS (Fogight Management Server) or the FglAM (Foglight Agent Manager)? -
Causa
Anti-Virus Protection tools either on Linux or Windows(such as Windows System Center 2012 Endpoint Protection installed on Windows) may negatively impact the CPU and system performance of machines running Foglight the Agent Manager (FglAM)
To reduce resource consumption it is highly recommended that you exclude the following directories from being scanned by the Anti-Virus tools:..\Foglight (for the FMS)..\Foglight Agent Manager (for the FglAM) -
Resolução
ANTIVIRUS EXCLUSIONS
Anti-Virus Protection tools installed either on Linux or Windows, like The Windows System Center 2012 Endpoint Protection tool may negatively impact CPU and system performance of machines running FMS (Foglight Management Server) and the FglAM (Foglight Agent Manager).To reduce resource consumption it is required that users exclude directories from being scanned by the Anti-Virus tools, these are common installations directories:
C:\Dell\C:\Quest\C:\Quest Software\
C:\Program Files\Common Files\Quest\Foglight Agent Manager\
But, installations could be located in a different directory, please do the following steps to review the Antivirus configuration on a Windows server.For Windows:
- Identify the Antivirus being run on the server.
Most Windows Antivirus applications run as a Windows Service. Users can review the current running Windows Services from the Windows Control Panel to check for an actively running Antivirus such as "Microsoft Antimalware Service" used by Windows System Center 2012 Endpoint Protection.
Foglight Agent Manager support bundles also lists services running on the FglAM server are listed in the support bundle \systeminfo\runningservices.log or \system\Windows-system-info.txt files. Running services are indicated in the STATE field.
- Find the paths where Foglight and Agent Managers are running
Check the properties of the Windows Service to locate the installation folder for "Foglight" and the "Agent Manager" or "Foglight Agent Manager" services. There may be multiple services running on a server.
With a FglAM support bundle, this value can be found in the first FglAM log (001) of a series and then looking for the “-Dquest.state.dir” value in the log file.
Or this Powershell query would pull the locations for all FglAMs and Foglight installed in Windows Services
Get-WmiObject win32_service | ?{$_.PathName -like '*fglAM.exe*'} | select Name, DisplayName, State, PathName
Get-WmiObject win32_service | ?{$_.PathName -like '*fms.exe*'} | select Name, DisplayName, State, PathName
3.Review the exclusions for the Antivirus software.
A.Many running Antivirus application services place an icon in the Windows taskbar. By right clicking this icon, the Antivirus settings and exclusions may be visible.
B. For Windows System Center Endpoint Protection, the following two Powershell queries can be used to retrieve the exclusions
Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Microsoft Antimalware\Exclusions\Paths' | select *Get-ItemProperty 'HKLM:\SOFTWARE\Policies\Microsoft\Microsoft Antimalware\Exclusions\Paths' | select *C. You can also manually check for antivirus software on desktops (Windows 7, Windows 10) using this wmi query.(From DOS) wmic /NAMESPACE:\\root\SecurityCenter2 PATH AntiVirusProduct Get displayname /Format:List
D. Windows desktops have these SecurityCenter2 WMI objects, but the namespace doesn’t exist on servers (from PowerShell)Get-WmiObject -Namespace "root\SecurityCenter2" -Query "SELECT * FROM AntiVirusProduct"
For Linux:
Depending on the Anti-virus that is being used, please look for the vendor instructions on how to do antivirus exclusions on the directories that were previously mentioned in this article.
Confirm the location for the FMS embedded database data file directory either on Windows or Linux, and make sure those are also excluded from scanning:
These are typically located in
MySQL: $FGLHOME\mysql\data
Postgress: $FGLHOME\state\postgresql-data - Identify the Antivirus being run on the server.
-
Informações adicionais
Regarding Foglight embedded Database repository, please consider Database engine vendor documentation:
1. Please check topic "PostgreSQL and/or the installer crashes at startup, fails to start or hangs on start"
2. For MySQL, please check "MySQL and Virus Checking Software"