Configuring generic antivirus and intrusion prevention settings

This topic provides basic suggestions for configuring generic antivirus and intrusion prevention client software on systems that make up a BMC Cloud Lifecycle Management environment. It includes the following subsections:

Antivirus and intrusion prevention clients focus on the assessment and prevention of malicious attacks against the systems they protect. This assessment scrutinizes any files, connectivity, or behavior that the software determines are a potential risk, including unrecognized materials or an attempt to control other systems.

The nature of automation requires access and control of other systems as well as the use of use of various utilities and installers that could be mistakenly classified as a threat, so it is not unusual to see conflicts with intrusion prevention and automation efforts. Because each environment and antivirus software combination can result in unique results, supplying a detailed list of configuration settings that will meet all customer requirements is not possible. However the settings listed below can be used as a base line for initial settings that should minimize disruption of BMC Cloud Lifecycle Management services. If a full hardening exercise is desired or required to fully lock down BMC Cloud Lifecycle Management services using third party products without a disruption to services, a full environment assessment and time to test and monitor specific third-party features and functions with BMC Cloud Lifecycle Management systems is required.

Directories to exclude

This section provides a list of basic directories that should be excluded from Antivirus and Intrusion prevention scans. The intent is to keep CLM files/directories from being quarantined, blocked, or deleted by Antivirus or Intrusion Detection services. Some of these systems may not apply to your specific environment depending on the BMC build/services that have been implemented. If the installations did not use the default installation directories, then the paths below would be replaced with the paths that were used.

Core systems

System	Directories to exclude
BMC Server Automation servers	C:\Program Files\BMC Software\ C:\Windows\rsc\
BMC Server Automation file servers	C:\Program Files\BMC Software\ C:\Windows\rsc\ <path to fileserver storage>/storage/
BMC Cloud Lifecycle Management cloud platform manager	C:\Program Files\BMC Software\
BMC Remedy AR System enterprise servers and web servers	C:\Program Files\BMC Software\
BMC Cloud Lifecycle Management cloud database server	C:\Program Files\BMC Software\
BMC Atrium Orchestrator servers	C:\Program Files\BMC Software\
BMC Network Automation	C:\Program Files\BMC Software\ C:\BCA-Networks-Data\

Supplemental systems

System	Directories to exclude
BMC Server Automation PXE servers	C:\Program Files\BMC Software\ C:\Windows\rsc\
BMC Server Automation repeaters	C:\Program Files\BMC Software\ C:\Windows\rsc\
BMC Server Automation	C:\Program Files\BMC Software\ C:\Windows\rsc\

Target systems

System	Directories to exclude
Target VMware vCenter servers	C:\Program Files\BMC Software\ C:\Windows\rsc\

Services

BMC recommends that you set security software to not run real time scans against the following trusted services that run as part of BMC Cloud Lifecycle Management.

Products	Services
BMC Remedy AR System & IT Service Mgt. Suite (Enterprise AR)	Apache Tomcat Tomcat6 AR System Portmapper BMC Atrium Impact Simulator BMC Remedy Action Request System Server<hostname> BMC Remedy Email Engine<hostname> BMC Remedy Flashboards Server<hostname>
BMC Remedy AR System – Cloud Database (Cloud AR)	AR System Portmapper BMC Remedy Action Request System Server<hostname>
BMC Atrium Web Registry	Apache Tomcat atriumTomcat6
BMC Remedy AR Mid-tier	Apache Tomcat Tomcat6
BMC Server Automation	BladeLogic Application Server BladeLogic Process Spawner BMC BladeLogic RSCD Service
BMC Atrium Orchestrator	BMC Atrium Orchestrator Access Manager and Repository BMC Atrium Orchestrator Configuration Distribution Peer
BMC Network Automation	BCA-Networks TFTP Server BCA-Networks Web Server
Platform Manager	BMC CSM
PXE Server	BladeLogic PXE Server BladeLogic TFTP Server
BMC Network Device Agent	BCA-Networks Agent
BBSA repeaters	BMC BladeLogic Advanced Repeater Service BMC BladeLogic RSCD Service
VCenter Server(s)	BMC BladeLogic RSCD Service

Ports

As part of your BMC Cloud Lifecycle Management implementation, the applications require different ports for authentication, communication, etc. Well-Known Port numbers and BMC suggested port numbers are listed below. If the default ports were modified as part of your installation or if additional systems were added for HA/DR considerations, take those ports into account.

Ports with an asterisk "*" indicate custom definable ports. Ensure that the ports that you select do not conflict with the ports that are currently in use in the installation environment.

Unknown macro: {multi-excerpt-include}