Antivirus exclusions

Setting antivirus exclusions can enhance performance and reduce the chances of false positive virus detections. While not mandatory, it is beneficial to consider the following factors:

The type of antivirus in use
The activity of the agent
Performance considerations

By considering these factors, you can ensure optimal performance across all devices where you have installed a BMC Helix Client Management agent, including master, relay, and client devices.

On client devices, activities are generally minimal. However, for master and relay servers, where activities are more frequent, it's beneficial to exclude the following file types for optimal performance:

*.sqlite
*.sqlite3
*.table

Important

We recommend always applying the security policy on the BMC Client Management Agent folder. It applies to all devices where you have installed a BMC Client Management agent, including master, relay, and client devices.

Impact of antiviruses on BMC Helix Client Management Agent performance

Antivirus software can significantly affect the performance of the BMC Client Management Agent, leading to various operational issues and potential crashes.

The following table describes how antivirus interactions can disrupt BMC Helix Client Management functionalities and the necessary exclusions to mitigate these problems:

Key Issues Caused by Antivirus Interference

Key Issues	Description
Resource consumption	Excessive CPU and memory usage can occur due to ongoing antivirus scans, leading to system slowdowns.
Random crashes	The BMC Helix Client Management Agent can also crash unexpectedly, often without clear explanations, disrupting essential operations.
Configuration file access issues	Configuration files (for example, ../config/.ini, ../etc/.ini) might get locked, preventing necessary edits or updates via manual or remote methods.
Update failures	The agent crashes when attempting to update the Patch Knowledge Base.
Logging failures	The BMC Helix Client Management Agent might fail to write to its log files, complicating troubleshooting efforts.
Inventory limitations	Inability to perform inventory activities might hinder asset management and tracking.
Software deployment issues	Deployment processes could fail entirely, impacting software distribution across devices.
Remote operations	The User Account Control (UAC) pop-up messages might not display correctly in the BMC Helix Client Management Console, leading to confusion during remote operations.
Patch deployment failures	Changes in the patch checksums after antivirus scans can prevent successful patch deployments.

Recommended Antivirus Exclusions

To avoid the issues specified in the preceding table, you must set the following exclusions for any antivirus software running on systems using the BMC Helix Client Management Agent:

Files/Directories	Action
BMC Helix Client Management Agent Installation directory	Exclude the entire directory where the BMC Helix Client Management Agent is installed.
Log files directory	Exclude the logging directory to ensure logging functions work properly.
Patch Knowledge Base directory	Exclude the patch update directory to ensure updates are processed without interference.
Configuration files	Exclude specific paths to configuration files to allow for proper editing and saving.
SQLite database files	Exclude all SQLite files used by the BMC Helix Client Management modules to prevent locking and access issues.
Executable files	Exclude all executable files related to the BMC Helix Client Management Agent from being scanned or quarantined.

By implementing these exclusions, organizations can enhance the stability and performance of the BMC Helix Client Management Agent, ensuring it functions optimally without interruptions from antivirus software.

Setting mandatory exclusions

You must set the following mandatory exclusions on any antiviruses. These settings should help in quickly identifying the necessary exclusions and considerations for optimizing the BMC Helix Client Management Agent's performance in when the antivirus software is running.

Category	Description
Folders	Entire agent folder exclusions: Set exclusions for ..\BMC Software\ClientManagement\Client\ folder on endpoint devices and Relay. Set exclusions for ..\BMC Software\ClientManagement\Master\ on the Master Server. Exclude TFTP local path for OSD Managers if configured outside the default location ..\BMC Software\Client Management\Client\data\OsDeployment\PXETFTP\.
Files	Executable and DLL files: Exclude all .exe and .dll files under: ..\<Master or Client directory>..\bin ..\<Master or Client directory>..\data\PatchManagementPremium ..\<Master or Client directory>..\data\OsDeployment. SQLite files: Exclude .sqlite, .sqlite3, and .table located under ..\data\ sub-folders. INI files:* Exclude all .ini files under: ../Master/config (Windows) or ../Master/etc (Linux) ../client/config (Windows) or ../Client/etc/ (Linux). Log files:* Exclude all *.log files under ../Master/log and ../Client/log.
Windows System Tasks	Allow execution of tasks from the directory C:\Windows\System32\Tasks\LANDESK. This task is required for the patch management module.
Rollout Executable Names	Exclude the executable deployed to install agents, typically named BCM_Agent.exe. The name might vary based on rollout configurations. To find the correct name, check in: Global Settings > Rollout > relevant rollout configuration > General > Auto-extractable Name. Exclude the MtxSetup.exe process for proper installation of the Agent and during upgrades. Important: The checksum might vary for different versions.
System Process	Do not prevent execution of C:\Windows\System32\svchost.exe. Important: Be cautious while adding .exe files to the allowlist, as rollouts may have different checksums each time they are generated.

Where to go from here

To determine if the security program is accessing the files of the BMC Helix Client Management, refer Identity BCM Application Slowness Using Resource Monitoring tools for more information.