article Anti-virus, Endpoint detection and response and Advanced Threat Prevention exclusions for Qlik product deployments in Official Support Articles

Anti-virus, Endpoint detection and response and Advanced Threat Prevention exclusions for Qlik product deployments

Sonja_Bauernfeind — Wed, 26 Jun 2024 08:24:40 GMT

To eliminate the chance that AntiVirus, AntiMalware, and other security-related software cause corruption or lock up files in the Qlik environment, or cause issues during an installation/upgrade/patch, some folders should be excluded from live scanning.

Impact of AntiVirus/Endpoint Detection and Response (EDR)/Advanced Threat Protection (ATP) scans locking Qlik related files (such as .qvw files, binary Qlik Sense app files as well as NPrinting task files, etc...) can result in loading and refresh failures as well as performance issues.

Please note that usual anti-virus exclusions might not apply to the EDR and ATP setup, talk to the solution vendor to get the exclusions in place. As an example if you use Microsofts Advanced Threat Protection (Microsoft Defender for Endpoint), then the exclusion list is handled by Microsoft and you need to open a ticket with Microsoft to get an exclusion in place.

If Crowdstrike Antivirus monitoring is installed on any Qlik Server

Start a support case with crowdstrike support
Enable 'bypass mode' for any Qlik programs including
1. ALL nodes in a cluster
2. Postgres
3. Storage Server
Then retest any reported issues with 'bypass mode' enabled

Qlik Sense Enterprise all versions

Antivirus exceptions for Qlik Sense- McAfee, Symantec & Other Anti-Virus exclusions absolutely required
Qlik Sense Folder And Files To Exclude From AntiVirus Scanning

You can obtain a list of exclusions to use with your EDR or ATP system by running the following script:

$Scanfolders = @("C:\Program Files\Common Files\Qlik","C:\Program Files\Qlik","C:\ProgramData\Qlik") Foreach ($i in $Scanfolders) { Get-ChildItem -Path $i -Recurse -Include "*.exe" | % {Get-FileHash $_.FullName -Algorithm MD5} | Out-File C:\temp\exclusion_findings.txt -Append -Width 1000 }

This script was uses Qlik Sense Enterprise on Windows as an example. Replace the defined folders, such as C:\Program Files\Qlik, should they not apply for the product you are using.

In addition, if you need to use a different hash than MD5, replace it by any of the available values:

SHA1
SHA256
SHA384
SHA512
MD5

For generic information not necessarily related to Advanced Threat Prevention, see:

Re: Antivirus exclusions in Qlik product deployments

suhasinigs — Mon, 02 Aug 2021 05:44:25 GMT

Yes ,I have excluded the qlik sense filders .

Thank you

Re: Anti-virus, Endpoint detection and response (EDR) and Advanced Threat Prevention (ATP) exclusions for Qlik product deployments

MosheZeiger — Sun, 10 Jul 2022 11:41:57 GMT

hello support,

can you also add Anti virus exclusion for QDT?

THX

Moshe

@Sonja_Bauernfeind

Re: Anti-virus, Endpoint detection and response (EDR) and Advanced Threat Prevention (ATP) exclusions for Qlik product deployments

rockabs — Mon, 11 Jul 2022 06:29:36 GMT

Hint: We got the same issue last month (Jun 2022) and found that our Microsoft defender upgraded. And, we noticed that there are a few exclusions required from the product (Not qlik, But yes from Microsoft).

So, Please make sure you are running the Proc mon tool to identify If there are any issues (Example, MsSense.exe) having any violation between shared.

Re: Anti-virus, Endpoint detection and response and Advanced Threat Prevention exclusions for Qlik product deployments

BoB_Qlik_Support — Mon, 06 Mar 2023 07:43:07 GMT

Hi,

Is it advisible to have deep security antivirus in Qlik Sense , even with the exclusion list.

Regards

Re: Anti-virus, Endpoint detection and response and Advanced Threat Prevention exclusions for Qlik product deployments

Sonja_Bauernfeind — Wed, 08 Mar 2023 08:10:06 GMT

Hello @BoB_Qlik_Support

We cannot advise on your security requirements, only provide you with information regarding the needs of our products.

All the best,
Sonja

Re: Anti-virus, Endpoint detection and response and Advanced Threat Prevention exclusions for Qlik product deployments

whill — Mon, 13 Nov 2023 14:29:22 GMT

SCEP is simple certificate enrollment protocol. also, this is the only board failing. all the others are in the dame environment and use the same publishers. opening a ticket with crowdstirke i believe an unnecessary step.

Re: Anti-virus, Endpoint detection and response and Advanced Threat Prevention exclusions for Qlik product deployments

Luigi_Teti — Wed, 22 Nov 2023 08:34:01 GMT

Good morning Sonja,

many organizations by security policy do not allow the exclusion of the entire service user profile (and not even the folder "%localappdata%\temp" which is the path where locked file problems often occur); is it possible to change only the path to the "Temp" where NPrinting goes to write?

Re: Anti-virus, Endpoint detection and response and Advanced Threat Prevention exclusions for Qlik product deployments

Sonja_Bauernfeind — Wed, 22 Nov 2023 10:30:26 GMT

Hello @Luigi_Teti

Changing the temporary location is not supported. See Editing temp path and Can the Qlik NPrinting temporary directory be changed? (only recently made after I verified it with our subject matter experts).

I recommend logging an idea on our ideation platform to request this to be reviewed as a possible feature.

All the best,
Sonja

Re: Anti-virus, Endpoint detection and response and Advanced Threat Prevention exclusions for Qlik product deployments

Luigi_Teti — Wed, 22 Nov 2023 10:40:07 GMT

Thank you Sonja for the feedback!

Re: Anti-virus, Endpoint detection and response and Advanced Threat Prevention exclusions for Qlik product deployments

Chotana2 — Mon, 22 Jan 2024 16:04:55 GMT

Hello @Sonja_Bauernfeind
Do you have any bad feedbacks from customers using SentinelOne EDR or is it seamless?

Re: Anti-virus, Endpoint detection and response and Advanced Threat Prevention exclusions for Qlik product deployments

Sonja_Bauernfeind — Wed, 24 Jan 2024 06:22:20 GMT

Hello @Chotana2

I could not find reported issues with SentinelOne EDR, especially when the overall guidelines regarding AntiVirus/Endpoint Detection and Response (EDR)/Advanced Threat Protection (ATP) scans are followed.

Hope this helps!

All the best,
Sonja

Re: Anti-virus, Endpoint detection and response and Advanced Threat Prevention exclusions for Qlik product deployments

StephanieR — Thu, 27 Jun 2024 13:52:12 GMT

Hello, wanted to ask what issues have others seen with Crowdstrike installations with On Prem Qlik Servers. @Sonja_Bauernfeind

Re: Anti-virus, Endpoint detection and response and Advanced Threat Prevention exclusions for Qlik product deployments

parkera — Mon, 28 Oct 2024 12:26:52 GMT

We are currently working with a Qlik Customer that is using MS ATP and it has been causing issues again since the beginning of October. MS has issued two fixes, and a third came out over the weekend.

The issue occurring is that MS ATP is consuming increased amounts of memory that prevents Qlik from operating normally. Causing Qlik jobs to fail.

If possible it does make sense to monitor the use of RAM and available RAM for Qlik to alert of a potential issue.

The same customer has multiple Qlik services and Qlik servers using MS ATP and this issue is not consistent. Which makes it harder to detect.

Re: Anti-virus, Endpoint detection and response and Advanced Threat Prevention exclusions for Qlik product deployments

StephanieR — Mon, 28 Oct 2024 14:36:54 GMT

Guys we have put in a role based exclusion for Crowdstrike on our Qlik On Prem servers and it is working well very well. Highly recommend getting the vendor you are using the documents re exclusion from Qlik and then working closely with them to tailor to your environment. We had done this previously for Carbon Black and now for Crowdstrike - success with both.

article Anti-virus, Endpoint detection and response and Advanced Threat Prevention exclusions for Qlik product deployments in Official Support Articles

Anti-virus, Endpoint detection and response and Advanced Threat Prevention exclusions for Qlik product deployments

Qlik Sense Enterprise all versions

QlikView all versions

Qlik Replicate and Qlik Enterprise Manager

NPrinting 17 and newer

Qlik Alerting

Antivirus TroubleShooting and Upgrade

Re: Antivirus exclusions in Qlik product deployments

Re: Anti-virus, Endpoint detection and response (EDR) and Advanced Threat Prevention (ATP) exclusions for Qlik product deployments

Re: Anti-virus, Endpoint detection and response (EDR) and Advanced Threat Prevention (ATP) exclusions for Qlik product deployments

Re: Anti-virus, Endpoint detection and response and Advanced Threat Prevention exclusions for Qlik product deployments

Re: Anti-virus, Endpoint detection and response and Advanced Threat Prevention exclusions for Qlik product deployments

Re: Anti-virus, Endpoint detection and response and Advanced Threat Prevention exclusions for Qlik product deployments

Re: Anti-virus, Endpoint detection and response and Advanced Threat Prevention exclusions for Qlik product deployments

Re: Anti-virus, Endpoint detection and response and Advanced Threat Prevention exclusions for Qlik product deployments

Re: Anti-virus, Endpoint detection and response and Advanced Threat Prevention exclusions for Qlik product deployments

Re: Anti-virus, Endpoint detection and response and Advanced Threat Prevention exclusions for Qlik product deployments

Re: Anti-virus, Endpoint detection and response and Advanced Threat Prevention exclusions for Qlik product deployments

Re: Anti-virus, Endpoint detection and response and Advanced Threat Prevention exclusions for Qlik product deployments

Re: Anti-virus, Endpoint detection and response and Advanced Threat Prevention exclusions for Qlik product deployments

Re: Anti-virus, Endpoint detection and response and Advanced Threat Prevention exclusions for Qlik product deployments