Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Jun 26, 2024 4:24:24 AM
Feb 15, 2019 3:54:43 AM
To eliminate the chance that AntiVirus, AntiMalware, and other security-related software cause corruption or lock up files in the Qlik environment, or cause issues during an installation/upgrade/patch, some folders should be excluded from live scanning.
Impact of AntiVirus/Endpoint Detection and Response (EDR)/Advanced Threat Protection (ATP) scans locking Qlik related files (such as .qvw files, binary Qlik Sense app files as well as NPrinting task files, etc...) can result in loading and refresh failures as well as performance issues.
Please note that usual anti-virus exclusions might not apply to the EDR and ATP setup, talk to the solution vendor to get the exclusions in place. As an example if you use Microsofts Advanced Threat Protection (Microsoft Defender for Endpoint), then the exclusion list is handled by Microsoft and you need to open a ticket with Microsoft to get an exclusion in place.
If Crowdstrike Antivirus monitoring is installed on any Qlik Server
Antivirus exceptions for Qlik Sense- McAfee, Symantec & Other Anti-Virus exclusions absolutely requi...
Qlik Sense Folder And Files To Exclude From AntiVirus Scanning
You can obtain a list of exclusions to use with your EDR or ATP system by running the following script:
$Scanfolders = @("C:\Program Files\Common Files\Qlik","C:\Program Files\Qlik","C:\ProgramData\Qlik")
Foreach ($i in $Scanfolders)
{
Get-ChildItem -Path $i -Recurse -Include "*.exe" | % {Get-FileHash $_.FullName -Algorithm MD5} | Out-File C:\temp\exclusion_findings.txt -Append -Width 1000
}
This script was uses Qlik Sense Enterprise on Windows as an example. Replace the defined folders, such as C:\Program Files\Qlik, should they not apply for the product you are using.
In addition, if you need to use a different hash than MD5, replace it by any of the available values:
For generic information not necessarily related to Advanced Threat Prevention, see:
QlikView Folder And Files To Exclude From Anti-Virus Scanning
Qlik Replicate and Qlik Enterprise Manager directory to exclude from Anti-Virus scanning
NPrinting Server and NP Designer Anti Virus Folder Exclusions
Qlik Alerting Anti Virus Folder Exclusion
Hello @Chotana2
I could not find reported issues with SentinelOne EDR, especially when the overall guidelines regarding AntiVirus/Endpoint Detection and Response (EDR)/Advanced Threat Protection (ATP) scans are followed.
Hope this helps!
All the best,
Sonja
Hello, wanted to ask what issues have others seen with Crowdstrike installations with On Prem Qlik Servers. @Sonja_Bauernfeind
We are currently working with a Qlik Customer that is using MS ATP and it has been causing issues again since the beginning of October. MS has issued two fixes, and a third came out over the weekend.
The issue occurring is that MS ATP is consuming increased amounts of memory that prevents Qlik from operating normally. Causing Qlik jobs to fail.
If possible it does make sense to monitor the use of RAM and available RAM for Qlik to alert of a potential issue.
The same customer has multiple Qlik services and Qlik servers using MS ATP and this issue is not consistent. Which makes it harder to detect.
Guys we have put in a role based exclusion for Crowdstrike on our Qlik On Prem servers and it is working well very well. Highly recommend getting the vendor you are using the documents re exclusion from Qlik and then working closely with them to tailor to your environment. We had done this previously for Carbon Black and now for Crowdstrike - success with both.