Skip to main content
Announcements
ALERT: The Product Download page is currently unavailable. The team is investigating.

Anti-virus, Endpoint detection and response and Advanced Threat Prevention exclusions for Qlik product deployments

No ratings
cancel
Showing results for 
Search instead for 
Did you mean: 
Sonja_Bauernfeind
Digital Support
Digital Support

Anti-virus, Endpoint detection and response and Advanced Threat Prevention exclusions for Qlik product deployments

Last Update:

Jun 26, 2024 4:24:24 AM

Updated By:

Sebastian_Linser

Created date:

Feb 15, 2019 3:54:43 AM

To eliminate the chance that AntiVirus, AntiMalware, and other security-related software cause corruption or lock up files in the Qlik environment, or cause issues during an installation/upgrade/patch, some folders should be excluded from live scanning.

Impact of AntiVirus/Endpoint Detection and Response (EDR)/Advanced Threat Protection (ATP) scans locking Qlik related files (such as .qvw files, binary Qlik Sense app files as well as NPrinting task files, etc...) can result in loading and refresh failures as well as performance issues.

Please note that usual anti-virus exclusions might not apply to the EDR and ATP setup, talk to the solution vendor to get the exclusions in place. As an example if you use Microsofts Advanced Threat Protection (Microsoft Defender for Endpoint), then the exclusion list is handled by Microsoft and you need to open a ticket with Microsoft to get an exclusion in place.

If Crowdstrike Antivirus monitoring is installed on any Qlik Server

  1. Start a support case with crowdstrike support
  2. Enable 'bypass mode' for any Qlik programs including
    1. ALL nodes in a cluster
    2. Postgres
    3. Storage Server
  3. Then retest any reported issues with 'bypass mode' enabled

 

Qlik Sense Enterprise all versions

Antivirus exceptions for Qlik Sense- McAfee, Symantec & Other Anti-Virus exclusions absolutely requi...
Qlik Sense Folder And Files To Exclude From AntiVirus Scanning

You can obtain a list of exclusions to use with your EDR or ATP system by running the following script: 

 

 

$Scanfolders = @("C:\Program Files\Common Files\Qlik","C:\Program Files\Qlik","C:\ProgramData\Qlik")

Foreach ($i in $Scanfolders)

{
  Get-ChildItem -Path $i -Recurse -Include "*.exe" | % {Get-FileHash $_.FullName -Algorithm  MD5} | Out-File C:\temp\exclusion_findings.txt -Append -Width 1000
}

 

 

This script was uses Qlik Sense Enterprise on Windows as an example. Replace the defined folders, such as C:\Program Files\Qlik, should they not apply for the product you are using.

In addition, if you need to use a different hash than MD5, replace it by any of the available values:

  • SHA1
  • SHA256
  • SHA384
  • SHA512
  • MD5

 

For generic information not necessarily related to Advanced Threat Prevention, see:

QlikView all versions

QlikView Folder And Files To Exclude From Anti-Virus Scanning

Qlik Replicate and Qlik Enterprise Manager

Qlik Replicate and Qlik Enterprise Manager directory to exclude from Anti-Virus scanning  

NPrinting 17 and newer

NPrinting Server and NP Designer Anti Virus Folder Exclusions

Qlik Alerting

Qlik Alerting Anti Virus Folder Exclusion

Antivirus TroubleShooting and Upgrade

Troubleshooting your upgrade 

 

Labels (1)
Comments
suhasinigs
Contributor
Contributor

Yes ,I have excluded the qlik sense filders .

 

Thank you

MosheZeiger
Partner - Contributor
Partner - Contributor

hello support,

 

can you also add Anti virus exclusion for QDT?

THX

Moshe 

@Sonja_Bauernfeind 

rockabs
Contributor III
Contributor III

Hint: We got the same issue last month (Jun 2022) and found that our Microsoft defender upgraded. And, we noticed that there are a few exclusions required from the product (Not qlik, But yes from Microsoft).

So, Please make sure you are running the Proc mon tool to identify If there are any issues (Example, MsSense.exe) having any violation between shared.

BoB_Qlik_Support
Contributor III
Contributor III

Hi,

Is it advisible to have deep security antivirus in Qlik Sense , even with the exclusion list.

Regards

Sonja_Bauernfeind
Digital Support
Digital Support

Hello @BoB_Qlik_Support 

We cannot advise on your security requirements, only provide you with information regarding the needs of our products.

All the best,
Sonja 

whill
Contributor
Contributor

SCEP is simple certificate enrollment protocol.  also, this is the only board failing.  all the others are in the dame environment and use the same publishers.  opening a ticket with crowdstirke i believe an unnecessary step.

Luigi_Teti
Partner - Contributor III
Partner - Contributor III

Good morning Sonja,

many organizations by security policy do not allow the exclusion of the entire service user profile (and not even the folder "%localappdata%\temp" which is the path where locked file problems often occur); is it possible to change only the path to the "Temp" where NPrinting goes to write?

Sonja_Bauernfeind
Digital Support
Digital Support

Hello @Luigi_Teti 

Changing the temporary location is not supported. See Editing temp path and Can the Qlik NPrinting temporary directory be changed? (only recently made after I verified it with our subject matter experts).

I recommend logging an idea on our ideation platform to request this to be reviewed as a possible feature.

All the best,
Sonja 

 

Luigi_Teti
Partner - Contributor III
Partner - Contributor III

Thank you Sonja for the feedback!

Chotana2
Partner - Contributor III
Partner - Contributor III

Hello @Sonja_Bauernfeind 
Do you have any bad feedbacks from customers using SentinelOne EDR or is it seamless?

Version history
Last update:
‎2024-06-26 04:24 AM
Updated by: