To eliminate the chance that AntiVirus, AntiMalware, and other security-related software cause corruption or lock up files in the Qlik environment, or cause issues during an installation/upgrade/patch, some folders should be excluded from live scanning.
Impact of Virus/EDR/ATP scans locking Qlik related files (such as .qvw files, binary Qlik Sense app files as well as NPrinting task files, etc...) can result in loading and refresh failures as well as performance issues.
Please note that usual anti-virus exclusions might not apply to the EDR and ATP setup, talk to the vendor to get the exclusions in place.
- Qlik Sense requires access to predetermined TCP and UDP ports to function. If anti-virus software prevents traffic on these ports, Qlik Sense may not function as expected.
- Qlik Sense constantly updates a number of log files and also relies on multiple config and binary files to function correctly. If these files and folders are being scanned by the anti-virus software, then this may cause upgrades/installation to fail, performance issues, inability to run exe files, data connections, or cause the services to fail. Important: if the "C Drive" is not the default drive for these folders then make the necessary drive letter changes.
Note: Qlik Support cannot provide support and services for any Qlik Servers in which performance issues, port issues, installation, patching, or upgrading problems occur if these directories are not made exempt for any and all Anti-Virus solution. It will be best-effort, as the exclusions of these directories is a prerequisite to Qlik software.
- Qlik Sense Enterprise, all versions
This example is for Symantec. Perform the same changes using any other Antivirus and Anti-Malware product present in the environment. A different respective IT department may need to be involved in performing and confirming these changes.
- In your bottom left corner click to expose your Symantec icon then double click to open it up.
- Click Change Settings on the left. Then select Exceptions.
- Select Add.
- Choose Security Risk Exception\Folder
- Browse to the directory where the install files are located. Check off Include sub folders.
Note: Steps 3 to 5 need to be repeated to add all Qlik related directories when locations are different than the default. If the "C Drive" is not the default drive for these folders then make the necessary drive letter changes.
- %Program Files%\Qlik
- %Program Files%\Common Files\Qlik
- Any QVD files (or folder where you save your QVDs) you may use to read/write during your reloads.
- Also the full share root folder location which includes the App folder configured in the Service Cluster. The app folder stores all app files. In latest releases of Qlik Sense, files with ".lock" extensions are generated, and each binary app file has its own .lock file. These file must be excluded from analysis as well.
- Make sure that the Antivirus doesn't block Qlik Sense from updating the keys in C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ , as this will block the system bootstrap. Check Users are unable to re-create certificates using the bootstrap command for details.
- REBOOT the server (it will not take effect until this happens). Verify that the Anti-Virus is fully disabled or these directories are all excluded in your Antivirus program.
Related Documentation found under help.qlik.com:
Anti-virus software scanning affects performance
Qlik Sense Folder And Files To Exclude From AntiVirus Scanning
Ports to be excluded from Anti-Virus Monitoring / Blocking
- Make sure that the anti-virus is not blocking access to certificates stored in the following location and their private keys: Personal (Local Computer), Trusted Root Certification Authorities (Local Computer), Personal (Current User for the service account)