Antiviruses have a strong impact on the BMC Client Management (BCM) Agent performances and can lead to crashes in some cases.
Antiviruses can identify the BCM Agent's activity as a "false positive" and scan it continuously, locking down some files such as the sqlite3 used by all of our modules.
It has been found that because of non existing antivirus exclusions, or exclusions not properly set, the following problems will happen:
- Bad or poor performance of the BCM Agent on the Master Server and Relays or Client devices.
- Excessive CPU and Memory usage.
- The BCM Agent crashes randomly without explanation.
- The BCM Agent configuration files (../config/*.ini, or ../etc/*.ini) cannot be changed and saved either manually editing them using a text editor, or remotely via operational rule module setup steps.
- The BCM Agent will crash when the Patch Knowledge base is updated.
- The BCM Agent is not able to write to its own log files.
- The BCM Agent is unable to perform inventory activities.
- Software Deployment is not working.
- Remote control will fail at displaying the UAC popup messages in the BCM Console, while visible on end points devices' screen.
- Patches cannot be deployed due to patch checksum being changed after Antivirus scan.
The following exclusions must to be set on any antivirus/AV software:
1- Folders and files:
Agent entire folder:
- Exclusions must be set for ..\BMC software\ClientManagement \client\ folder on end point devices and Relay, and also ..\BMC software\ClientManagement\Master\ on the Master Server
- Set an exclusion on the TFTP local path for the OSD Manager(s) if the module has been set to have it in another place than the default ..\BMC Software\Client Management\Client\data\OsDeployment\PXETFTP\
Files exclusions:
- All existing *.exe and *.dll under the ..\BMC software\ClientManagement \client\ folder on end point devices and Relay, and also ..\BMC software\ClientManagement\Master\ on the Master Server
- These are all located under the following directories :
- ..\<Master or Client directory>..\bin
- ..\<Master or Client directory>..\data\PatchManagementPremium
- ..\<Master or Client directory>..\data\OsDeployment
- All files with *.sqlite, *.sqlite3 and *.table extensions which are located under ..\data\ sub-folders.
- All *.ini files under the ../Master/config (Windows) or ../Master/etc (Linux) folder, and ../client/config (Windows) or ../Client/etc/ (Linux)
- All *.log files under ../Master/log, and ../Client/log folders
2- Allow Windows system tasks execution:
- This is required by the patch management module. Allow tasks from the directory C:\Windows\System32\Tasks\LANDESK (names are dynamically set)
3 - Exclude the rollout executables names:
- The antivirus might block the exe that are deployed to install agents.
- This .exe is called "BCM_Agent.exe" by default, but it is possible that it has a different name in the rollout configurations that are being used to deploy agents by pull or by push.
- To know the name of the file to be excluded in antivirus, go to Global Settings > Rollout > the relevant rollout configuration > General and copy the name of the file in the field "Auto-extractable Name".
- It is also necessary to exclude the "MtxSetup.exe" process in order to allow the correct installation of the Agent.
- This process is the one responsible for the actual installation of the BCM Agent after the Rollout files have been pushed to the target devices.
- This process is also called when upgrading the BCM Agent to a newer version.
Note:
Some customers whitelist .exe files and this can be an issue as depending on the versions, rollouts are generated with a different checksum each time the exe is generated.
4- Do not prevent execution of C:\Windows\System32\svchost.exe system process.
There's also a blog on determining if the security program is accessing the files of the BCM.
- https://community.bmc.com/s/news/aA33n000000PF71CAG/helix-support-identity-bcm-application-slowness-using-resource-monitoring-tools