All,
I am attempting to deploy a managed antivirus agent to two different machines - one runs RHEL 7.3, kernel version 3.10.0-514; the other runs Microsoft Windows 2012 R2 - and both are hosting web pages served up by Apache Tomcat 7.0.78. What I’d like to know is which processes/services, files and/or directories need to be excluded from the antivirus scans to avoid any potential CPU or memory utilization spikes (or worse, the AV console falsely identifies a legit file as “malicious” and quarantines it). I’d also like to know which specific TCP/UDP ports will need to be whitelisted to permit inbound and outbound traffic from our web developer workstations, since their VLAN is segregated from the rest of the network. I already know which ports to open on the firewall to allow the antivirus agents to talk back to the console; I just need to figure out the other ports to open. Before I go any further, I’d like to stress the following: * I wasn’t the one who set up these servers; I was merely tasked with getting the antivirus agents deployed on them. The system administrator who set these up doesn’t know which Linux processes, Windows services, files or directories to exclude; as he left that up to me to figure out. * I have already contacted the AV vendor's support team, and they have indicated they have no documentation that specifically covers any version of Apache Tomcat. * The last search on Google I used was “Apache Tomcat 7.x antivirus exclusions” and I didn’t see any results that were specific to my query. Same with “Apache Tomcat 7.x firewall exclusions”. * I looked through the Information Security group on Stack Exchange with the same queries as above, and again I didn’t see anything promising nor specific to my queries. * I attempted to search the mailing list archives using the search terms “antivirus exclusions” and “firewall permissions”; again, I didn’t see any answers that were specific to my queries. * Yes, I’m aware of the risks involved by excluding specific processes/services, files and directories. I have tried to convince the management of these risks but to no avail. They have agreed to accept them, along with any consequences that may occur. Any insight on this would be appreciated. Thanks.
