AppSense Application Manager and AppSense Performance Manager operate on a low-level file basis that sometimes brings them into conflict with some breeds of reactive antivirus product. This can, in certain situations, cause a deadlock to occur, resulting in process requests that can’t be completed. This isn’t good, and will impact upon your users.
My personal preference is to either replace reactive antivirus in its entirety with Application Manager, or at the very least switch realtime scanning off, but that’s a subject for another post entirely. For those of you that won’t (or can’t) take either of these options, you may need to configure some exclusions, both within the AV and within Application Manager/Performance Manager, dependent on the choice of AV poison that you’ve made.
Symantec Endpoint Protection
Add the following exclusions to Performance Manager for Symantec, under Global Resources | Memory Optimizer | Excluded Components (shown in screenshot below)
%ProgramFiles(x86)%\Symantec\*
%ProgramFiles%\Symantec\*
And add these paths to Symantec’s exclusion list for Performance Manager
%ProgramFiles(x86)%\AppSense\Performance Manager\*
%ProgramFiles%\AppSense\Performance Manager\*
McAfee
The following files will need to be added to the McAfee exclusion list
amagent.exe
amminifilter.sys
amfilterdriver.sys
pmagent.exe
pmoptimizer.sys
pmusermem.sys
And “all relevant McAfee processes and drivers” should be added to the following area of the Performance Manager console – Resources Setup | Options | Excluded Application | Share Factor Exclusions (shown below). It’s not entirely clear what should precisely be entered here for various McAfee versions, so I’d recommend firing up Process Explorer and seeing what files are being loaded along with the McAfee processes that are running, before excluding ’em all.
You’ll also need to make sure if you are using McAfee VirusScan Enterprise 8.7, update to at least Patch Level 5 to avoid a potential conflict with AppSense agents.
Trend Micro
Trend is apparently the most problematic, having a similar architecture to some AppSense components. To avoid issues, you’ll need to do two things
Exclude the following processes from scanning by Trend
amagent.exe
AmAgentAssist.exe
and add the following value to this Registry key
HKLM\SOFTWARE\AppSense Technologies\Application Manager\DriverParameters
Value: ExProcessNames
Type: REG_SZ
Data: TMBMSRV.exe
Note – this key contains the names of any processes you want to exclude from Application Manager, so if you wish you can add other processes, as long as they are in a space-delimited format. If you are using Application Manager as a primary anti-malware mechanism, though, I’d be very careful about this value – I’d even go so far as recommend configuring an AppSense Environment Manager Self-Healing Action for this key to protect it.
Sophos
Sophos needs a bunch of processes adding to the Registry key specified above, so set it up as per the Trend instructions and add these process to it (space-delimited, remember)
SavMain.exe
SavProgress.exe
SavService.exe
ALMon.exe
ALsvc.exe
ALUpdate.exe
RouterNT.exe
sav32cli.exe
wscclient.exe
Kaspersky Antivirus
Add all of the AppSense agents and notify processes to the exclusion list in the Kaspersky software.
Also add %ProgramFiles%\AppSense to the exclusion list and add the agents to the trusted applications list
Using EM Policy, create a computer startup Registry action as specified in other sections above to exclude the Kaspersky processes from AM
HKLM\SOFTWARE\AppSense Technologies\Application Manager\DriverParameters
Value: ExProcessNames
Type: REG_SZ
Data: avp.exe klnagent.exe
All other antivirus programs, at the time of writing, don’t need any particular exclusions configuring in this way for Application Manager and Performance Manager to operate without issue. They will, though, need all the “regular” sets of exclusions and/or exceptions adding to ensure optimum performance.
Share
