Troubleshooting Anti Virus / AntiVirus

Troubleshooting Anti Virus / AntiVirus

In regards to recommended antivirus by GE, the following KB article has general information about using antivirus with Proficy products which includes iFIX:

KB ID 000052507 - Which Anti-virus and Firewall Software are supported on Proficy Product Installs?


Tips for troubleshooting issues due to antivirus:

  1. Exclude scanning of the iFIX install and project folders

By the way, some antivirus have several types of scanning. It would be best to have the antivirus not perform any type of scanning of the folders and exe's running.

  1. The Symantec Endpoint causes issues with Scada synchronization

If the Scada is part of a redundant pair, then you will need to disable Teefer2 Miniport functionality added by Symantec. That miniport is actually a Symantec NIC driver to monitor network traffic and interferes with Scada synchronization and therefore failover.

If the Scada is a single Scada, then it should be ok.

  1. A customer reported Workspace crashing which was due Cylance antivirus.

The odd thing was that local IT had upgraded to newer version which caused Workspace crash, but the older version did not.

  1. A customer reported Workspace taking 30min to display default pictures. Once Workspace finally displays the pictures, there were no issues navigating. The customer was using TrendMicro and also had Windows defender (Microsoft own antivirus that comes with Windows) running.

First of all, it is never a good idea to have two antivirus running at the same time. So Windows defender should be disabled. Also, the customer excluded iFIX and project folders on the Real-Time Scan, Manual Scan, and Scheduled Scan Feature as well as

-add iFIX exe on the Behavior Monitoring approved programs and Trusted Programs to make sure that iFix files will not be scanned by any of the scan engines of the WFBS Standard Security Agent.

-add the folders, several .exe files, grf, and the files in the SCU's task list to the exclusions list in TrendMicro

  1. A Customer reported error 1150 service library not loaded whenever Workspace started. 

Issue turned out to be Crowdstrike A/V and anti-malware blocking files, folders and dll access rights. The Crowdstrike team said the iFIX primary machine had files and changes that were detected as malware so it blocked those on the iFIX machine, which disallowed the database connection to the partner/remote Scada node.

The main takeaway is to ensure the antivirus allows you the ability to exclude folders and files from scanning so that there is no interference with iFIX functionality.

It is recommended to test the machine before installing antivirus to establish a baseline. Install the antivirus and retest the machine to see if there are any performance issues. If there are, then you will need to exclude the folders and possibly files depending on the antivirus being used.


Related content

AutomaTech Inc.