Trend Micro® Apex One can be configured on the computers where the Windows File Archiver agent is installed. You can scan archived files and folders that reside on the server.
However the security system should be configured to ignore the installation files, system files and the log files of the Archiver for Windows agent to avoid stub recall during the scanning process.
Note
All configuration settings described here should always be tested in the your CommCell Environment to confirm these settings meet all of the Security and Threat detection policies as well as all server, network and enterprise policies.
Procedure
Follow the steps given below to configure the security system to avoid scanning the archived files:
-
Log on to the computer where you installed the Windows Archiver agent and Trend Micro® Apex One software.
-
On the System Tray, double-click the Trend Apex One Endpoint Security icon, and then click Settings.
The Settings dialog box appears.
-
On the Protection tab, select the Enable exclusions check box.
-
Under Directories, select the Include Trend Micro product folders check box and click Add.
The Add Directories dialog box appears.
-
Add the following folders one by one and click OK.
-
*:\gxhsmcache
Where * is a volume/drive
-
Commvault/ContentStore/
-
-
Under Files, click Add and add the following files:
-
clrestore.exe
-
gxhsmstub.exe
-
clmgrs.exe
-
ifind.exe
-
clbackup.exe
-
cvd.exe
-
Configuring Windows Registry
Configure the following registry settings for Trend Micro Apex One to disable the scan of Sparse files, Offline files and Alternate NTFS streams.
-
Start the Registry Editor on the computer where the file archiver agent is installed.
-
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TmFilter\Parameters.
-
Right-click Parameters, point at New and click DWORD.
-
In the Value Name box type TrapHiddenDataStream.
-
In the Value Data box enter 0.
-
Right-click Parameters, point at New and click DWORD.
-
In the Value Name box type SkipOffLineFile.
-
In the Value Data box enter 1.
-
Right-click Parameters, point at New and click DWORD.
-
In the Value Name box type SkipSparseFile.
-
In the Value Data box enter 1.
-
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TmPreFilter\Parameters.
-
Right-click Parameters, point at New and click DWORD.
-
In the Value Name box type TrapHiddenDataStream.
-
In the Value Data box enter 0.
-
Right-click Parameters, point at New and click DWORD.
-
In the Value Name box type SkipOffLineFile.
-
In the Value Data box enter 1.
-
Right-click Parameters, point at New and click DWORD.
-
In the Value Name box type SkipSparseFile.
-
In the Value Data box enter 1.
-
Reboot the server for the registries to take their effect.
Once Trend Micro Apex One is configured and before any scans are run, add the following changes to the Commvault Software registry section on the Apex One Client server.
-
Start the Registry Editor on the computer where the file archiver agent is installed.
-
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\cvmhsm\Parameters\.
-
Right-click Parameters, point at New and click String Value.
-
In the Value Name box type ExcludeProcessX.
Where X is the next consecutive number in the list (i.e. ExcludeProcess1, ExcludeProcess2, etc.)) for any process that should not initiate recalls.
All ExcludeProcess names must be truncated to a maximum 15 character string value or the Windows OS Kernel Mode will not process the exclusion properly. This would result in the exclusion being ignored, unexpected recalls occurring and other unexplained stub activities.
For example:
Processnamelong (Truncated from Processnamelongerthen15characters.exe to meet 15 character limit)
Note
Ensure that in addition to registry keys with environment specific executables, ExcludeProcess registries are also created with the following as their respective value:
casdscsvc.exe
ntrtscan.exe
ofcdog.exe
ofcpfwsvc.exe
pccnt.exe
pccntmon.exe
tdiins.exe
tmlisten.exe
tmlwfins.exe
tmwfpins.exe
tsc.exe
-
Restart the Commvault services for the registry to take its effect.
