CA Service Management

  • Private Community
 View Only

  • 1.  Folders that can be excluded from AV scanning

    Posted Feb 05, 2025 03:59 AM

    Good day,

    We are supporting a customer who has the full range of CA Service Management solutions. For whatever reason, they have a number of AV products (4) implemented in their environment. At times the performance on the Service Management servers is very slow and we (the CA Services people) suspect that this could be caused by the AV products which could be scanning all the transactions going through these servers.

    Can anyone suggest which CA Service Management folders could be excluded from these AV scans so as to improve performance on the system?

    Any suggestions will be appreciated.



  • 2.  RE: Folders that can be excluded from AV scanning

    Broadcom Employee
    Posted Feb 05, 2025 09:19 AM

    I would start with NX_ROOT and attachments folder. See if the issue is better. Than gradually make the restrictions more strict.

    We do recommend to avoid using realtime AV scans on CASM processes/files - since small slowdowns can escalate in major impact. The CASM folders could be scanned on a schedule, during off peak times.

    I think this would give you a good balance of performance and security.

    Maybe somebody with more hands on experience has a better recommendation.

    Regards,

    Sebastian


    Original Message


  • 3.  RE: Folders that can be excluded from AV scanning

    Posted Feb 06, 2025 01:28 AM

    Thanks to all the experts who made recommendations. We will be implementing these suggestions and monitoring the results.

    Kind regards, Patrick


    Original Message


  • 4.  RE: Folders that can be excluded from AV scanning

    Posted Feb 05, 2025 09:45 AM

    The following knowledge article covers the same folders as suggested by Sebastian

    https://knowledge.broadcom.com/external/article?articleId=21203

    If you don't want to exclude the whole CASM folder structure then you could try these:

    • %NX_ROOT%\log\
    • %NX_ROOT%\bopcfg\www\CATALINA_BASE\temp\
    • %NX_ROOT%\bopcfg\www\CATALINA_BASE_SA\temp\
    • %NX_ROOT%\bopcfg\www\CATALINA_BASE_FS\temp\
    • %NX_ROOT%\bopcfg\www\CATALINA_BASE_REST\temp\
    • %NX_ROOT%\bopcfg\www\CATALINA_VIZ\temp\
    • %NX_ROOT%\site\mail_queue
    • %NX_ROOT%\site\mail_undeliverable
    • %NX_ROOT%\site\attachments

    Best regards,

    Joe


    Original Message


  • 5.  RE: Folders that can be excluded from AV scanning

    Broadcom Employee
    Posted Feb 05, 2025 10:46 AM

    For CA Service Catalog, we recommend that you exclude the CA Service Catalog Install Folder (USM_HOME) from the anti-virus (AV) scan. By default, this directory on a 64-bit Windows OS is "C:\Program Files\CA\Service Catalog".

    In addition, depending on how strict the anti-virus policy that is being enforced, it may also be necessary to add the CA Service Catalog ports to the low risk or exclusion list.

    https://techdocs.broadcom.com/us/en/ca-enterprise-software/business-management/ca-service-management/17-4/installing/installation-prerequisites/supported-ports-and-port-ranges.html

    For CA Asset Portfolio Management/ITAM, exclude the Program files (x86)\CA\ITAM directory



    ------------------------------
    Paul Coccimiglio
    [JobTitle]
    [CompanyName]
    ------------------------------

    Original Message