Endpoint Antivirus Exclusion list

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Endpoint Antivirus Exclusion list

L0 Member

Dears,

 

Kindly need your support for the following:

• we need to install the below as security controls on our XSOAR server (RHEL8):

o McAfee Endpoint security (latest version) for Linux.

o Cyber Reason EDR.

kindly provide what is the Antivirus exclusion list of Palo alto XSOAR.

Kindly clarify if there will be any damage, conflict, or issues to our XSOAR server from installing the previous AV solutions.

If there are any issues with installing the previously mentioned AV, kindly give us a recommendation for how to protect the server (RHEL8) without harming the XSOAR functionalities.

1 REPLY 1

L4 Transporter

Hi @abdulazizh, the only one I can think of is an exclusion of the /var/lib/demisto folder. Since artifacts and attachments are stored there. 

 

Performance wise, there should be no impact but it depends on the endpoint solution. 

 

We do not document or recommend any hardening performed on the OS. You can do so at your own risk. You can also opt for an Air Gapped installation, refer - https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-8/cortex-xsoar-admin/installation/install-de...

 

You can follow our docker hardening guid here - https://docs.paloaltonetworks.com/cortex/cortex-xsoar/6-8/cortex-xsoar-admin/docker/docker-hardening...

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!