Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Sunbelt Vipre AntiVirus - Exclusions

Sunbelt Vipre AntiVirus - Exclusions

Version

6.0.2.x

7.x

 

Issue

Endpoints have both Parity and Sunbelt Vipre AntiVirus installed.

 

Symptoms

Customer may be experiencing all or some of the following issues:

+ Intermittent blocks on Vipre *.dll and *.sys files occur, especially at system start up.

+ Blocked files may no longer exist on system.

+ Locally approving does not resolve issue.

+ Process involved can be a system process.

+ Long installations.

+ Poor performance over the network with applications such as Excel.

Cause

A best practice is to configure all real time scanners to avoid scanning each other, especially during critical operations that can fail if exclusions are not in place.

Sunbelt Vipre updates their scan engine about once a quarter.

 

Solution

Parity side configurations include adding custom rules that reflect the Vipre environment. A Performance Optimization rule is not appropriate and will actually increase symptoms rather than improve the situation.

Note that the paths can vary depending on the following factors:

  1. Historical upgrade paths from Sunbelt Vipre AntiVirus
  2. Other Live scanner products installed on the same system
  3. Operating system (XP, Vista, Windows 7, etc… newer)
  4. 32 versus 64 bit

Here is an example of a typical "vanilla" Sunbelt Vipre installation:

Type: Advanced

Operation: Execute and Write

Execute Action: Allow and Promote

Write Action: Approve

Paths

C:\Program Files\Sunbelt Software\Vipre\*

C:\Program Files\Sunbelt Software\*

Process

System Process

*\Sbamsvc.exe

*\Sbamtray.exe

Please see https://community.bit9.com/docs/DOC-1310?sr=stream for suggested exclusion on Bit9 files and folders.

Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎12-21-2015
Views:
744