Configuring Third-Party Software to Work in Conjunction with InterSystems Products
InterSystems products often run in environments alongside non-InterSystems tools, where interactions between our products and such tools can have deleterious effects. InterSystems guidance about optimal, reliable configurations for deployment presume that our products can be deployed without interference from third party tools. For instance, InterSystems has observed that software for security, system monitoring, or virus scanning may impact the installation, performance, and functionality of our products. This is particularly true for tools, such as virus scanners, that directly interact with files that are part of or are used by InterSystems products.
InterSystems understands that customers face business, compliance and other requirements that impact decisions about what software runs in a given environment and how such software is configured. In general, InterSystems recommends that server side installations of our products be protected by physical security and isolation. This protection should lessen the need for other tools or at least the frequency with which they are run.
Virus scanner observations:
To deliver virus-checked software, InterSystems products are delivered out of a sanitized environment to our customers, and by providing a checksum for verification.
Remedy: For scanning purposes, exclude the following files and directories:
The WIJ file and the directory* containing the WIJ file (see the chapter “Write Image Journaling and Recovery” in the Caché Data Integrity Guide).
All database files (.DAT) and directories* containing database files (see Configuring Databases) in the “Configuring Caché” chapter of this guide.
Any directory* in which journal files are stored or processed (see the chapter “Journaling” in the Data Integrity Guide).
Any other file/directory* that is actively required for Ensemble to function. Examples would be the alternate journal directory* (see “Journaling” in the Data Integrity Guide), or any directory* being used by an Ensemble business service or production.
* varies based on configuration settings
False positives on InterSystems executables.
Remedy: For scanning purposes, exclude all cache.exe files and directories containing cache.exe files.
EXCLUDING ITEMS FROM MALWARE SCANS MAY INTRODUCE VULNERABILITIES INTO PROTECTED DEVICES AND APPLICATIONS. THE CLIENT ASSUMES ALL RESPONSIBILITY FOR CONFIGURING MALWARE PROTECTION.
Finally, when InterSystems observes interactions between third-party software and our products that negatively affect our product behavior, we report those issues to the third-party vendor.