Tag: Antivirus

Categories
Knowledge Support Support Categories exacqVision Hardware Products

Ruling out interfering software in Windows

Description

When troubleshooting exacqVision software in a Windows environment, it is likely that the customer has installed various monitoring or protection software which could be interfering with our communication or processes. The most common culprit is Anti-virus software.

However, there are many different methods of determining what software is running on a machine. There are several that actively hide themselves from the task tray or the Programs list. Below is an effective way of quickly determining what else is running on a system.

Utility – msconfig

The Microsoft System Configuration Utility can be used to see what services are running running with the ability to quickly rule out all Microsoft necessary services.

Open the msconfig utility by clicking on the “Start” button and typing msconfig – select the ‘System Configuration’ result.

You can also launch msconfig.exe from the “Run” dialog.

Once it loads, select the “Services’ tab.

Click on the ‘Service’ heading to sort them by name (useful for the next step).

Rule Out Windows Defender

Scroll down and look for anything that begins with Windows Defender…

There are several different names for Defender Anti-virus. On my machine it’s ‘Windows Defender Advanced Threat Protection Service’ and its status is ‘Stopped’ This tells me that it is not a concern for our software. However, the Firewall is enabled. This may be configured in a way that interferes with our communication.

In other situations, you’ll see Defender Anti-virus running. Normally Defender does not cause much of an issue for us, but it can be locked down and more aggressive in scenarios where they have attached the system to a Domain. It would be worth asking how the customer has configured Defender and trying setting exclusions for our software. See KB 853.

Ruling Out Other Services

Now that you’ve ruled out Microsoft’s own Anti-virus, you can check the box ‘Hide all Microsoft services’

The resulting list will be everything that has been installed on the machine since the time the Operating System was installed. These items may need to be researched if there is something unfamiliar. Discuss with the on-site technician or customer items that may be related to Anti-virus, security software, threat protection, anti-malware, heuristics, etc… It may be possible to set exclusions for our processes, but this is the responsibility of the customer to apply the changes..

Sometimes it is helpful to create a report of all the installed Services to supply to a customer or IT department. This can be accomplished in PowerShell with the “GetService” cmdlet. To see a list of all services, in PowerShell type:
Get-Service | Sort-Object status | Out-Gridview

This will open a window with all Services sorted by their Status. You can then use ‘Ctl-A’ to highlight all, and ‘Ctl-C’ to copy this data to the Clipboard. This can then be pasted into a spreadsheet or text file.

Ruling Out Other Processes

Now that you’ve seen all of the services running on the system, it’s time to see if any executables are running at startup that aren’t registered as Windows Services.

Right-click on the taskbar and select ‘Task Manager’. Then click on the ‘Startup’ tab.

Again, discuss with the technician or customer if these items are expected to be running on the machine. Utilize search engines and forums to research any that you are unfamiliar with.

Categories
Knowledge Support Support exacqVision Client

Exempt Files Targeted by Antivirus Scans

*** INTERNAL USE ***

Antivirus Configuration

As with all third-party software not on the Product Integration section, the user assumes the risk of software incompatibility with the exacqVision software suite.

Therefore, if there is an inquiry on what an AV program found and is blocking we should open a ticket with engineering and confirm what the file is, and what it does to help maintain a list of examples that can be excluded.

It is recommended to exempt certain files if they are targeted by scans of the Antivirus program to allow proper functionality of the software.

List of examples for certain scans and why they are important for Exacq Software. The file extension may be ‘.exe’, ‘.ps’ or ‘.ps.1’ for Windows. In Linux it will be ‘.sh’.

  • curl – Utilized to download updates, email and sync with EM.
  • dhcpconfig – Utilized for enabling/configuring the DHCP Server
  • driveprep – For partitioning new data drives.
  • dvdrwtools – For burning of a DVD/CD.
  • dvd+rw-mediainfo – For burning of DVD/CD.
  • evselftest – Utilized to scan disks for errors.
  • failover – Utilized for failover/failback.
  • iscsiprep – For configuring Extended volumes.
  • lshw – Utilized to gather hardware/software information about a system.
  • mediainfo – For burning of DVD/CD
  • mdnsd – For discovery of IP devices, Servers and Clients.
  • mDNSResponder – For discovery of IP devices, Servers and Clients.
  • mkbadst_config – For configuring Extended volumes.
  • mount – For mounting new data drives.
  • netconfig – For configuration of Network Interface parameters.
  • ntpd – For management of Time Servers and synchronization.
  • ntpdate – For management of Time Servers and synchronization.
  • opendhcpd – Utilized for enabling/configuring the DHCP Server
  • opendhcpserver – Utilized for enabling/configuring the DHCP Server
  • parted – For partitioning new data drives.
  • rmfs – For partitioning new data drives.
  • smartctl – Utilized to gather health (S.M.A.R.T.) data from drives.
  • sysinfo – Utilized to gather hardware/software information about a system.
  • teaming – For creating NIC bonds.
  • tzutil – For configuring the Time Zone settings of the OS.
  • update – Utilized to download and install updates as well as failback of recorded data.
  • w32time – – For configuring the Time settings of the OS.
  • wodim – For burning of a DVD/CD.
  • winio – This script is part of sysmgmtpi which monitors the health of the server and drives. The winio64.sys is the driver that allows part of that functionality.

<br>

Related Articles

Using Antivirus Software with exacqVision

<br>

Categories
Knowledge Support Support exacqVision Webservice

ExacqVision Web Server Relay Service Issue

Description

How to diagnose if the Fast Reverse Proxy Client (FRPC) is the source of issues with the ExacqVision Web Server relay service.

Product

ExacqVision Web Server

Troubleshooting FRPC

FRPC provides a proxy service for Relay Connections used by ExacqVision Web Server. This eliminates the need for firewall configuration and prevents exposing the NVR directly to inbound internet traffic via port forwarding by creating a unique public relay URL.

Some antivirus software may identify this client as a threat and will block, remove, or prevent the installation of FRPC.

This usually manifests itself with issues either in initial setup of the relay service or when existing relay services stop working.

To confirm, check the ExacqVision Web Server logs for entries similar to the following:<br><br>

2021-06-15T10:02:51.215-0400  error  failed to launch relay proxy client: file: frpc.exe not found

<br><br>Next confirm that FRPC is present in the appropriate install folder.

The default install locations are:

Windows
C:\Program Files\exacqVision\WebService\bin\frpc.exe

Linux
/usr/local/exacq/webservice/bin/frpc

Note:  In some cases users may need to add relay.exacq.net to the allow list in their firewall.


Related Articles

See also: Using Antivirus Software with ExacqVision

Categories
Knowledge Support exacqVision Server

Exacq servers and ransomware

With the rise of ransomware, here are some things you can do to better secure your ExacqVision servers.

AntiVirus – Article 853

Windows Updates – Article 848

<br>

Categories
Knowledge Support Support exacqVision Client Categories

Using Antivirus Software with exacqVision

Antivirus Configuration

As with all third-party software not on the Product Integration section, the user assumes the risk of software incompatibility with the exacqVision software suite.

To permit antivirus software to work with exacqVision software, the following file extensions need to be exempted from scans:

  • .PS
  • .PSI

NOTE: As an alternative, you could also exclude the data drive you are using to store video.

It is also be necessary to exempt certain files if they are targeted by scans. See KB 20594.

If your antivirus protection suite has a firewall, the following must also be exempted:

exacqVision Client
exacqVision Server
exacqVision Web Service
<br>

Additional Notes

  • Most systems require a restart after changing the configuration. Within some antivirus suites, settings might revert after the restart (this activity has been specifically observed with the Avast antivirus suite in the past). It is recommended that you double-check your settings after the restart to verify that your exclusions and exceptions have been saved.
    <br>
  • On an exacqVision Client workstation machine, the only exception needed is for the exacqVision Client software.
    <br>
  • Some suites, such as Kaspersky Endpoint 10, also install components on the NIC driver to monitor network traffic. It is recommended that these be disabled if you see a performance decrease or inability to connect to cameras after this component has been enabled.
    <br>
  • Best practice is not to use multiple antivirus applications on the same system as these can often conflict with each other.
    <br>

Timestamp issues

If you are using antivirus software and you see an incorrect timestamp in live video windows or you cannot successfully search for video in a specified time and date range, the antivirus software might be preventing the exacqVision Server from correctly identifying its own IP address. This has been known to occur when using Trend Micro OfficeScan and other antivirus software.

To resolve this issue, you must enter the IP address of the exacqVision server in the IP Camera Time Server field on the System page’s Date/Time tab.

<br>