Realtime Endpoint Protection (Antivirus) Exclusions (System Monitor)
Endpoint Security software, including Anti-Virus, Anti-Malware, and EDR/EPP solutions, can have a major impact on Installation, Upgrade, and ongoing Operations of any high-performance application, which includes the LogRhythm platform. LogRhythm provides a recommended list of paths to exclude from Realtime Scanning as a best practice to reduce the performance/stability impacts that can negatively affect the software. In some cases, there may be features specific to your Endpoint Security vendor, such as Heuristic detections, which may be required to be disabled due to vendor incompatibility. The directories below should be considered a minimum list of exclusion paths and additional paths may be required in some situations.
If you removed third party antivirus or endpoint protection software to conduct an upgrade or installation, reinstall it. When running antivirus scanning software on a LogRhythm platform and/or on System Monitor Agent systems, be sure to exclude the following directories from realtime antivirus scans. Scanning these directories has a major impact on the performance of the LogRhythm platform. However, these locations should be scanned on a regularly scheduled basis.
The following paths listed below include the default directories for each service. These locations are configurable in most cases and may vary from deployment to deployment or from version to version. Consider this to be a minimum list and adjust accordingly.
System Monitor Agent (Windows)
C:\Program Files\LogRhythm\LogRhythm System Monitor\state\*.bin
C:\Program Files\LogRhythm\LogRhythm System Monitor\state\*.pos
C:\Program Files\LogRhythm\LogRhythm System Monitor\state\*.suspense
The above path is the default installation locations for the System Monitor Agent. If you install the Agent in a different location (for example, D:\), update the exclusion as required.
System Monitor Agent (Legacy Linux)
/opt/logrhythm/scsm/state/*.pos
/opt/logrhythm/scsm/state/*.suspense