The customer received a UPD11 delivery from us. They ran it through their antivirus software, Sophos, which flagged it as Ransomware.
Has anyone seen this before? Should IFS repackage and redeliver UPD11? Should they apply UPD11 anyway?? Customer is panicking. Your assistance is appreciated.
Hi
Is the customer trying to upgrade from a previous IFS Application 10 Update to Update 11 when Sophos is flagging it as Ransomware?
We typically disable all antivirus software on the application server and database server when we are installing patches or updates. We also exclude the IFS and oracle directories from antivirus so the Antivirus software doesn’t cause problems with the normal operations of the middleware server or database server. We’ve also configured our IFS servers so they have no file shares and no direct access to the internet and we restrict access to the IFS Servers to only senior IT personnel and from only certain IP Addresses.
Regards,
William Klotz
We have run into the same issue with deliveries and updates, but with McAfee. It prevents the actual install of the delivery. Our OPs group will absolutely not allow disabling the antivirus software for even a known period of time, so that isn’t an option. Getting IFS to repackage the delivery won’t fix the issue as it lies with the generic named TEMP folders which are typically the first place a virus deployment package would go to unpack its files, so they are always blocked from executables on the servers..
We ended up replacing the TMP and TEMP folders specified in the delivery with a specifically named sub-level directory so the files would install there. Then we opened up to those essentially hidden folders to the McAfee scans so it would leave the folders alone during installation. This took an install that was running 8+ hrs and failing to less than half an hour and success.
IFS really needs to re-think their deployment structure in light of the stringent operations security that now necessarily exists. We were surprised that we haven’t seen more customers complain of this exact issue.
We ended up replacing the TMP and TEMP folders specified in the delivery with a specifically named sub-level directory so the files would install there. Then we opened up to those essentially hidden folders to the McAfee scans so it would leave the folders alone during installation. This took an install that was running 8+ hrs and failing to less than half an hour and success.
Filling in some geeky details...
Windows environment variables like %TEMP% and %TMP% are inherited downward, from the system level, to the user level, down to the running process itself. Any child processes created from a process inherit that parent process' environment.
We're running Apps 9. Under our IFS Home directory, we created a subdirectory like custom_temp as our special IFS temp area. Because it's under the IFS Home directory, it falls under the recursive exclusion configured in our antivirus software.
Instead of calling the standard installer installer.cmd, we call our custom wrapper for it that re-points the %TMP% and %TEMP% variables to that custom temp directory.
installer_with_custom_tmp.bat
cd /d %~dp0
set tmp=%~dp0custom_temp
set temp=%~dp0custom_temp
call installer.cmd %*
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.