Topic
  • 4 replies
  • Latest Post - ‏2014-01-21T10:40:17Z by FrederikBraad
FrederikBraad
FrederikBraad
5 Posts

Pinned topic Temporarily disable AV

‏2014-01-21T10:04:39Z |

Hi,

I've gotten a request from a customer using TEM Core AV, who wants an easy way to temporarily disable AV on a machine, for troubleshooting or specific installation issues. - Either locally via a script or something, and/or as a fixlet.

You would you go about creating such a fixlet? - Would you disable scheduled and real-time scan, temporarily exclude all folders, or is there a better way of doing it? -And could you somehow make a time-limited fixlet, that automatically reverts after perhaps 24 hours?

Thanks!

Frederik

  • Xie_Ran91
    Xie_Ran91
    62 Posts
    ACCEPTED ANSWER

    Re: Temporarily disable AV

    ‏2014-01-21T10:30:33Z  

    Good idea. I will definitely do that. Thanks.

    Until then, I think we need a temporary solution. -So any ideas would be appreciated. :)

    Here I attached a custom fixlet which restarts the two CPM services. You can check the action and read the comments, then copy out the parts which disable the scan services.

     

    Note: the self-protection needs to be turned off in order to turn off the scan services. This is also in the fixlet action attached here.

  • Xie_Ran91
    Xie_Ran91
    62 Posts

    Re: Temporarily disable AV

    ‏2014-01-21T10:23:09Z  

    Most likely, this could be a fixlet or a wizard which helps you configure the policy. I will file a RFE for this.

  • FrederikBraad
    FrederikBraad
    5 Posts

    Re: Temporarily disable AV

    ‏2014-01-21T10:25:24Z  
    • Xie_Ran91
    • ‏2014-01-21T10:23:09Z

    Most likely, this could be a fixlet or a wizard which helps you configure the policy. I will file a RFE for this.

    Good idea. I will definitely do that. Thanks.

    Until then, I think we need a temporary solution. -So any ideas would be appreciated. :)

  • Xie_Ran91
    Xie_Ran91
    62 Posts

    Re: Temporarily disable AV

    ‏2014-01-21T10:30:33Z  

    Good idea. I will definitely do that. Thanks.

    Until then, I think we need a temporary solution. -So any ideas would be appreciated. :)

    Here I attached a custom fixlet which restarts the two CPM services. You can check the action and read the comments, then copy out the parts which disable the scan services.

     

    Note: the self-protection needs to be turned off in order to turn off the scan services. This is also in the fixlet action attached here.

  • FrederikBraad
    FrederikBraad
    5 Posts

    Re: Temporarily disable AV

    ‏2014-01-21T10:40:17Z  
    • Xie_Ran91
    • ‏2014-01-21T10:30:33Z

    Here I attached a custom fixlet which restarts the two CPM services. You can check the action and read the comments, then copy out the parts which disable the scan services.

     

    Note: the self-protection needs to be turned off in order to turn off the scan services. This is also in the fixlet action attached here.

    Perfect! Thank you! 

    I will try to build something based in this.

     

    FYI: I have also posted an RFE on the feature: http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=43873