Environmental prerequisites and best practices for the scanner
Last Modified: 2023-02-21 17:51:46 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
After December 1, 2024, please log in to the Thrive Portal for support, knowledge articles, tools, and downloads. For information about using the Thrive Portal, view the Trellix Thrive Portal User Guide.
Environmental prerequisites and best practices for the scanner
Technical Articles ID:
KB84418
Last Modified: 2023-02-21 17:51:46 Etc/GMT Environment
Endpoint Security Storage Protection (ENSSP) 2.x VirusScan Enterprise for Storage (VSES) 1.x Summary
The following environmental prerequisites and best practices apply to all versions: Make sure that the storage appliances are registered within ENSSP or VSES using their static IP addresses, and not their DNS names. When NetApp C-Mode is configured in any of the following, the storage appliance is the
Establish the following service dependencies and recovery options: Set these services to restart on any failure count:
There are three connection types that a storage appliance can use:
NOTES:
Criteria for the default Filer account to scan with ENSSP: The default Filer account should meet the following criteria to scan a file with ENSSP:
To validate domain/user credentials from ENSSP:
Determine whether to change the user account that the VSES service uses: The installation-default user account SYSTEM (
Check C: If the user account that the VSES service uses is a Domain User account (
In the local and domain account, use the same
To confirm, perform the steps below:
Make sure that the Group Policy object "Allow Local System to use computer identity for NTLM" is disabled: You might see the following error frequently in the Event Management System (EMS) log. This issue occurs if the Group Policy object "Allow Local System to use computer identity for NTLM" is enabled. To resolve the issue, disable the following Group Policy setting in the Windows Server: "Network security: Allow Local System to use computer identity for NTLM group policy object." For more information, see the NetApp article on error vscanBadUserPrivAccess. Previous Document ID (Secured)
TN300414
Affected ProductsLanguages:This article is available in the following languages: |
|