TDR and Avast Business Antivirus Integratin Guide
i WatchGuard Technlgies, Inc.
TDR and Avast Deplyment Overview Threat Detectin and Respnse (TDR) is a cllectin f advanced malware defense tls that crrelate threat indicatrs frm Firebxes and Hst Sensrs t enable real-time, autmated respnse t stp knwn, unknwn, and evasive threats. As part f the TDR slutin, yu install TDR Hst Sensrs t prvide endpint prtectin. In sme cases, the TDR Hst Sensr might have cnflicts with the antivirus sftware installed n yur endpints. T reslve this issue, yu can cnfigure exclusins in the antivirus sftware and in TDR. This dcument includes infrmatin abut the integratin f a TDR Hst Sensr with a hst that runs Avast sftware. It des nt describe the prcedure t set up Threat Detectin and Respnse. Fr infrmatin abut hw t set up yur TDR accunt, hw t enable TDR n a Firebx, and hw t install a Hst Sensr, see Quick Start Set Up Threat Detectin and Respnse. Integratin Summary T avid cnflicts between the TDR Hst Sensr and Avast Business Antivirus Pr Plus (Windws) and Avast Business Antivirus (Mac), add these exclusins: Exclusins in TDR fr Avast Business Antivirus Pr Plus Fr Windws: C:\Prgram Files\AVAST Sftware\ C:\Windws\Temp\avast_ash2\ Exclusins in Avast Business Antivirus Pr Plus fr the TDR Hst Sensr Fr Windws: 64-bit Windws C:\Prgram Files (x86)\watchguard\threat Detectin and Respnse\ 32-bit Windws C:\Prgram Files\WatchGuard\Threat Detectin and Respnse\ Exclusins in TDR fr Avast Business Antivirus Fr Mac: /Users/*/Library/Saved Applicatin State/cm.avast.passwrds.Passwrds.savedState /private/var/flders/zz/zyxvpxvq6csfxvn_n0000000000000/t/avast.dwnlad.* /private/tmp/cm.avast.lckdir Exclusins in Avast Business Antivirus fr the TDR Hst Sensr Fr Mac: /Applicatins /WatchGuard TDR and Avast Business Antivirus Integratin Guide 1
If yu installed Avast Business Antivirus Pr Plus befre yu installed the TDR Hst Sensr, when yu install the TDR Hst Sensr, a pp-up alert appears in Avast. The alert identifies the TDR Hst Sensr as a threat. T add an exceptin fr the Hst Sensr and cntinue, click Mre Optins and select Create Exceptin. Avast then marks the TDR Hst Sensr as safe s yu d nt have t manually add an exclusin fr the Hst Sensr later. If the TDR Hst Sensr and Avast Business Antivirus sftware detect and respnd t a threat at the same time, yu might see high utilizatin f system resurces, such as the CPU, memry, and disk I/O. Cnfiguratin Details T cmplete this deplyment, yu must have: An active Threat Detectin and Respnse subscriptin, with Hst Sensr licenses TDR Hst Sensr 5.2.1.8015 Firebx with Fireware v12.0 r higher Avast Business Antivirus Pr Plus 17.8.2527 (build 17.8.3705.249) Avast Business Antivirus 13.4 The Windws test envirnment fr this deplyment included: Windws 7, 8, 10 Enterprise 64-bit Operating System Memry (RAM) 8 GB Prcessr 2 CPU Cres The Mac test envirnment fr this deplyment included: macos 10.13 Memry (RAM) 8 GB Prcessr Intel Cre i5 2 WatchGuard Technlgies, Inc.
Cnfigure Exclusins in TDR In yur TDR accunt, add the exclusins t manually identify paths fr files and prcesses that yu d nt want Hst Sensrs t mnitr. Befre yu deply a Hst Sensr n cmputers that have Avast Business Antivirus Pr Plus (Windws) r Avast Business Antivirus (Mac) installed, add exclusins fr the Avast Business Antivirus Pr Plus (Windws) r Avast Business Antivirus (Mac) file paths as TDR Exclusins in yur TDR accunt. T exclude Avast directries, add exclusins with these paths in yur TDR accunt. Flders specified in an exclusin must end with a backslash. Exclusins fr Windws: C:\Prgram Files\AVAST Sftware\ C:\Windws\Temp\avast_ash2\ Exclusins fr Mac: /Users/*/Library/Saved Applicatin State/cm.avast.passwrds.Passwrds.savedState /private/var/flders/zz/zyxvpxvq6csfxvn_n0000000000000/t/avast.dwnlad.* /private/tmp/cm.avast.lckdir T add an exclusin in TDR: 1. Lg in t yur TDR accunt r managed accunt as a user with Operatr privileges. 2. Select Cnfiguratin > Exclusin. 3. Click Add Exclusin. The Add Exclusin dialg bx appears. 4. In the Path text bx, type the path t exclude. 5. Click Save & Clse. Repeat these steps t add each exclusin. TDR and Avast Business Antivirus Integratin Guide 3
Cnfigure Exclusins in Avast In Avast, add the exclusins t identify the paths fr files and lcatins t exclude. T prevent cnflicts between the Hst Sensr and Avast, we recmmend yu add exclusins in Avast fr the paths used by the TDR Hst Sensr. T exclude TDR Hst Sensr files n 64-bit Windws add an exclusin fr: C:\Prgram Files (x86)\watchguard\threat Detectin and Respnse\ T add an exclusin in Avast Business Antivirus Pr Plus Fr Windws: 1. In the Avast interface, select Settings> General. 2. Expand Exclusins. 3. In the File paths sectin, type r select the directries t exclude. 4. Click OK. T exclude TDR Hst Sensr files n macos, add an exclusin fr: /Applicatins /WatchGuard T add an exclusin in Avast Business Antivirus Fr macos: 1. Frm the left panel, select Scan. 2. In the Full System Scan sectin, select Settings. 3. In the Excluded paths sectin, add the paths t exclude. Test results might als apply t these Windws prducts, which were nt tested: Avast Endpint Prtectin Antivirus Avast Endpint Prtectin Antivirus Pr Avast Endpint Prtectin Suite Avast Endpint Prtectin Suite Plus Fr infrmatin abut the integratin testing methdlgy, see TDR Testing Methdlgy. 4 WatchGuard Technlgies, Inc.
Abut This Guide Guide Type Dcumented Integratin WatchGuard r a Technlgy Partner has prvided dcumentatin demnstrating integratin. Guide Details WatchGuard prvides integratin instructins t help ur custmers cnfigure WatchGuard prducts t wrk with prducts created by ther rganizatins. If yu need mre infrmatin r technical supprt abut hw t cnfigure a third-party prduct, see the dcumentatin and supprt resurces fr that prduct. Infrmatin in this guide is subject t change withut ntice. Cmpanies, names, and data used in examples herein are fictitius unless therwise nted. N part f this guide may be reprduced r transmitted in any frm r by any means, electrnic r mechanical, fr any purpse, withut the express written permissin f WatchGuard Technlgies, Inc. Guide revised: 1/18/2018 Cpyright, Trademark, and Patent Infrmatin Cpyright 1998 2018 WatchGuard Technlgies, Inc. All rights reserved. All trademarks r trade names mentined herein, if any, are the prperty f their respective wners. Cmplete cpyright, trademark, patent, and licensing infrmatin can be fund in the Cpyright and Licensing Guide, available nline at http://www.watchguard.cm/wgrd-help/dcumentatin/verview. Abut WatchGuard WatchGuard Technlgies, Inc. is a glbal leader in netwrk security, prviding best-in-class Unified Threat Management, Next Generatin Firewall, secure Wi-Fi, and netwrk intelligence prducts and services t mre than 75,000 custmers wrldwide. The cmpany s missin is t make enterprisegrade security accessible t cmpanies f all types and sizes thrugh simplicity, making WatchGuard an ideal slutin fr Distributed Enterprises and SMBs. WatchGuard is headquartered in Seattle, Washingtn, with ffices thrughut Nrth America, Eurpe, Asia Pacific, and Latin America. T learn mre, visit WatchGuard.cm. Fr additinal infrmatin, prmtins and updates, fllw WatchGuard n Twitter, @WatchGuard n Facebk, r n the LinkedIn Cmpany page. Als, visit ur InfSec blg, Secplicity, fr real-time infrmatin abut the latest threats and hw t cpe with them at www.secplicity.rg. Address 505 Fifth Avenue Suth Suite 500 Seattle, WA 98104 Supprt www.watchguard.cm/supprt U.S. and Canada +877.232.3531 All Other Cuntries +1.206.521.3575 Sales U.S. and Canada +1.800.734.9905 All Other Cuntries +1.206.613.0895 TDR and Avast Business Antivirus Integratin Guide 5