Anti-Virus Software on TAC

In general, it is not recommended to have Anti-Virus software installed a on TAC server, as it may cause an overall TAC server performance issue. Additionally, the TAC server is a security sensitive device and should have limited access only by administrators. No external software should be present on a TAC server. TAC stability and security is validated only with the standard TAC configuration; when only the TAC software is present on TAC server.

If corporate policy requires Anti-Virus software to be present on TAC device, it will need to conform to the following requirements:

  1. Anti-Virus software should not act as a firewall or control\block network traffic. As this could make TAC inaccessible to the users or prevent proper TAC operations flow.
  2. Anti-Virus should be configured to exclude the following folders from all scans:
  1. C:\Program Files\PortSys\TAC Gateway
  1. Following processes should NOT be scanned and should be white listed:
  1. C:\Windows\System32\dsamain.exe
  2. C:\Program Files\PortSys\TAC Gateway\Management\TacConsole.exe
  3. C:\Program Files\PortSys\TAC Gateway\Gateway\TacGateway.exe
  4. C:\Program Files\PortSys\TAC Gateway\GatewayManager\TacGatewayMgr.exe
  5. C:\Windows\System32\inetsrv\w3wp.exe
  6. C:\Program Files\PortSys\TAC Gateway\Tools\TacTracing.exe
  7. C:\Program Files\PortSys\TAC Gateway\PortalSource\bin\roslyn\*.*
  8. C:\Program Files\PortSys\TAC Gateway\Environment\*\TacRdpHtmlGateway.exe
  9. C:\Program Files\PortSys\TAC Gateway\Environment\*\csc.exe
  10. C:\Program Files\PortSys\TAC Gateway\Environment\*\csi.exe
  11. C:\Program Files\PortSys\TAC Gateway\Environment\*\VBCSCompiler.exe
  12. C:\Program Files\PortSys\TAC Gateway\Environment\*\vbc.exe

Please note: For h-l items, TAC uses dynamic paths, but executable names do not change.

  1. Other core Windows services should be allowed and function as normal.