WORKING WITH EXISTING SECURITY SOLUTION
The table below depicts VSP MEP compatibility with the various security solutions on Windows:
|
Security Solution |
VSP 2.4.x and below |
VSP 2.5.x and above |
Comments |
|
Sophos Intercept X |
✔ |
✔ |
Ensure that the configurations in Section Sophos are complete |
|
Trend Micro Deep Security |
✔ |
✔ |
Ensure that the configurations in Section Trend Micro are complete |
|
CrowdStrike Falcon XDR |
|
✔ |
|
|
Palo Alto Cortex XDR |
|
✔ |
Ensure that the configurations in Section Cortex are complete |
|
Others |
|
✔ |
Contact Virsec Technical Team for confirmation |
Table – Compatibility with VSP
This section provides steps to ensure that VSP works seamlessly along with an existing security solution.
Ensure that either of the two approaches below is implemented (in the order of preference):
-
Disable any existing security solution (like AV, EDR, HIPS) before VSP Probe is installed
-
If the existing security solutions cannot be disabled, ensure that the VSP probe files and folders are excluded from any form of monitoring by them on the server. The locations that need to be excluded are listed below:
-
Windows: C:\Program Files (x86)\Virsec
-
Linux: /opt/virsec and /var/virsec
-
In some cases where the existing security product might block new kernel modules, allow the directory /opt/virsec/rmp/*/bin/*/*/vsysi.ko as a trusted kernel module
-
-
Enable Memory Exploit protection on some test systems initially to ascertain that the required exclusions are working as expected
-
-
The existing security solution must be allowlisted in CMS. By default, it is added to the allowlist if the security solution is present at the time of the scan
Failing to do the above can lead to adverse impacts including system crashes.
The configuration procedures for some of the security solutions are provided in the sections below.