<< PREVIOUS       NEXT >>

 

WORKING WITH EXISTING SECURITY SOLUTION


 

The table below depicts VSP MEP compatibility with the various security solutions on Windows:

 

Security Solution

VSP 2.4.x and below

VSP 2.5.x and above

Comments

Sophos Intercept X

Ensure that the configurations in Section Sophos are complete

Trend Micro Deep Security

Ensure that the configurations in Section Trend Micro are complete

CrowdStrike Falcon XDR

 

 

Palo Alto Cortex XDR

 

Ensure that the configurations in Section Cortex are complete

Others

 

Contact Virsec Technical Team for confirmation 

Table – Compatibility with VSP

 

This section provides steps to ensure that VSP works seamlessly along with an existing security solution. 

Ensure that either of the two approaches below is implemented (in the order of preference):

  1. Disable any existing security solution (like AV, EDR, HIPS) before VSP Probe is installed 

  2. If the existing security solutions cannot be disabled, ensure that the VSP probe files and folders are excluded from any form of monitoring by them on the server. The locations that need to be excluded are listed below:

    1. Windows: C:\Program Files (x86)\Virsec

    2. Linux: /opt/virsec  and /var/virsec

      1. In some cases where the existing security product might block new kernel modules, allow the directory /opt/virsec/rmp/*/bin/*/*/vsysi.ko as a trusted kernel module

    3. Enable Memory Exploit protection on some test systems initially to ascertain that the required exclusions are working as expected

  3. The existing security solution must be allowlisted in CMS. By default, it is added to the allowlist if the security solution is present at the time of the scan

Failing to do the above can lead to adverse impacts including system crashes.

 

The configuration procedures for some of the security solutions are provided in the sections below.

 

<< PREVIOUS       NEXT >>