OBJECTIVE or GOAL
Identify MassLynx folders that should be excluded from real-time antivirus scanning.
- Antivirus software - all vendors
Waters recommends that the following folders be excluded from real-time scanning (also include subfolders if given the option):
- Full virus scans should be scheduled for times when MassLynx is not in use
- Exclude C:\MassLynx, C:\Program Files (x86)\Waters Instruments, C:\Program Files\Waters Instruments, and any other MassLynx related folders, from real-time scanning
- Create an exclusion for .RAW files
- Disable Heuristic AV software and Network Threat Protection (if using Symantec Endpoint Protection)
- Disable real-time, automatic updates. Only download and install antivirus updates (including definitions updates) when not acquiring data
The following information is intended only as a framework that customer's IT specialist can use when evaluating MassLynx compatiblity of antivirus software other than Symantec. This does not imply other antivirus software is supported with MassLynx.
- For Symantec we recommend users turn off Network Threat Protection, which is effectively a firewall. Also turn off the equivalent function in your antimalware software.
- Exclude .raw files from scans
- Exclude the following folders from scans (which of these is applicable depends on the software purchased)
- C:\Program Files (x86)\Waters Instruments\
- Locations of all MassLynx projects and raw data.
- C:\PLGS3.0.3\ (or other version of PLGS as appropriate)
- C:\Program Files (x86)\Nonlinear Dynamics\
- C:\Program Files\Waters\ (this includes the DynamX installation folder)
- The locations of all PLGS3 databases, including C:\ProgramData\Waters\
- Schedule antivirus scans so that they do not run when data is being acquired and/or processed.
- Schedule antimalware updates (including definitions updates) so that they are not downloaded or installed while data is being acquired or processed. Ideally, either turn software updates off, or configure them so that they alert the user to download and install manually rather than automatically.
- Make sure all firewalls are disabled on the instrument LAN, including both the Windows firewall and any proprietary firewall included in the security software installed. Note that in some security software the firewall has a different name, for example Network Threat Protection in Symantec is effectively a firewall.
- The Windows PC firewall can occasionally be re-enabled by windows updates, so after every Windows update the firewall should be checked to ensure it is still disabled.
- If there are other firewall restrictions on the customer's network it may be necessary to configure the firewall to allow all MassLynx associated processes through, and also java processes (PLGS and BPL are java based), if data is being read / written across the network.
- The advice on when to schedule updates also applies to Windows updates and other software updates
- User Account Controls should be set to the lowest setting during software installation. Higher UAC settings can effectively restrict the permissions of the Administrator account to those of a standard user account. This can cause problems installing software and / or configuring ACQUITY modules.