Want help with your product upgrades? Upgrades made easy

Recommended settings for best performance in GFI LanGuard

GFI LanGuard remote communication needs and intensive resource access pattern make it a possible victim of third party software like anti-virus/anti-spyware solutions, intrusion prevention systems, or firewalls.  Such problems can be avoided by following a few configuration guidelines as described below:

Real-time protection engines can severely diminish GFI LanGuard’s scanning speed
  • Disable the real-time anti-virus engine from scanning the following GFI LanGuard paths (on the server as well as agent machines):
    • Microsoft Windows Vista/Server 2008 and later
      • \ProgramData\GFI\
      • 64-bit: \Program Files (x86)\GFI\
      • 32-bit: \Program Files\GFI\
    • Microsoft Windows XP/Server 2003:
      • \Documents and settings\all users\application data\GFI\
      • \Program Files\GFI\
  • Exclude the directory of the MS SQL database files (*.mdf/*.ldf)
  • Exclude the directory of the MS SQL server instance
  • Disable antimalware protection for C:\Program Files (x86)\GFI\LanGuard 12 Agent\Httpd\bin\httpd.exe (HTTP protocol, usually running on one of the TCP ports 1070-1080)
  • Disable antimalware protection for the IIS web site GFI LanGuard Central Management Server (HTTPS protocol, usually running on one of the TCP ports 1070-1080)

The firewall might slow down GFI LanGuard scanning or even block outbound connections to scanned computers
  • The Firewall should allow the following servers:
    • C:\Program Files (x86)\GFI\LanGuard 12 Agent\Httpd\bin\httpd.exe (HTTP protocol, usually running on one of the TCP ports 1070-1080)
    • IIS web site GFI LanGuard Central Management Server (HTTPS protocol, usually running on one of the TCP ports 1070-1080)
    • MSSQL Server (if using TCP connections, not Named Pipes connections 
  • The Firewall should allow the following TCP clients:
    • C:\Program Files (x86)\GFI\LanGuard 12\*.exe
    • C:\Program Files (x86)\GFI\LanGuard 12 Agent\Httpd\bin\httpd.exe
    • C:\Program Files (x86)\GFI\LanGuard 12 Agent\*.exe
    • C:\Windows\Patches\PatchAgent.exe
    • C:\Program Files (x86)\GFI\LanGuard 12 Server\*.exe
  • For communication between agents and server open the following ports in the firewall
    • Finds the list of required ports here

By default some firewall applications (like the Microsoft Windows inbuilt firewall) disable various ports and services.  This can make the target computers totally un-discoverable, or negatively affect the scanning accuracy
The port scanning section of a GFI LanGuard scan is considerably slower when the scanned computer is firewalled. Also, UDP port scanning may not be reliable with some firewall solutions.  GFI LanGuard will determine such cases and will report accordingly
  • Only enable port scanning when needed and be prepared for doubled scan duration.
    • You can disable / enable port scanning from a Scanning Profile using the GFI LanGuard configuration. Further information can be found in the GFI LanGuard Manual (Section: Scanning Profiles > Configuring TCP port scanning options)

Some Systems might see the intensive port querying done by GFI LanGuard as a possible attack and may totally block communication with the GFI LanGuard computer’s IP address for a period of time
  • Disable the intrusion prevention engine on targets while scanning them with GFI LanGuard or disable port scanning in GFI LanGuard.
    • You can disable / enable port scanning from a Scanning Profile using the GFI LanGuard configuration. Further information can be found in the GFI LanGuard Manual (Section: Scanning Profiles > Configuring TCP port scanning options)

GFI LanGuard program updates will not work if the GFI LanGuard computer cannot access the GFI web servers
During security scanning, GFI LanGuard will check if the supported virus scanners or anti-spyware software definition files are up to date. This check will fail when the GFI LanGuard computer has no Internet access. Also, downloading Microsoft updates requires Internet access
The GFI LanGuard database backend is growing to maximum capacity in a short period of time
  • The GFI LanGuard MSSQL database backend is growing to maximum capacity in a short period of time
    • Note: the Microsoft SQL Server Express version 2008 and later has a max database size of 10GB
 

Related Articles: