Qlik Sense requires access to predetermined TCP and UDP ports to function. If anti-virus software prevents traffic on these ports, Qlik Sense may not function as expected. This can include running exe files, data connections, etc.
Qlik Sense constantly updates a number of log files and also relies on multiple config and binary files to function correctly. If these files and folders are being scanned by the anti-virus software, then this may cause upgrades/installation to fail, performance issues, or cause the services to fail.
For an example with Symantec see Antivirus exceptions for Qlik Sense- McAfee, Symantec & Other Anti-Virus exclusions absolutely requiredEnvironments:
- Qlik Sense Enterprise for Windows June 2017 and later
- Qlik Sense Desktop, all versions
The following folders should be considered for an exception:
: Verify requirements on the Qlik Sense Online Help
for the installed versionNote2:
A machine reboot is required after exclusions are madeNote3:
For Qlik Sense Desktop additional locations, see the appropriate Qlik help page for the version being installed. See Installing Qlik Sense Desktop.
- All executables under %Program Files%\Qlik\Sense
- All executables under %ProgramFiles%\Common Files\Qlik\Custom Data
- The full share root folder location which includes the App folder configured in the Service Cluster. The app folder stores all app files. In latest releases of Qlik Sense, files with ".lock" extensions are generated, and each binary app file has its own .lock file. These file must be excluded from analysis as well.
- It is not recommended to exclude the Static Content root folder in the Service Cluster, as this is the target location for end user uploads
- If the PostgreSQL database is installed on another machine please refer to the PostgreSQL manual for more details https://wiki.postgresql.org/wiki/Running_%26_Installing_PostgreSQL_On_Native_Windows
- Make sure that the Antivirus doesn't block Qlik Sense from updating the keys in C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ , as this will block the system bootstrap. Check Users are unable to re-create certificates using the bootstrap command for details. .
Ports to be excluded from Anti-Virus Monitoring / Blocking
- See the relevant piece of documentation for your version of Qlik Sense: Help Site > Deploy > Planning your deployment > Architecture > Ports
- Sophos Antivirus will require 127.0.0.1 * to be excluded
Note: Qlik Support cannot provide support and services for any Qlik Servers in which performance issues, port issues, installation, patching, or upgrading problems occur if these directories are not made exempt for any and all Anti-Virus solution. It will be best-effort, as the exclusions of these directories is a prerequisite to Qlik software.
- Make sure that the anti-virus is not blocking access to certificates stored in the following location and their private keys: Personal (Local Computer), Trusted Root Certification Authorities (Local Computer), Personal (Current User for the service account)
Ref: Qlik Sense Help, Deploy > Troubleshooting - Deployment > Anti-virus software scanning affects performance