Configuring Virus Checkers

Match-IT is a huge system and the probability of false positives from virus checkers is high.  When this happens it can cause massive delays while it is resolved.  All our files are digitally signed with a “code signing” licence that we have to jump through hoops and pay a high price to obtain; but virus checkers still attack our files with false positives.

When our programs start they rigorously self-check both their digital signatures and verify a pre-computed checksum. Any alteration to a Match-IT file will be detected and Match-IT will refuse to run: It it is safe to exempt our files form your AV.  It is safe to exempt us.

While we do run our files through two virus checkers (Clamwin and Windows Defender) before uploading to the website, a change to your virus checker signature list (they typically update daily) may then detect new false positives.  We have absolutely no way at all to counter this other than folder exemption.  A good example happened on June 12th 2019 when Windows Defender on some sites (not all and not here) started attacking a file of ours that has not changed since 2015!

The following folders must be exempted in your virus checker(s) and Windows Defender if you allow it to run in parallel with your virus checker (often the case and in our experience often not realised).

Even if you are not getting false positives we highly recommend that you follow the procedure below for performance reasons.

Server

Assuming Match-IT is installed into c:\match_it you need to exempt:-

  • c:\match_it (if you have more than one install, do this for all of them)
  • c:\programdata\match_it

Workstations

Only applicable if you are running Match-IT across the network (i.e. not using terminal services).

It is absolutely essential that workstation exemptions are in place otherwise you will get all workstations checking the same files on the server which can result in data corruptions and performance issues.  You need to exempt:-

  • Any mapped drives that point at or contain Match-IT.  The server will be checking the destination of the mapped drive so having workstations duplicate that effort just negatively affects performance.  e.g. M:
  • The UNC path to Match-IT; e.g. \\myserver\match_it
  • Like the server, you must also exempt the local c:\programdata\match_it

Your IT company usually configure all this remotely with a global policy which means the workstations do not need to be done individually.

If you are unsure if the Match-IT exemptions are in place, please point your IT company at this article and ask them to check.

We also strongly recommend not using mapped drives; as they can be very slow.

Always use a UNC path as the target in the Match-IT shortcut.

Managed anti-virus programs often have alerts to the user turned off, so all the user will see is a problem with Match-IT.  Typical symptoms are Windows saying that the shortcut target has disappeared and strange access denied errors.  If you see anything  like this, call us but also please point your IT company at this article and ask them to check configuration.  Often a new PC can creep in under the radar or it has a free trial AV installed that needs to be removed. Problems can persist after exemption because of the quarantined files and your IT company may need to resolve that as well.

Current known threats

13/06/19 – Bit defender (and custom branded managed versions) is attacking sys/match_go.exe and sys/match_ix.dll.

13/06/19 – Windows defender is attacking sys/mime/core.exe.