Using Real-Time Scanners

MOVEit Automation can be used to scan downloaded files via its interface to third-party real-time antivirus utilities. These utilities work by immediately deleting infected files as they are written to or read from the MOVEit Automation cache directory. MOVEit Automation will notice that the file is no longer available and will obtain the infection information from the antivirus logs. It will then take the action that you have configured on the configuration program's Virus tab.

MOVEit Automation will consider any individual file transfer that failed because a virus was detected to be a "normal" failure in the sense that it will log a specific "virus found" message in the file failure record and will initiate any configured "failure" next actions (including email alerts) configured for the task. Furthermore, MOVEit Automation will consider any task that finds a virus in one of its files to have partially failed, although it will normally continue to transfer all files that did not contain viruses in the same task run.

For details of the antivirus engines compatible with MOVEit Automation , see the Release Notes.

MOVEit Automation will identify and handle infections detected by other real-time antivirus programs, but it does not report the name of the specific virus that was detected.

After connecting to MOVEit Automation , use the Command > Test Antivirus command from MOVEit Automation Admin to test whether MOVEit Automation and your local antivirus package are successfully communicating.

Using Processes to Scan Files On Demand

Less commonly, MOVEit Automation can be used to individually scan files in its cache using a third-party antivirus program. To actively scan each file passing through MOVEit Automation , you can use the included Run DOS Command.vbs script to start the command-line utility provided by your antivirus client. This script runs a single command and errors out if a command-line antivirus client returns a code other than 0.

Alternatively, you could compose a script to invoke a COM interface of an antivirus client. This approach is more work, but could also supply MOVEit Automation with more information. If you use this approach, you must configure your real-time antivirus client to ignore the MOVEit Automation cache folder to avoid interference between the two scanning mechanisms.

Note: When setting files to scan in your Antivirus program, you must exclude mic*.xml config/state/hash files to improve the performance.

Real-time Protection Functionality

Real-time protection, provided by antivirus engines, may result in the antivirus software intercepting all processes for examination, leading to potential time-out issues with MOVEit Automation . However, if real-time protection is essential, this situation can be improved by ensuring that all of the MOVEit Automation processes and the cache directory are exempt from scanning. To identify the processes run by MOVEit Automation , open the Task Manager to review the processes that are running under your MOVEit Automation user account.

The main MOVEit Automation processes that should be exempt from scanning are:

  • MIAdmin.exe
  • MICentral.exe
  • tomcat8.exe

If a local MySQL database is used, exclude the mysqld-nt.exe service and its directories from the real-time scan to avoid degradation of your database performance.

For more information, see Best Practices for local anti-virus (AV) setups on MOVEit Automation (Central) or MOVEit Transfer (DMZ) and Error Message: The cache file disappeared.