Changing temp file location on a bigfix server

jbreedon 2023-04-24 20:20:04 UTC #1

Hello,

I am trying to add the AV exclusions for the Bigfix server from this link:
https://help.hcltechsw.com/bigfix/10.0/platform/Platform/Config/win_real_time_av.html

My IS group wants the temp file location moved from the default C:\windows\temp to another directory.

Can this be done?

Thanks

vk.khurava 2023-04-25 05:09:06 UTC #2

I’m quite sure there is no way to modify that in the normal code/installers, however if you’re using custom content, you can change this location to something else.

We also have several exceptions within our endpoint control system, but nothing outside of BigFix files, services, or processes is permitted.

The ideal strategy to enable execution is to allow all processes/execution whenever they are executed through any of the BigFix processes or from BigFix directories.

ageorgiev 2023-04-25 07:40:26 UTC #3

I don’t think not having c:\windows\temp excluded is a big deal and might even be extremely old KB article that is no longer valid (bigfix packages haven’t started with tem prefix for a lot of years!!!). My suggestion is to open a support case and get them to confirm whether this is even a requirement and if it is what would be the impact to skip it but in my experience it’s non-essential.

JasonWalker 2023-04-25 12:55:28 UTC #4

I usually don’t do the TEMP exclusion unless it’s in a very large deployment where every bit of performance counts.
That said, it’s possible to change environment variables like TEMP and TMP to point to a different folder path on a per-service basis.

It’s been a long time since I’ve used this method and don’t have a reference handy but it’s illustrated at this serverfault link https://serverfault.com/a/1103091
In the Service path in the Registry, you can define a new REG_MULTI_SZ value “Environment” that contains var=value entries. You can set TEMP=c:\bestemp and TMP=c:\bestemp for example (if I recall the directory must exist before you start the service). For the purpose of your AV exclusion you’ll want to apply that to BESRootServer, GatherDB, FillDB, and BES Server Plugin Service (if present).
While I’m not aware of any side-effects, if you do run into any issues with it we might require you set it back to defaults for any troubleshooting (ie changing the defaults this way may not be officially supported and could make troubleshooting more difficult)