Next-Generation Antivirus add-on requirements

Rapid7's Next-Generation Antivirus add-on has requirements that must be met to ensure your add-ons function as intended. This article covers each of the requirements in detail.

Insight Agent requirements

Next-Generation Antivirus is an add-on of the Insight Agent for Managed Threat Complete (MTC) Ultimate customers and Managed Detection and Response (MDR) customers who have purchased the add-on. Review the requirements of the Insight Agent, which must be met along with the requirements listed in this article.

Operating system support

Next-Generation Antivirus currently supports the following operating systems:

Windows

Next-Generation Antivirus currently requires Insight Agent 4.0.0.0 and above for Windows operating systems.

Mac

The Next-Generation Antivirus add-on for Mac operating systems works with every Insight Agent version that Rapid7 currently supports. The system that will host the Next-Generation Antivirus add-on also must meet the following system requirements:

  • Processor - 2vCPU
  • Memory (RAM) - 2GB
  • Free HDD Space - 25GB

Next-Generation Antivirus filesystem compatibility

Next-Generation Antivirus is compatible with the following filesystems:

  • aufs
  • btrfs
  • cifs
  • ext2
  • ext3
  • ext4
  • nfs
  • nfs4
  • overlay
  • smb3
  • tmpfs
  • xfs
  • zfs
Linux

The Next-Generation Antivirus add-on for Linux operating systems works with every Insight Agent version that Rapid7 currently supports. The system that will host the Next-Generation Antivirus add-on also must meet the following system requirements:

  • Processor - 2vCPU
  • Memory (RAM) - 2GB
  • Free HDD Space - 25GB

Next-Generation Antivirus filesystem compatibility

Next-Generation Antivirus is compatible with the following filesystems:

  • aufs
  • btrfs
  • cifs
  • ext2
  • ext3
  • ext4
  • nfs
  • nfs4
  • overlay
  • smb3
  • tmpfs
  • xfs
  • zfs

Antivirus and EDR software compatibility

The scope of capabilities that constitutes Next-Generation Antivirus means there is a potential for functionality overlap and process conflict with similar solutions you may already have deployed in your environment. For this reason, your existing security infrastructure must meet the requirements detailed in this article to accommodate your Next-Generation Antivirus add-on.

  • Next-Generation Antivirus must be the only antivirus solution running on your assets
    • Due to a Windows operating system rule that only allows one antivirus solution to be running on the device at a time, Rapid7's Next-Generation Antivirus add-on must be the only instance of antivirus running on each of your assets. If you have other antivirus software already installed on assets you intend to monitor with Next-Generation Antivirus, that software must be uninstalled before you start your Next-Generation Antivirus installation and deployment.
  • The Insight Agent must be excluded from your EDR solution

Due to operating system rules that only allow one antivirus solution to be running on the device at a time, Rapid7's Next-Generation Antivirus add-on must be the only instance of antivirus running on each of your assets. If you have other antivirus software already installed on assets you intend to monitor with Next-Generation Antivirus, that software must be uninstalled before you start your Next-Generation Antivirus installation and deployment.

The Insight Agent must be excluded from your EDR solution

Deploying an antivirus solution alongside an EDR is not recommended

It is not recommended to deploy an antivirus solution (Next-Generation Antivirus being one) and an EDR solution at the same time. However, if you must do so to satisfy a security policy in your organization, this section explains how you can accommodate both.

If you also monitor your assets with an Endpoint Detection and Response (EDR) solution and want to continue doing so alongside Endpoint Prevention's capabilities, note that you will need to make changes to your EDR configuration to prevent your EDR software from impacting Endpoint Prevention's performance. The Insight Agent installation directory must be excluded from being monitored by your EDR software to ensure that Endpoint Prevention's capabilities are not blocked from taking the actions as configured in your prevention policies.

Network traffic and connectivity for antivirus capabilities

If you use Rapid7's Next-Generation Antivirus add-on, the assets on which the Insight Agent is installed (or the proxy you configure to receive all agent-related traffic) must be able to communicate with the service that initializes and updates the On-Access Scanning prevention engine, which is Endpoint Prevention's antivirus implementation. The following URL must be reachable through port 443:

URLDescription
ht‌tps://rapid7-83473e9e-2016-47ba-a7ed-05d0c824b19c.2d7dd.cdn.bitdefender.netInitialization of the On-Access Scanning prevention engine and updates to antivirus signatures.