Generous whitelisting of entire directories should fix problems.

(Image: deepadesigns / Shutterstock.com)

Companies such as FireEye, Microsoft and CISA published lists of files on the SolarWinds Orion platform with the Sunburst backdoor. However, those who followed SolarWinds’ guidance should not rely on their AV software to discover the Trojanized libraries. A support document from the manufacturer recommended that the SolarWinds Orion directories should be generously excluded from monitoring by AV software, as this can lead to problems.

Quote from the support document, which is now password-protected

RESOLUTION

For SolarWinds products, to prevent possible application related issues, unexpected behavior and performance related problems, at minimum you would need to consider excluding the following items from antivirus or security software that you install on your SolarWinds Primary, Additional, HA backup polling engines and any web servers that you run.

(Image: SolarWinds via Google cache)

(Image: SolarWinds via Google cache)

Without further words …

(ju)