How do I configure my anti-virus and firewall for Sammy?

June 1st, 2020

Introduction

HIPAA requires all endpoints accessing sensitive data to have an updated anti-malware software. These applications are vigilant in making sure malware is promptly removed from endpoints, however they can also be wrong and this create issues for software vendors. It is extremely important to make sure your anti-malware solution is both compatible with The Sammy Systems and configured properly. Failure to properly configure your anti-virus will cause instability and performance issues on your workstation and/or server.

While there are many compatible anti-malware solutions, ICS Software recommends Trend Micro Anti-Virus for use on computers with Sammy. We do not test every anti-malware product for compatibility.

Windows 10 comes with Windows Defender built in and enabled by default. Windows Defender is not compatible with the Sammy Systems as it falsely removes valid applications even with exclusions configured properly.

Configuration of Anti-Virus Settings

Sammy consists of two primary components, data locations and applications. You must exclude both the Sammy application and its data location from all real-time scans.

Please review the following table for the paths to add to the exclusions for Real-Time scanning in your installed anti-malware solution. Some folders may not exist based on your current configuration, operating system architecture, and which level of Sammy you have. It is important to configure your anti-malware for all of the folders which do exist.

Application

Paths

Location

Description

SammyEHR C:\SammyEHR
C:\SammyEHR#
E:\SammyData
C:\Program Files (x86)\ICS Software\
S:\
Workstation
Server
Server
Server
Workstation
SammyEHR application path
SammyEHR application path for remote users
SammyEHR data location
SammyEHR Services
Mapped network drive for SammyData. Consult your IT for correct drive
SammyUSA C:\Sammy
C:\Sammy#
C:\Program files\Sammy\
C:\Program Files (x86)\Sammy\
S:\
Workstation
Server
Workstation
Workstation
Workstation
SammyUSA application path 64-bit OS
SammyUSA application path for remote users
SammyUSA application path 32-bit OS
SammyUSA application path for 64-bit OS
Mapped network drive for SammyData. Consult your IT for correct drive letter
SimpleSam C:\Sammy
C:\Program files\Sammy\
C:\Program Files (x86)\Sammy\
C:\SIMPSAMDATA
Workstation
Workstation
Workstation
Workstation
SimpleSam application path for 64-bit OS
SimpleSam application path for 32-bit OS
SimpleSam application path for 64-bit OS
SimpleSam data location

Firewall Configuration

Detailed firewall configuration can be found here: https://help.icssoftware.net/questions/95261-Web-addresses-and-Ports-Required-for-the-Sammy-Systems 

All applications in the application path must be allowed network connectivity.

On SammyEHR database servers port 3306 must be allowed inbound to the server on your local network. Do NOT allow port 3306 inbound from the internet. THis is only to allow endpoints to access the database while Windows firewall is enabled on the server.