To ensure successful Movere scans, we strongly recommend whitelisting all Movere binaries within any anti-virus or security software that may be in use within your environment.
Some anti-virus products will block all newly installed executables by default. The following executables only need to be whitelisted on the device(s) where the Movere Console is installed:
Default installation location: C:\...\Movere\Console\
- Movere.Console.WPF.exe – The Movere Console.
- Movere.Service.exe – The Movere service that orchestrates scanning.
- Movere.Uninstall.exe - The service to uninstall Movere.
- Movere.UpdateService.exe - The service to automatically update to the latest version of the Movere Console (optional).
If applicable, the following executables should be whitelisted on all target Windows devices:
Default installation location: c:\Windows\Temp\
- FrameworkVerifier.exe – Required to verify the endpoints .NET Fx version, and trigger the scan
- Bot2\Movere.Bot2.Local.exe – Required to locally inventory a Windows device running .NET 2.0 through 3.5
- Bot4\Movere.Bot4.Local.exe – Required to locally inventory a Windows device running .NET 4.0 or higher
- Arc2\Movere.Arc2.exe – Required to ARC scan a Windows device running .NET 3.5
- Arc2\Movere.Arc4.exe – Required to ARC scan a Windows device running .NET 4.0 or higher
Movere is available in four separate Azure regions, West US, Western Europe, Eastern Canada, and Eastern Australia. Each region has specific URL's and IP addresses and all URLs for the region housing your specific Movere tenant should be whitelisted. There are two IP addresses to white list based upon the region your Movere tenant resides in. For a comprehensive list of all URLs and IPs addresses used by Movere, please see Movere URLs and IP Addresses for Whitelisting.
While there are only two IP addresses per region, some security products can only white list URLs. Several services are required to run Movere including User Authentication, Tenant Emulation and Uploading, and if sites can only be white listed based upon URL, then all 9 (specific to each region) will need to be whitelisted.
To test connectivity to Movere, open a browser and navigate to: https://geo.movere.io/ip. If you see an IP address, you can connect to Movere:
Network Address Translation (NAT)
A customer may use NAT to map ‘ftapi1.movere.io’ to an internal IP address. Internally they will target the IP address they created, which will then re-direct to the correct Movere IP address. When a customer does this, they must tell the device the Movere Console is being run from how to correctly map the internal IP address to the external Movere IP address. To do this, a DNS entry must be created for that device.
- Navigate to: c:\Windows\System32\Drivers\etc and open the ‘hosts’ file with notepad
- At the bottom of this file enter the NAT address they have setup, e.g.: 192.168.1.5 ftapi1.movere.io
- Attempt to download the token.txt file. If successful, then scanning can begin.