I'm curious how everyone is meeting this control on Linux (specifically Red Hat). I'm also interested in knowing if you've run into any conflicts with 3.14.5 (malware scanning) since two different solutions intercepting I/O could be a large cause for conflict

Just for reference here are the controls I'm referencing:

3.4.8 Apply deny-by-exception (blacklisting) policy to prevent the use of unauthorized software or deny-all, permit-by-exception (whitelisting) policy to allow the execution of authorized software.

3.14.5 Perform periodic scans of organizational systems and real-time scans of files from external sources as files are downloaded, opened, or executed. 3.14. 6 Monitor organizational systems, including inbound and outbound communications traffic, to detect attacks and indicators of potential attacks.