Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: Anti-Virus Exclusions for Agent (Windows)

App Control: Anti-Virus Exclusions for Agent (Windows)

Environment

  • App Control Agent: All Supported Versions
  • Microsoft Windows: All Supported Versions

Objective

This document contains the list of both files and folders that should be excluded in any other security software on endpoints that also have an App Control Agent installed.

Resolution

File Exclusions:
  • C:\Windows\System32\drivers\Parity.sys
  • C:\Program Files\Bit9\Parity Agent\Crawler.exe
  • C:\Program Files\Bit9\Parity Agent\Dascli.exe
  • C:\Program Files\Bit9\Parity Agent\Notifier.exe
  • C:\Program Files\Bit9\Parity Agent\Parity.exe
  • C:\Program Files\Bit9\Parity Agent\Timedoverride.exe
  • C:\Program Files (x86)\Bit9\Parity Agent\Crawler.exe
  • C:\Program Files (x86)\Bit9\Parity Agent\Dascli.exe
  • C:\Program Files (x86)\Bit9\Parity Agent\Notifier.exe
  • C:\Program Files (x86)\Bit9\Parity Agent\Parity.exe
  • C:\Program Files (x86)\Bit9\Parity Agent\Timedoverride.exe
Folder Exclusions:
  • C:\Documents and Settings\All users\Application Data\Bit9\Parity Agent\
  • C:\ProgramData\Bit9\Parity Agent\
  • C:\Program Files\Bit9\Parity Agent\
  • C:\Program Files (x86)\Bit9\Parity Agent\

Additional Notes

  • Windows Defender is enabled by default on Windows machines, and also requires these exclusions.
  • Some vendors require a trailing asterisks (*) when entering exclusions. Sub-folders should be included on the exclusion. Please refer to the vendor's documentation.
  • The App Control Agent is considered a "real-time" scanner. It also has a self-protection mechanism (Tamper Protection) to ensure that the average end-user cannot disable it. It is important to set up an exclusion policy with your antivirus (or any other real-time scanning application) to provide proper interoperability.
  • This exclusion will also eliminate potential performance issues caused by the AV process constantly scanning our cache and transaction log files. Since we are a real-time scanner, these files are constantly being written to.

Related Content


Labels (1)
Was this article helpful? Yes No
75% helpful (6/8)
Article Information
Author:
Creation Date:
‎09-13-2018
Views:
19834
Contributors