Ask the Community
Groups
Anti-Virus and Firewall Exclusions and Trusted Apps - Connect IT Community | Kaseya
<main> <article class="userContent"> <p>The following list of exclusions and trusted apps ar needed to ensure any Anti-Virus coexisting with the Kaseya Agent allow it to function appropriately:</p> <h3 data-id="exclusions">Exclusions</h3> <ul><li><agent working directory></li> <li>C:\Program Files\Kaseya\</li> <li>C:\Program Files (x86)\Kaseya\</li> <li>C:\Program Files\Kaseya Remote Control\</li> <li>C:\Program Files (x86)\Kaseya Remote Control\</li> <li>C:\ProgramData\Kaseya\</li> <li>C:\Program Files\Kaseya Live Connect\</li> <li> <div>C:\PCBP (<em>for KDCB</em>)</div> </li> </ul><p>The agent working directory, by default, is c:\kworking\ but may have been changed by your VSA administrator. Please review this before setting exclusions.</p> <p>Additionally, having multiple Kaseya Agents on an endpoint will cause the agent to have multiple agent working directories (ie; c:\kworking1\). Ensure that all agent working directories have exclusions set.</p> <h3 data-id="trusted-apps">Trusted Apps</h3> <ul><li><agent install directory>\AgentMon.exe</li> <li><agent install directory>\KaseyaRemoteControlHost.exe</li> <li><agent install directory>\KaUsrTsk.exe</li> <li><agent install directory>\DLLRunner32.exe</li> <li><agent install directory>\DLLRunner64.exe</li> <li><agent install directory>\curl.exe</li> <li><agent install directory>\Kaseya.AgentEndpoint.exe</li> <li><agent install directory>\KDLLHost.exe</li> <li><agent install directory>\kGetELMg64.exe</li> <li><agent install directory>\KPrtPng.exe</li> <li><agent install directory>\Endpoint\KaseyaEndpoint.exe</li> <li><agent install directory>\Endpoint\KaseyaRemoteControlHost.exe</li> <li><agent install directory>\Endpoint\KaseyaCommandShellProxy.exe</li> <li><agent install directory>\Endpoint\KaseyaTaskRunnerx64.exe</li> <li><agent install directory>\Endpoint\KaseyaTaskRunnerx86.exe</li> <li><agent install directory>\System\NetUserStateAudit.exe</li> </ul><h3 data-id="trusted-apps-for-software-management-ksm">Trusted Apps for Software Management (KSM)</h3> <ul><li>C:\ProgramData\Kaseya\Data\task\lumension\7za.exe</li> <li>C:\ProgramData\Kaseya\Data\task\lumension\analyze.exe</li> <li>C:\ProgramData\Kaseya\Data\task\lumension\cabarc.exe</li> <li>C:\ProgramData\Kaseya\Data\task\lumension\EnvPrep.exe</li> <li>C:\ProgramData\Kaseya\Data\task\lumension\LM.Detection_x64.exe</li> <li>C:\ProgramData\Kaseya\Data\task\lumension\OSPXHelper.exe</li> <li>C:\ProgramData\Kaseya\Data\task\lumension\qchain.exe</li> <li>C:\ProgramData\Kaseya\Data\task\lumension\remediate.exe</li> </ul><h3 data-id="trusted-apps-for-kaseya-cloud-backup-kdcb">Trusted Apps for Kaseya Cloud Backup (KDCB)</h3> <ul><li> <div>C:\PCBP\WBPS.exe</div> </li> <li> <div>C:\PCBP\WBPR.exe</div> </li> <li> <div>C:\PCBP\bpnetd.exe</div> </li> </ul><p>The agent install directory is where the Kaseya agent installs. Typically it is installed on C:\Program Files\Kaseya\<SERVER_GUID> where <SERVER_GUID> is a unique identifier to your VSA. If 64-bit, the install directory will be C:\Program Files (x86)\Kaseya\<SERVER_GUID>.</p> <h3 data-id="trusted-apps-for-fireeye-if-uses-with-an-a-v">Trusted Apps for FireEye (if uses with an A/V)</h3> <table data-tablestyle="MsoTableGrid" data-tablelook="1184"><tbody><tr><td data-celllook="69905"> <p><strong><span data-contrast="none">Files</span></strong><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> <td data-celllook="69905"> <p><strong><span data-contrast="none">Default File Paths</span></strong><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> <td data-celllook="69905"> <p><strong><span data-contrast="none">Windows Version</span></strong><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> </tr><tr><td colspan="1" rowspan="2" data-celllook="4369"> <p><span data-contrast="auto">audits.dll, mindexer.sys, and</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> <p><span data-contrast="auto">xagt.exe</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> <td data-celllook="4369"> <p><span data-contrast="auto">%ProgramFiles%\FireEye\xagt\*.*</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> <td data-celllook="4369"> <p><span data-contrast="auto">32-bit</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> </tr><tr><td data-celllook="69905"> <p><span data-contrast="none">%ProgramFiles(x86)%\FireEye\xagt\*.*</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> <td data-celllook="69905"> <p><span data-contrast="none">64-bit</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> </tr><tr><td data-celllook="69905"> <p><span data-contrast="none">NamespaceToEvents32.dll</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> <td data-celllook="69905"> <p><span data-contrast="none">%SystemRoot%\FireEye\*.*</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> <td data-celllook="69905"> <p><span data-contrast="none">64-bit</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> </tr><tr><td data-celllook="69905"> <p><span data-contrast="none">NamespaceToEvents.dll</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> <td data-celllook="69905"> <p><span data-contrast="none">%SystemRoot%\FireEye\*.*</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> <td data-celllook="69905"> <p><span data-contrast="none">All</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> </tr><tr><td data-celllook="69905"> <p><span data-contrast="none">FeKern.sys</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> <td data-celllook="69905"> <p><span data-contrast="none">%SystemRoot%\System32\drivers\FeKern.sys</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> <td data-celllook="69905"> <p><span data-contrast="none">All</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> </tr><tr><td colspan="1" rowspan="2" data-celllook="69905"> <p><span data-contrast="none">Everything in the</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> <p><span data-contrast="none">ProgramData\FireEye\xagt</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> <p><span data-contrast="none">Directory</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> <td data-celllook="69905"> <p><span data-contrast="none">%ALLUSERSPROFILE%\Application</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> <p><span data-contrast="none">Data\FireEye\xagt\*.*</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> <td data-celllook="69905"> <p><span data-contrast="none">NT 5.x</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> </tr><tr><td data-celllook="69905"> <p><span data-contrast="none">%ProgramData%\FireEye\xagt\*.*</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> <td data-celllook="69905"> <p><span data-contrast="none">NT 6+</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> </tr><tr><td data-celllook="69905"> <p><span data-contrast="none">xagtnotif.exe</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> <td data-celllook="69905"> <p><span data-contrast="none">%SystemRoot%\FireEye\xagtnotif.exe</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> <td data-celllook="69905"> <p><span data-contrast="none">All</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> </tr><tr><td colspan="2" data-celllook="4369"> <p><span data-contrast="auto">Any extensions in %ALLUSERSPROFILE%\Application</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> <p><span data-contrast="auto">Data\FireEye\xagt\exts directories or subdirectories should be</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> <p><span data-contrast="auto">whitelisted in your antivirus software.</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> <td data-celllook="4369"> <p><span data-contrast="auto">All</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> </tr><tr><td data-celllook="69905"> <p><span data-contrast="none">AppMonitorDll32_xx.dll</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> <p><span data-contrast="none">JavaAgentDll32_xx.dll</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> <td data-celllook="69905"> <p><span data-contrast="none">%SystemRoot%\FireEye\AppMonitorDll32_xx.dll</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> <p><span data-contrast="none">%SystemRoot%\FireEye\JavaAgentDll32_xx.dll</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> <p><span data-contrast="none">(where xx is a series of incrementing numbers)</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> <td data-celllook="69905"> <p><span data-contrast="none">64-bit</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> </tr><tr><td data-celllook="4369"> <p><span data-contrast="auto">AppUIMonitor_xx.exe</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> <p><span data-contrast="auto">AppMonitorDll_xx.dll</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> <p><span data-contrast="auto">JavaAgentDll_xx.dll</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> <td data-celllook="4369"> <p><span data-contrast="auto">%SystemRoot%\FireEye\AppUIMonitor_xx.exe</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> <p><span data-contrast="auto">%SystemRoot%\FireEye\AppMonitorDll_xx.dll</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> <p><span data-contrast="auto">%SystemRoot%\FireEye\JavaAgentDll_xx.dll</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> <p><span data-contrast="auto">(where xx is a series of incrementing numbers)</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> <td data-celllook="4369"> <p><span data-contrast="auto">All</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> </tr><tr><td colspan="3" data-celllook="69905"> <p><span data-contrast="none">All = All supported versions of Windows</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> <p><span data-contrast="none">32-bit = 32-bit versions of Windows</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> <p><span data-contrast="none">64-bit = 64-bit versions of Windows</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> <p><span data-contrast="none">NT 5.x = Windows XP SP3 and Windows Server 2003 SP2+R2</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> <p><span data-contrast="none">NT 6+ = All other supported Windows versions</span><span data-ccp-props="{"201341983":0,"335559738":100,"335559739":200,"335559740":276}"> </span></p> </td> </tr></tbody></table> </article> </main>