Anti-Virus and Firewall Exclusions and Trusted Apps

The following list of exclusions and trusted apps ar needed to ensure any Anti-Virus coexisting with the Kaseya Agent allow it to function appropriately:

Exclusions

  • <agent working directory>
  • C:\Program Files\Kaseya\
  • C:\Program Files (x86)\Kaseya\
  • C:\Program Files\Kaseya Remote Control\
  • C:\Program Files (x86)\Kaseya Remote Control\
  • C:\ProgramData\Kaseya\
  • C:\Program Files\Kaseya Live Connect\
  • C:\PCBP (for KDCB)

The agent working directory, by default, is c:\kworking\ but may have been changed by your VSA administrator. Please review this before setting exclusions.

Additionally, having multiple Kaseya Agents on an endpoint will cause the agent to have multiple agent working directories (ie; c:\kworking1\). Ensure that all agent working directories have exclusions set.

Trusted Apps

  • <agent install directory>\AgentMon.exe
  • <agent install directory>\KaseyaRemoteControlHost.exe
  • <agent install directory>\KaUsrTsk.exe
  • <agent install directory>\DLLRunner32.exe
  • <agent install directory>\DLLRunner64.exe
  • <agent install directory>\curl.exe
  • <agent install directory>\Kaseya.AgentEndpoint.exe
  • <agent install directory>\KDLLHost.exe
  • <agent install directory>\kGetELMg64.exe
  • <agent install directory>\KPrtPng.exe
  • <agent install directory>\Endpoint\KaseyaEndpoint.exe
  • <agent install directory>\Endpoint\KaseyaRemoteControlHost.exe
  • <agent install directory>\Endpoint\KaseyaCommandShellProxy.exe
  • <agent install directory>\Endpoint\KaseyaTaskRunnerx64.exe
  • <agent install directory>\Endpoint\KaseyaTaskRunnerx86.exe
  • <agent install directory>\System\NetUserStateAudit.exe

Trusted Apps for Software Management (KSM)

  • C:\ProgramData\Kaseya\Data\task\lumension\7za.exe
  • C:\ProgramData\Kaseya\Data\task\lumension\analyze.exe
  • C:\ProgramData\Kaseya\Data\task\lumension\cabarc.exe
  • C:\ProgramData\Kaseya\Data\task\lumension\EnvPrep.exe
  • C:\ProgramData\Kaseya\Data\task\lumension\LM.Detection_x64.exe
  • C:\ProgramData\Kaseya\Data\task\lumension\OSPXHelper.exe
  • C:\ProgramData\Kaseya\Data\task\lumension\qchain.exe
  • C:\ProgramData\Kaseya\Data\task\lumension\remediate.exe

Trusted Apps for Kaseya Cloud Backup (KDCB)

  • C:\PCBP\WBPS.exe
  • C:\PCBP\WBPR.exe
  • C:\PCBP\bpnetd.exe

The agent install directory is where the Kaseya agent installs. Typically it is installed on C:\Program Files\Kaseya\<SERVER_GUID> where <SERVER_GUID> is a unique identifier to your VSA. If 64-bit, the install directory will be C:\Program Files (x86)\Kaseya\<SERVER_GUID>.

Trusted Apps for FireEye (if uses with an A/V)

Files 

Default File Paths 

Windows Version 

audits.dll, mindexer.sys, and 

xagt.exe 

%ProgramFiles%\FireEye\xagt\*.* 

32-bit 

%ProgramFiles(x86)%\FireEye\xagt\*.* 

64-bit 

NamespaceToEvents32.dll 

%SystemRoot%\FireEye\*.* 

64-bit 

NamespaceToEvents.dll 

%SystemRoot%\FireEye\*.* 

All 

FeKern.sys 

%SystemRoot%\System32\drivers\FeKern.sys 

All 

Everything in the 

ProgramData\FireEye\xagt 

Directory 

%ALLUSERSPROFILE%\Application 

Data\FireEye\xagt\*.* 

NT 5.x 

%ProgramData%\FireEye\xagt\*.* 

NT 6+ 

xagtnotif.exe 

%SystemRoot%\FireEye\xagtnotif.exe 

All 

Any extensions in %ALLUSERSPROFILE%\Application 

Data\FireEye\xagt\exts directories or subdirectories should be 

whitelisted in your antivirus software. 

All 

AppMonitorDll32_xx.dll 

JavaAgentDll32_xx.dll 

%SystemRoot%\FireEye\AppMonitorDll32_xx.dll 

%SystemRoot%\FireEye\JavaAgentDll32_xx.dll 

(where xx is a series of incrementing numbers) 

64-bit 

AppUIMonitor_xx.exe 

AppMonitorDll_xx.dll 

JavaAgentDll_xx.dll 

%SystemRoot%\FireEye\AppUIMonitor_xx.exe 

%SystemRoot%\FireEye\AppMonitorDll_xx.dll 

%SystemRoot%\FireEye\JavaAgentDll_xx.dll 

(where xx is a series of incrementing numbers) 

All 

All = All supported versions of Windows 

32-bit = 32-bit versions of Windows 

64-bit = 64-bit versions of Windows 

NT 5.x = Windows XP SP3 and Windows Server 2003 SP2+R2 

NT 6+ = All other supported Windows versions 

Was this article helpful?
16 out of 20 found this helpful
Have more questions? Contact us