The following list of exclusions and trusted apps are needed to ensure any Anti-Virus coexisting with the Kaseya Agent allow it to function appropriately:
Exclusions
- <agent working directory>
- C:\Program Files\Kaseya\
- C:\Program Files (x86)\Kaseya\
- C:\Program Files\Kaseya Remote Control\
- C:\Program Files (x86)\Kaseya Remote Control\
- C:\ProgramData\Kaseya\
- C:\Program Files\Kaseya Live Connect\
-
C:\PCBP (for KDCB)
The agent working directory, by default, is c:\kworking\ but may have been changed by your VSA administrator. Please review this before setting exclusions.
Additionally, having multiple Kaseya Agents on an endpoint will cause the agent to have multiple agent working directories (ie; c:\kworking1\). Ensure that all agent working directories have exclusions set.
Trusted Apps
- <agent install directory>\AgentMon.exe
- <agent install directory>\KaseyaRemoteControlHost.exe
- <agent install directory>\KaUsrTsk.exe
- <agent install directory>\DLLRunner32.exe
- <agent install directory>\DLLRunner64.exe
- <agent install directory>\curl.exe
- <agent install directory>\Kaseya.AgentEndpoint.exe
- <agent install directory>\KDLLHost.exe
- <agent install directory>\kGetELMg64.exe
- <agent install directory>\KPrtPng.exe
- <agent install directory>\Endpoint\KaseyaEndpoint.exe
- <agent install directory>\Endpoint\KaseyaRemoteControlHost.exe
- <agent install directory>\Endpoint\KaseyaCommandShellProxy.exe
- <agent install directory>\Endpoint\KaseyaTaskRunnerx64.exe
- <agent install directory>\Endpoint\KaseyaTaskRunnerx86.exe
- <agent install directory>\System\NetUserStateAudit.exe
Trusted Apps for Software Management (KSM)
- C:\ProgramData\Kaseya\Data\task\lumension\7za.exe
- C:\ProgramData\Kaseya\Data\task\lumension\analyze.exe
- C:\ProgramData\Kaseya\Data\task\lumension\cabarc.exe
- C:\ProgramData\Kaseya\Data\task\lumension\EnvPrep.exe
- C:\ProgramData\Kaseya\Data\task\lumension\LM.Detection_x64.exe
- C:\ProgramData\Kaseya\Data\task\lumension\OSPXHelper.exe
- C:\ProgramData\Kaseya\Data\task\lumension\qchain.exe
- C:\ProgramData\Kaseya\Data\task\lumension\remediate.exe
- C:\ProgramData\Kaseya\Data\task\smpm\7za.exe
- C:\ProgramData\Kaseya\Data\task\smpm\GetFile.exe
- C:\ProgramData\Kaseya\Data\task\smpm\SmClient.exe
- C:\ProgramData\Kaseya\Data\task\smpm_pmclient\PmClient.exe
Trusted Apps for Kaseya Cloud Backup (KDCB)
-
C:\PCBP\WBPS.exe
-
C:\PCBP\WBPR.exe
-
C:\PCBP\bpnetd.exe
The agent install directory is where the Kaseya agent installs. Typically it is installed on C:\Program Files\Kaseya\<SERVER_GUID> where <SERVER_GUID> is a unique identifier to your VSA. If 64-bit, the install directory will be C:\Program Files (x86)\Kaseya\<SERVER_GUID>.
Trusted Apps for FireEye (if uses with an A/V)
Files |
Default File Paths |
Windows Version |
audits.dll, mindexer.sys, and xagt.exe |
%ProgramFiles%\FireEye\xagt\*.* |
32-bit |
%ProgramFiles(x86)%\FireEye\xagt\*.* |
64-bit |
|
NamespaceToEvents32.dll |
%SystemRoot%\FireEye\*.* |
64-bit |
NamespaceToEvents.dll |
%SystemRoot%\FireEye\*.* |
All |
FeKern.sys |
%SystemRoot%\System32\drivers\FeKern.sys |
All |
Everything in the ProgramData\FireEye\xagt Directory |
%ALLUSERSPROFILE%\Application Data\FireEye\xagt\*.* |
NT 5.x |
%ProgramData%\FireEye\xagt\*.* |
NT 6+ |
|
xagtnotif.exe |
%SystemRoot%\FireEye\xagtnotif.exe |
All |
Any extensions in %ALLUSERSPROFILE%\Application Data\FireEye\xagt\exts directories or subdirectories should be whitelisted in your antivirus software. |
All |
|
AppMonitorDll32_xx.dll JavaAgentDll32_xx.dll |
%SystemRoot%\FireEye\AppMonitorDll32_xx.dll %SystemRoot%\FireEye\JavaAgentDll32_xx.dll (where xx is a series of incrementing numbers) |
64-bit |
AppUIMonitor_xx.exe AppMonitorDll_xx.dll JavaAgentDll_xx.dll |
%SystemRoot%\FireEye\AppUIMonitor_xx.exe %SystemRoot%\FireEye\AppMonitorDll_xx.dll %SystemRoot%\FireEye\JavaAgentDll_xx.dll (where xx is a series of incrementing numbers) |
All |
All = All supported versions of Windows 32-bit = 32-bit versions of Windows 64-bit = 64-bit versions of Windows NT 5.x = Windows XP SP3 and Windows Server 2003 SP2+R2 NT 6+ = All other supported Windows versions |