Best Practice: Endpoint Agents with Antivirus Protection

book

Article ID: 160045

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Data Loss Prevention Endpoint Discover

Issue/Introduction

The DLP Endpoint Agent and other program files are blocked when installed on a system where an antivirus (AV) application is installed.

Environment

This article covers exclusions for DLP Agents; for servers, see Antivirus flagging Symantec Data Loss Prevention (DLP) as a virus or security threat (broadcom.com).

Resolution

With a typical antivirus program, excluding a folder prevents the AV program from monitoring data that are written to, or read from, the folder. 

Excluding a binary or executable file prevents the AV engine monitoring executable during read and write operations.

It is recommended to whitelist all of the processes, files, and folders that are listed below.

Windows

Endpoint Agent Installation Location C:\Program Files\Manufacturer\Endpoint Agent
Endpoint Agent Temp Folder Location C:\Program Files\Manufacturer\Endpoint Agent\temp
Processes

edpa.exe
wdp.exe
cui.exe
cuil.exe
kvoop.exe
brkrprcs.exe
brkrprcs64.exe
prcs32.exe
Drivers vfsmfd.sys
vrtam.sys
vnwcd.sys
Files C:\Program Files\Manufacturer\Endpoint Agent\*.ead

MacOS

Endpoint Agent Installation Location /Library/Manufacturer/Endpoint Agent
Endpoint Agent Temp Folder Location /Library/Manufacturer/Endpoint Agent/Temp
Processes edpa
wdp
cui
kvoop
Drivers N/A
Files /Library/Manufacturer/Endpoint Agent/*.ead
Powered by Wolken Software