Sometimes when an application path is added to [Paths to Excluded Applications], the application is still unusable when FortiClient is in a Network Lockdown state. This is because there are sub-applications or processes that have to be excluded as well, in order for the application to operate normally.

The below example shows the steps to create a proper Application Exception for TeamViewer application for Network Lockdown.

1. Identify the application file location of TeamViewer:

• In a sample endpoint, open the TeamViewer application.
• Open Task Manager, 'right-click' TeamViewer -> Open file location.

• A file explorer window will open, and the folder directory will be shown on the top:

• This C:\Program Files (x86)\TeamViewer\TeamViewer.exe will be one of the entries to be added in [Paths to Excluded Applications].

2. Identify all other sub-applications/processes that are used by TeamViewer.

• In Task Manager -> Details tab, select on Description tab to filter by Description, look for TeamViewer.

• These processes will have to be added in [Paths to Excluded Applications] in the Endpoint Profile.

3. Add the entries to [Paths to Excluded Applications] in the Endpoint Profile.

• EMS -> Endpoint Profiles -> Remote Access -> edit -> Advanced -> Paths to Excluded Applications
• Input all the related application paths:

C:\Program Files\TeamViewer\tv_w32.exe
C:\Program Files\TeamViewer\TeamViewer_Service.exe
C:\Program Files\TeamViewer\TeamViewer.exe
C:\Program Files\TeamViewer\tv_x64.exe

• To cater to some users who installed 32-bit TeamViewer, add the x86 path also:

‪C:\Program Files (x86)\TeamViewer\tv_w32.exe
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Program Files (x86)\TeamViewer\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\tv_x64.exe

• Save the profile

In this way, TeamViewer will be fully functional when the endpoint is in Network Lockdown state, as all the sub-processes are added in Exclusion as well.