Help
FortiDLP
FortiDLP is a cloud-native endpoint DLP and Insider Risk Solution which is aimed at monitoring and Preventing Data Theft on the endpoint, across Windows, macOS and Linux.
khicks4
Staff
Staff

Created on ‎03-11-2025 01:40 PM Edited on ‎10-27-2025 03:44 AM By Staff

Article Id 381631

Technical Tip: Common Security and IT Tool Exclusions

Description This article describes common security tool exclusions for the FortiDLP agent. Select any 'View exclusions' link to expand a list of exclusions inside the article (this will not open a new page).
Scope FortiDLP.
Solution

FortiDLP can be used alongside other security tools and agents also installed on the endpoint. However, it is recommended that exclusions for those other security tools are added to FortiDLP, and that the corresponding exclusions for the FortiDLP binaries are added into those other security tools.

 

This article contains a list of tools that may conflict with the FortiDLP agent. Note that this is being constantly maintained and updated. If trying to work with a security tool is not on this list, or if issues are encountered with the existing list, contact support. 

 

Exclusions to Add in Third-Party Tools:

For details on the FortiDLP directories and binaries that should be excluded from other security tools, see Directories, Files and Processes to Exclude from Virus Scanning.

 

Exclusions to Add in FortiDLP:

 

When using any of the following tools, add the corresponding process names and paths to the appropriate agent configuration group.

 

ac_group.jpeg

 

Actifile Agent.

View exclusions
Process name exclusion Process path exclusion
Windows
  • a**bleep**entservicemanager.exe
  • afupdaterservice.exe
  • a**bleep**entservice.exe
  • C:\Program Files (x86)\Actifile Agent\a**bleep**entservicemanager.exe
  • C:\Program Files (x86)\Actifile Agent\afupdaterservice.exe
  • C:\Program Files (x86)\Actifile Agent\a**bleep**entservice.exe
macOS
   
Linux
   

 

Arctic Wolf.

 

Managed detection and response.

Arctic Wolf documentation.

 

View exclusions
Process name exclusion Process path exclusion
Windows
 
  • C:\Program Files (x86)\Arctic Wolf Networks\Agent\base-agent.exe
  • C:\Program Files (x86)\Arctic Wolf Networks\Agent\ossec-agent.exe
  • C:\Program Files (x86)\Arctic Wolf Networks\Agent\plugins\osquery\osquery.exe
  • C:\Program Files (x86)\Arctic Wolf Networks\Agent\plugins\osquery\osqueryi.exe
  • C:\Program Files (x86)\Arctic Wolf Networks\Agent\plugins\systeminfo\systeminfo.exe
  • C:\Program Files (x86)\Arctic Wolf Networks\Agent\plugins\usb\usb.exe
  • C:\Program Files (x86)\Arctic Wolf Networks\Agent\plugins\wlan\wlan.exe
  • C:\Program Files (x86)\Arctic Wolf Networks\Agent\scans\jre\jre\bin\java.exe
  • C:\Program Files (x86)\Arctic Wolf Networks\Agent\scans\scan-utility\Scan-Utilities.jar
  • C:\Program Files (x86)\Arctic Wolf Networks\Agent\scout-client.exe
  • C:\Program Files (x86)\Arctic Wolf Networks\Agent\scout-desktop.exe
  • C:\Program Files (x86)\Arctic Wolf Networks\Agent\uninstall_modules.exe
macOS
 
  • /Library/ArcticWolfNetworks/Agent/bin/scout-client
  • /Library/ArcticWolfNetworks/Agent/bin/uninstall_modules
  • /Library/ArcticWolfNetworks/Agent/plugins/audit_module/audit_module
  • /Library/ArcticWolfNetworks/Agent/scans/jre/jre/bin/java
  • /usr/local/libexec/scout-desktop
Linux
 
  • /var/arcticwolfnetworks/agent/bin/scout-client
  • /usr/bin/scout-desktop
  • /var/arcticwolfnetworks/agent/bin/ossec-execd
  • /var/arcticwolfnetworks/agent/bin/ossec-agentd
  • /var/arcticwolfnetworks/agent/bin/ossec-syscheckd
  • /var/arcticwolfnetworks/agent/bin/ossec-logcollector
  • /var/arcticwolfnetworks/agent/bin/ossec-control
  • /var/arcticwolfnetworks/agent/bin/uninstall_modules
  • /var/arcticwolfnetworks/agent/bin/wazuh-modulesd
  • /var/arcticwolfnetworks/agent/scans/jre/jre/bin/java

 

Aternity (Riverbed).

 

Employee experience monitoring:

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • A180AG.exe
  • A180CM.exe
  • A180RS.exe
  • A180WD.exe
  • A180AA.exe
  • C:\Program Files (x86)\Aternity Information Systems\Agent\A180AG.exe
  • C:\Program Files (x86)\Aternity Information Systems\Agent\A180CM.exe
  • C:\Program Files (x86)\Aternity Information Systems\Agent\A180WD.exe
  • C:\Program Files (x86)\Aternity Information Systems\Agent\A180RS.exe
  • C:\Program Files (x86)\Aternity Information Systems\a180powershellcollector.exe
  • C:\Program Files (x86)\Aternity Information Systems\A180Remediation.exe
  • C:\Program Files\Aternity Information Systems\
  • C:\Program Files (x86)\Aternity Information Systems\
  • %allusersprofile%\Application Data\Aternity\
  • %allusersprofile%\Aternity\
macOS
 
  • /Library/Aternity/Agent/bin/**
Linux
   

 

Avast Antivirus.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • avastui.exe
  • avbugreport.exe
  • avemupdate.exe
  • avlaunch.exe
  • avastsvc.exe
  • aswtoolssvc.exe
  • aswidsagent.exe
  • aswengsrv.exe
  • C:\Program Files\avast software\**
  • C:\Program Files\common files\avast software\**
macOS
   
Linux
   

 

AWS Patch Manager.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • amazon-ssm-agent.exe
  • C:\Program Files\Amazon\SSM\**
macOS
   
Linux
   

 

BeyondTrust (formerly Avecto).

 

Security Tool (Privilege Management):

Deploy client - BeyondTrust docs.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • DefendpointService.exe
  • EndpointUtility.exe
  • PGActiveXInstall.exe
  • PGCaptureConfig.exe
  • PGEmail.exe
  • PGMessageHostExt.exe
  • PGNetworkAdapterUtil.exe
  • PGPrinterUtil.exe
  • PGProgramsUtil.exe
  • PGShellExecProxy.exe
  • PGStub.exe
  • PGSystemTray.exe
  • PGUserMode.exe
  • TraceConfig.exe
  • TraceFormat.exe
  • WinHelloAuthenticator.exe
  • C:\Program Files\Avecto\Privilege Guard Client\**
  • C:\Program Files\Avecto\Avecto IC3 Adapter\**
macOS
 
  • /Library/PrivilegedHelperTools/com.beyondtrust.interrogator
  • /usr/local/libexec/Avecto/Defendpoint/1.0/defendpointd.app/Contents/MacOS/defendpointd
  • /usr/local/libexec/Avecto/iC3Adapter/1.0/PMCAdapter.app/Contents/MacOS/PMCAdapter
Linux
   

 

Bitdefender.

 

View exclusions
Process name exclusion Process path exclusion
Windows
  • EPSecurityService.exe
  • EPIntegrationService.exe
  
macOS
  • bdupddaemon
  • bdcoreissues
  • bdredline
  • bdsecd
  
Linux
   

 

Check Point Harmony EDR.

Advanced endpoint protection - Check Point

 

View exclusions.
Process name exclusion Process path exclusion
Windows
 
  • C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe
  • C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe
  • C:\Program Files (x86)\CheckPoint\Endpoint Security\Watchdog\EPWD.exe
  • C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\bin\cpda.exe
  • C:\Program Files (x86)\CheckPoint\Endpoint Security\Endpoint Common\bin\cp_InstPrep.exe
  • C:\Program Files (x86)\CheckPoint\Endpoint Security\Anti-Malware\epam_svc.exe
  • C:\Program Files (x86)\CheckPoint\Endpoint Security Agent\Endpoint Common\bin\cpda.exe
macOS
 
  • /Library/Application Support/Checkpoint/Threat Emulation/cpted
  • /Library/Application Support/Checkpoint/Forensics/cpefrd
  • /Library/Application Support/Checkpoint/Forensics/threat hunting agent.app/contents/macos/threat hunting agent
  • /Library/Application Support/Checkpoint/Anti Ransomware/cpard
  • /Library/Application Support/Checkpoint/Endpoint Security/cpcmpld
  • /Library/Application Support/Checkpoint/Threat Emulation/harmony browse helper.app/contents/macos/harmony browse helper
  • /Library/Application Support/Checkpoint/Endpoint Security/efr-mon-epsec.app/contents/macos/efr-mon-epsec
  • /Library/Application Support/Checkpoint/Endpoint Security/amfinderextensions.app/contents/plugins/scan with check point anti-malware.appex/contents/macos/scan with check point anti-malware
  • /Applications/Check Point/agents/cpdaapp.app/contents/macos/cpdaapp
  • /Applications/Check Point/agents/cpamdapp.app/contents/macos/cpamdapp
Linux
   

 

Cisco Secure Endpoint.

Secure Endpoint Deployment Strategy

 

View exclusions.
Process name exclusion Process path exclusion
Windows
 
  • C:\Program Files\Cisco\AMP\**
macOS
 
  • /Library/Application Support/Cisco/AMP for Endpoints Connector/**
  • /opt/cisco/amp/**
Linux
 
  • /opt/cisco/amp/bin/ampdaemon /opt/cisco/amp/bin/ampupdater /opt/cisco/amp/bin/ampscansvc (version 1.9.0 and later) /opt/cisco/amp/bin/ampcli
  • /opt/cisco/amp/bin/ampmon
  • /opt/cisco/amp/bin/ampsupport /opt/cisco/amp/bin/ampsigncheck

 

Cisco Umbrella.

Cisco Umbrella - Netskope docs

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • dnscrypt-proxy.exe
  • dnscryptproxy.exe
  • ercservice.exe
  • acumbrellaagent.exe
  • C:\Program Files (x86)\Cisco\Cisco HostScan\bin\cscan.exe
  • C:\Program Files (x86)\Cisco\Cisco HostScan\bin\ciscod.exe
  • C:\Program Files (x86)\Cisco\Cisco HostScan\bin\cstub.exe
  • C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
  • C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpndownloader.exe
  • C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpndownloader.exe
  • C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpncli.exe
  • C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
  • C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\VACon64.exe
  • C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\aciseuac.exe
  • C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\aciseposture.exe
  • C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\aciseagent.exe
  • C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\acise.exe
  • C:\Program Files (x86)\Cisco\Cisco HostScan\lib\wa_3rd_party_host_32.exe
  • C:\Program Files (x86)\Cisco\Cisco HostScan\lib\wa_3rd_party_host_64.exe
  • C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\opswat\wa_3rd_party_host_32.exe
  • C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\opswat\wa_3rd_party_host_64.exe
macOS
  • dnscrypt-proxy
  • dnscryptproxy
  • ercservice
  • acumbrellaagent
  
Linux
   

 

Citrix Telemetry Service.

How to disable telemetry and analytics services in Windows and Citrix.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • aotlistener.exe
  • C:\Program Files\Citrix\Telemetry Service\aotlistener.exe
macOS
   
Linux
   

 

ClearSkies.

 

EDR:

ClearSkies NG Endpoint Detection & Response (EDR).

 

View exclusions.
Process name exclusion Process path exclusion
Windows
 
  • C:\Program Files (x86)\Odyssey\ClearSkies NG Endpoint\**
  • C:\ProgramData\Odyssey Consultants\**
macOS
   
Linux
   

 

Code42.

 

Security tool (Insider risk).

Code42 Documentation

 

View exclusions.
Process name exclusion Process path exclusion
Windows
 
  • C:\Program Files\Code42-AAT\Code42-AAT.exe
  • C:\ProgramData\Code42-AAT\updates\native\Code42-AAT_*.exe
  • C:\ProgramData\Code42-AAT\bin\common\c42_user_session.exe
  • C:\ProgramData\package cache\*\Code42-AAT_*.exe
macOS
 
  • /opt/Code42-AAT/bin/Code42-AAT
  • /applications/Code42-AAT.app/contents/macos/Code42-AAT
  • /library/systemextensions/*/com.code42.agent.extension.systemextension/contents/macos/com.code42.agent.extension
  • /applications/Code42-AAT.app/contents/library/systemextensions/com.code42.agent.extension.systemextension/contents/macos/com.code42.agent.extension
Linux
   

 

COMODO Endpoint Manager.

 

Endpoint protection and manager.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • ITSMAgent.exe
  • cis.exe
  • cmdprots.exe
  • cavwp.exe
  • cmdagent.exe
  • ITSMService.exe
  • edrsvc.exe
  • C:\Program Files (x86)\COMODO\Endpoint Manager\ITSMAgent.exe
  • C:\Program Files (x86)\COMODO\Endpoint Manager\ITSMService.exe
  • C:\Program Files\COMODO\COMODO Internet Security\cis.exe
  • C:\Program Files\COMODO\COMODO Internet Security\cmdprots.exe
  • C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
  • C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
  • C:\Program Files\COMODO\EdrAgentV2\edrsvc.exe
  • C:\Program Files\COMODO\**
macOS
   
Linux
   

 

CoSoSys (Endpoint Protector).

 

DLP competitor:

Endpoint Protector Documentation.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
   
macOS
   
Linux
  • epp-client-daemon
  • /opt/cososys/sbin/epp-client-daemon

 

CrowdStrike Falcon.

 

Security Tool (EDR):

Crowdstrike Documentation.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • CSFalconService.exe
  • csfalconcontainer.exe
  • C:\Program Files (x86)\Crowdstrike\**
  • C:\Windows\System32\Drivers\Crowdstrike\**
  • C:\Program Files\CrowdStrike\CSFalconService.exe
  • C:\Program Files\CrowdStrike\CSFalconContainer.exe
macOS
  • FXService
  • Falcon Notifications
  • Falcon
  • PredictService
  • /opt/crowdstrike/falcon-predict
  • /opt/crowdstrike/falcon-fx
  • /opt/crowdstrike/falcon-sensor*
  • /opt/crowdstrike/falcond*
  • /library/systemextensions/*/com.crowdstrike.falcon.agent.systemextension/contents/macos/com.crowdstrike.falcon.agent
  • /Applications/Falcon.app/Contents/PlugIns/StaticAnalysis.bundle/Contents/XPCServices/FXService.xpc/Contents/MacOS/FXService
  • /Applications/Falcon.app/Contents/Library/LaunchServices/Falcon Notifications.app/Contents/MacOS/Falcon Notifications
  • /Applications/Falcon.app/Contents/MacOS/Falcon
  • /Applications/Falcon.app/Contents/PlugIns/StaticAnalysis.bundle/Contents/XPCServices/PredictService.xpc/Contents/MacOS/PredictService
Linux
   

 

CyberArk Endpoint Privilege Manager.

CyberArk Documentation.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
 
  • C:\Program Files\CyberArk\Endpoint Privilege Manager\Agent\**
  • C:\Program Files (x86)\CyberArk\Endpoint Privilege Manager\**
  • C:\Windows\System32\drivers\vfdrv.sys
  • C:\Windows\System32\drivers\vfnet.sys
  • C:\Windows\System32\drivers\vfpd.sys
  • C:\Windows\System32\drivers\CybKernelTracker.sys
macOS
 
  • /Library/Application/Support/CyberArk
  • /Library/Application/Support/CyberArk/**
Linux
   

 

CyberReason.

CyberReason Documentation.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
 
  • C:\Program Files\Cybereason ActiveProbe\AmSvc.exe
  • C:\Program Files\Cybereason ActiveProbe\minionhost.exe
  • C:\Program Files\Cybereason ActiveProbe\Execution Prevention\ExecutionPreventionSvc.exe
  • C:\Program Files\Cybereason ActiveProbe\Nnx.exe
  • C:\Program Files\Cybereason ActiveProbe\ActiveConsole\ActiveConsole.exe
macOS
  • cybereasonsensor
  • cybereasonav
  • cybereasonactiveconsole
  • cybereasonavkext
  • /Library/PreferencePanes/activeprobe.prefpane/contents/macos/cybereasonavkext
  • /Library/PreferencePanes/activeprobe.prefpane/contents/macos/cybereasonsensor/contents/macos/cybereasonsensor
  • /Library/PreferencePanes/activeprobe.prefpane/contents/macos/cybereasonsensor.app/contents/macos/cybereasonactiveconsole
  • /Library/PreferencePanes/activeprobe.prefpane/contents/macos/cybereasonav.app/contents/macos/cybereasonav
Linux
   

 

Cynet.

Cynet Documentation.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • CynetEPS.exe
  • CynetMS.exe
  • CynetAR.exe
  • CynetGW.exe
  • CynetSD64.exe
  • CynetLauncher.exe
  • CynetDS.exe
  • CynetRunner.exe
  • CynerRunner64.exe
  
macOS
  • CynetEPS
  • /opt/Cynet/CynetEPS
Linux
  • CynetEPS
  • /opt/Cynet/CynetEPS

 

Dell SupportAssist.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • DellSupportAssistRemedationService.exe
  • OSProfileCollector.exe
  • SupportAssistAgent.exe
  • C:\Program Files\Dell\SARemediation\agent\DellSupportAssistRemedationService.exe
  • C:\Program Files\Dell\SARemediation\agent\OSProfileCollector.exe
  • C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
macOS
   
Linux
   

 

 

ESET Cloud Complete.

 

Antivirus.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • ekrn.exe
  • egui.exe
  • C:\Program Files\ESET\ESET Security\**
macOS
   
Linux
   

 

ExpressConnect.

Dell ExpressConnect Documentation.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • expressconnect.exe
  • expressconnectservice.exe
  • expressconnectnetworkservice.exe
  • expressconnectanalyticsservice.exe
  • ecdbwmservice.exe
  • ecdbwm.exe
  • C:\Program Files\ExpressConnect\expressconnect.exe
  • C:\Program Files\ExpressConnect\expressconnectservice.exe
  • C:\Program Files\ExpressConnect\expressconnectnetworkservice.exe
  • C:\Program Files\ExpressConnect\expressconnectanalyticsservice.exe
  • C:\Program Files\ExpressConnect\ecdbwmservice.exe
  • C:\Program Files\ExpressConnect\ecdbwm.exe
macOS
   
Linux
   

 

Forcepoint - DLP, Web Security, F1E, CASB Endpoints.

Forcepoint Documentation.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • wepsvc.exe
  • dserui.exe
  • EndpointClassifier.exe
  • kvoop.exe
  • f1eui.exe
  • fppsvc.exe
  • tsui.exe
  • proxyui.exe
  • rfui.exe
  • WEPDiag.exe
  • certutil.exe
  • RefreshSettings.exe
  • s**bleep**e.exe
  • sfsrv.exe
  • C:\Program Files (x86)\Websense\**
  • C:\Program Files\Websense\**
macOS
 
  • /opt/Websense/**
  • /Library/Application Support/Websense Endpoint/**
  • /Library/Mail/Bundles/DataSecurityPlugin.mailbundle
  • /Applications/Forcepoint DLP Endpoint.app
  • /Applications/Forcepoint DC Endpoint.app
  • /Applications/Forcepoint PC Endpoint.app
  • /Applications/Forcepoint Decryption Utility.app
Linux
   

 

Forcepoint - Neo.

Forcepoint Neo Documentation.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • fpneoclient.exe
  • fpneocommonsvc.exe
  • fpneonetworksvc.exe
  • fpneoprotectionsvc.exe
  • fpneotextextractor.exe
  • setwebconnectivitymode.exe
  • fpneoxengine.exe
  • fpneostophdrv.exe
  • fpneodiagnostic.exe
  • openssl.exe
  • C:\Program Files (x86)\Forcepoint\**
  • C:\Program Files\Forcepoint\**
  • C:\ProgramData\Forcepoint\**
  • C:\Windows\System32\drivers\fpepdc.sys
  • C:\Windows\System32\drivers\fpepdci.sys
  • C:\Windows\System32\drivers\fpepflt.sys
  • C:\Windows\System32\drivers\fpeph.sys
macOS
 
  • /Library/SystemExtensions/E0E940DF-B006-4501-BEB2-3374522C1A79/com.forcepoint.neo.es.systemextension/Contents/MacOS/com.forcepoint.neo.es
  • /Library/SystemExtensions/61A7B5AB-3A53-4C73-BC96-635BCB48D51E/com.forcepoint.neo.ne.systemextension/Contents/MacOS/com.forcepoint.neo.ne
  • /Library/Application Support/Forcepoint/Neo/EP/bin/fpneoprotectiond
  • /Library/Application Support/Forcepoint/Neo/NC/bin/fpneonetworkd
  • /Library/Application Support/Forcepoint/Neo/EP/bin/fpneocommond
  • /Library/PrivilegedHelperTools/com.forcepoint.neo.privilege-helper
  • /System/Volumes/Data/Library/Application Support/Forcepoint/Neo/EP/bin/fpneotextextractor
  • /System/Volumes/Data/Library/Application Support/Forcepoint/Neo/EP/bin/fpneoxengine
  • /Library/Application Support/Forcepoint/Neo/NC/bin/fpneopacres
  • /Library/Application Support/Forcepoint/Neo/EP/bin/Forcepoint Neo Agent.app/Contents/MacOS/Forcepoint Neo Agent/**
Linux
   

 

FortiClient.

Forticlient Documentation - Windows.

Forticlient Documentation Mac.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • FCVbltScan.exe
  • FortiAvatar.exe
  • ipsec.exe
  • FortiClient.exe
  • FortiClient_Diagnostic_Tool.exe
  • fcappdb.exe
  • fcaptmon.exe
  • FCDBLog.exe
  • FCHelper64.exe
  • fmon.exe
  • fortiae.exe
  • FortiESNAC.exe
  • fortifws.exe
  • FortiProxy.exe
  • FortiScand.exe
  • FortiSettings.exe
  • FortiSSLVPNdaemon.exe
  • FortiTray.exe
  • FortiUSBmon.exe
  • FortiVPN.exe
  • FortiWF.exe
  • scheduler.exe
  • fcmonitor.exe
  • FortiTcs.exe
  • ​C:\Program Files\Fortinet\FortiClient\**
macOS
  • fctservctl
  • epctrl
  • ftgdagent
  • fmon
  • scanunit
  • vulscan
  • fctappfw
  • fssoavgent_launchagent
  • fssoavgent_launchdaemon
  • fctctld
  • sslvpnd
  • racoon
  • racoonctl
  • fctupdate
  • fctupgrade
  • /Application/FortiClient.app/Contents/MacOS/FortiClient
  • /Application/FortiClient.app/Contents/Resources/runtime.helper/FortiClientAgent.app/MacOS/FortiClientAgent
  • /Application/FortiClient.app/Contents/Resources/runtime.helper/FortiClientUpdate.app/Contents/MacOS/FortiClientUpdate
  • /Library/Application Support/Fortinet/FortiClient/bin/**
Linux
 
  • /opt/forticlient/**

 

GlobalProtect.

Palo Alto Global Protect Documentation.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
 
  • C:\Program Files\Palo Alto Networks\DEM\GlobalProtectAutonomousDEM.exe
  • C:\Program Files\Palo Alto Networks\DEM\AgentProcess.exe
  • C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHip.exe
  • C:\Program Files\Palo Alto Networks\GlobalProtect\wa_3rd_party_host_64.exe
  • C:\Program Files\Palo Alto Networks\GlobalProtect\wa_3rd_party_host_32.exe
  • C:\Program Files\Palo Alto Networks\GlobalProtect\PanGPS.exe
  • C:\Program Files\Palo Alto Networks\GlobalProtect\PanGpHipMp.exe
macOS
 
  • /Applications/GlobalProtect.app/Contents/MacOS/GlobalProtect
  • /Applications/GlobalProtect.app/Contents/Resources/PanGpHip
  • /Applications/GlobalProtect.app/Contents/Resources/PanGpHipMp
  • /Applications/GlobalProtect.app/Contents/Resources/PanGPS
  • /Library/SystemExtensions/*/com.paloaltonetworks.GlobalProtect.client.extension.systemextension/Contents/MacOS/com.paloaltonetworks.GlobalProtect.client.extension
Linux
   

 

Huntress.

 

EDR Agent.

Huntress EDR Documentation.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
 
  • C:\Program Files\Huntress\HuntressUpdater.exe
  • C:\Program Files\Huntress\HuntressAgent.exe
  • C:\Program Files\Huntress\Rio\Rio.exe
  • C:\Program Files\Huntress\hUpdate.exe
  • C:\Windows\System32\Drivers\HuntMon.sys
macOS
   
Linux
   

 

Ivanti Endpoint Security.

 

EMSS Heat.

Ivanti Documentation.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
 
  • C:\Program Files\HEAT Software\EMSSAgent\00\**
  • C:\Program Files\HEAT Software\EMSSAgent\01\**
  • C:\Program Files\HEAT Software\EMSSAgent\live\LMAGENT.EXE
  • C:\Program Files\Lumension\LEMSSAgent\live\LMAGENT.EXE
  • C:\Program Files\Lumension\LEMSSAgent\live\patch\GRAVITIXSERVICE.EXE
  • C:\Program Files\HEAT Software\EMSSAgent\live\patch\GRAVITIXSERVICE.EXE
  • C:\Program Files\Lumension\LEMSSAgent\live\patch\DAGENT.EXE
  • C:\Program Files\HEAT Software\EMSSAgent\live\patch\DAGENT.EXE
  • C:\Program Files\Lumension\LEMSSAgent\live\patch\LM.DETECTION.EXE
  • C:\Program Files\HEAT Software\EMSSAgent\live\patch\LM.DETECTION.EXE
  • C:\Program Files\Lumension\LEMSSAgent\live\APPCONTROLSCAN.EXE
  • C:\Program Files\HEAT Software\EMSSAgent\live\APPCONTROLSCAN.EXE
macOS
   
Linux
   

 

Jamf Protect.

 

Fleet Management/Security Tool.

Jamf Protect Documentation.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
   
macOS
  • JamfDaemon
  • jamf
  • JamfManagementService
  • com.jamf.protect.security-extension
  • /Library/Application Support/JAMF/Jamf.app/Contents/MacOS/JamfDaemon.app/Contents/MacOS/JamfDaemon
  • /usr/local/jamf/bin/jamf
  • /Library/Application Support/JAMF/Jamf.app/Contents/MacOS/JamfManagementService.app/Contents/MacOS/JamfManagementService
  • /Library/SystemExtensions/*/com.jamf.protect.security-extension.systemextension/Contents/MacOS/com.jamf.protect.security-extension
Linux
   

 

Kaspersky.

 

Antivirus.

Kasperky Documentation.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • kavfswp.exe
  • kavtray.exe
  • kavfsmui.exe
  • kavshell.exe
  • kavfsrcn.exe
  • kavfs.exe
  • kavfsgt.exe
  • kavfswh.exe
  • kavfsscs.exe
  
macOS
   
Linux
   

 

Lakeside.

 

Employee experience monitoring.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
 
  • C:\Program Files (x86)\SysTrack\**
macOS
 
  • /Library/Application Support/Lakeside Software/**
Linux
   

 

Malwarebytes.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • ig.exe
  • mbamwsc.exe
  • mbamservice.exe
  • mbupdatrv5.exe
  • ig-0.exe
  • C:\Program Files\Malwarebytes\Anti-Malware\ig.exe
  • C:\Program Files\Malwarebytes\Anti-Malware\mbamwsc.exe
  • C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
  • C:\ProgramData\Malwarebytes\MBAMService\dbclsupdate\delta1\mbupdatrv5.exe
  • C:\Program Files\Malwarebytes\Anti-Malware\ig-0.exe
  • C:\Program Files\Malwarebytes\Anti-Malware\**
macOS
   
Linux
   

 

McAfee On-Access Scanner.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • mcshield.exe
  • C:\Program Files\McAfee\Agent\x86\mcscript_inuse.exe
  • C:\Program Files\McAfee\Agent\masvc.exe
macOS
   
Linux
   

 

McAfee WPS (Windows Protection Suite).

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • mc-fw-host.exe
  • mc-launch-sparse.exe
  • mc-web-view.exe
  • C:\Program Files\McAfee\**
macOS
   
Linux
   

 

Microsoft Monitoring Agent

Microsoft Monitoring Agent Documentation.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • MonitoringHost.exe
  • HealthService.exe
  • TraceLogSM.exe
  • MOMPerfSnapshotHelper.exe
  • C:\Program Files\Microsoft Monitoring Agent\Agent\MonitoringHost.exe
  • C:\Program Files\Microsoft Monitoring Agent\Agent\HealthService.exe
  • C:\Program Files\Microsoft Monitoring Agent\Agent\Tools\TraceLogSM.exe
  • C:\Program Files\Microsoft Monitoring Agent\Agent\MOMPerfSnapshotHelper.exe
macOS
   
Linux
   

 

N-able Technologies.

N-able Technologies Documentation.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • EPSecurityService.exe
  • C:\Program Files\N-able Technologies\AVDefender\**
  • C:\Program Files (x86)\N-able Technologies\Reactive\bin\**
  • C:\Program Files (x86)\N-able Technologies\Windows Software Probe\bin\**
  • C:\Program Files (x86)\N-able Technologies\Windows Agent\**
  • C:\Program Files (x86)\N-able Technologies\AutomationManagerAgent\**
  • C:\Program Files (x86)\BeAnywhere Support Express\GetSupportService_N-Central\**
  • C:\Program Files (x86)\MspPlatform\**
  • C:\Program Files (x86)\msp-agent\**
  • C:\ProgramData\mspagent\**
macOS
   
Linux
   

 

Nexthink.

 

Employee experience monitoring.

Nexthink Documentation.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • Nexthink_Collector_Silent*.exe
  • C:\Program Files\Nexthink\**
macOS
  • nxt*
  • /Library/Application Support/NexthinkVersions/**
Linux
   

 

NinjaOne.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • NinjaRMMAgent.exe
  • NinjaRMMAgentPatcher.exe
  • ncstreamer.exe
  • NinjaWPM.exe
  
macOS
   
Linux
   

 

Palo Alto Cortex XDR.

Palo Alto Cortex XDR - Windows.

Palo Alto Cortex XDR - Mac.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
 
  • C:\Program Files\Palo Alto Networks\Traps\cyserver.exe
  • C:\Program Files\Palo Alto Networks\Cortex XDR Health Helper\xdrhealth.exe
  • C:\Program Files\Palo Alto Networks\Traps\cyverak.sys
  • C:\Program Files\Palo Alto Networks\Traps\cyvrmtgn.sys
  • C:\Program Files\Palo Alto Networks\Traps\cyvrfsfd.sys
  • C:\Program Files\Palo Alto Networks\Traps\tedrdrv.sys
  • C:\Program Files\Palo Alto Networks\Traps\tdevflt.sys
  • C:\Windows\System32\drivers\telam.sys
  • C:\Program Files\Palo Alto Networks\Traps\CyveraConsole.exe
  • C:\Program Files\Palo Alto Networks\Traps\tlaworker.exe
  • C:\Program Files\Palo Alto Networks\Traps\cytray.exe
  • C:\Program Files\Palo Alto Networks\Traps\cytool.exe
  • C:\Program Files\Palo Alto Networks\Traps\cydump.exe
  • C:\Program Files\Palo Alto Networks\Traps\cyreport.exe
  • C:\Program Files\Palo Alto Networks\Traps\cyrprtui.exe
  • C:\Program Files (x86)\Palo Alto Networks\Traps\cyreport.exe
  • C:\Program Files (x86)\Palo Alto Networks\Traps\cyrprtui.exe
macOS
 
  • /Applications/Cortex XDR.app/Contents/MacOS/Cortex XDR
  • /Library/Application Support/PaloAltoNetworks/Traps/bin/pmd
  • /Library/Application Support/PaloAltoNetworks/Traps/bin/authorized
  • /Library/Application Support/PaloAltoNetworks/Traps/bin/Cortex XDR Agent.app/Contents/MacOS/Cortex XDR Agent
Linux
   

 

Panda Security.

 

EndPoint Protection.

Panda Security Documentation.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • bspatch.exe
  • PAV2WSC.exe
  • PSANCU.exe
  • PSINanoRun.exe
  • PSNCSysAction.exe
  • PSUAMain.exe
  • PSUAService.exe
  • PSUNMain.exe
  • Setup.exe
  • WAScanner.exe
  • C:\Program Files (x86)\Panda Security\**

 

Proofpoint (ObserveIT).

 

Proofpoint Documentation.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • it-agent.exe
  • it-agent-delegator.exe
  • it-servicecontroller.exe
  • C:\Program Files\IT Client Utility\Client Utility\it-agent.exe
  • C:\Program Files\IT Client Utility\Client Utility\it-agent-delegator.exe
  • C:\Program Files\IT Client Utility\Client Utility\it-servicecontroller.exe
macOS
   
Linux
   

 

Qualys Cloud Agent.

 

Endpoint detection and response.

 

Qualys Agent Documentation.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • QualysAgent.exe
  • C:\ProgramData\Qualys\QualysAgent\**
  • C:\Program Files(x86)\Qualys\QualysAgent\**
macOS
   
Linux
   

 

Rapid7 Agent.

 

Rapid7 Agent Documentation.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • ir_agent.exe
  • rapid7_endpoint_broker.exe
  • rapid7_events_monitor.exe
  • rapid7_sysmon_installer.exe
  • osqueryi.exe
  
macOS
  • ir_agent
  • /opt/rapid7/**
Linux
   

 

ReasonLabs.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • rsAppUI.exe
  • EPP.exe
  • rsEngineSvc.exe
  • rsWSC.exe
  • rsHelper.exe
  • rsAssistant.exe
  • C:\Program Files\ReasonLabs\**
macOS
   
Linux
   

 

SentinelOne.

 

SentinelOne Documentation.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • SentinelAgent.exe
  • C:\Program Files\SentinelOne\**
  • C:\ProgramData\Sentinel\**
  • C:\Documents and Settings\All Users\Application Data\Sentinel\**
  • C:\Windows\System32\Drivers\SentinelOne\**

  • C:\Windows\Temp\SentinelInstaller.exe
macOS
  • SentinelAgent
  • Sentineld
  • Sentineld_helper
  • Sentineld_shell
  • /Library/Sentinel/sentinel-agent.bundle/Contents/MacOS/**
Linux
   

 

Snow Agent.

 

Snow Agent Documentation.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
 
  • C:\Program Files\Snow Software\Inventory\Agent\snowagent.exe
macOS
   
Linux
   

 

Sophos Agent.

 

Sophos Agent Documentation.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • ALSvc.exe
  • SophosClean.exe
  • SEDService.exe
  • SophosFS.exe
  • SophosLiveQueryService.exe
  • SophosHealth.exe
  • mcsagent.exe
  • mcsclient.exe
  • SntpService.exe
  • SophosSafestore64.exe
  • SSPService.exe
  • hmpalert.exe
  • SophosMTR.exe
  • UpdateCacheService.exe
  • Sophos.Encryption.BitLockerService.exe
  • SophosFileScanner.exe
  
macOS
   
Linux
   

 

Symantec Endpoint Protection.

 

Anti-virus & endpoint protection.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • ccSvcHst.exe
  • symerr.exe
  • dwhwizrd.exe
  • smcgui.exe
  • symcorpui.exe
  • savui.exe
  • toastui.exe
  • smc.exe
  • C:\Program Files\Symantec\Symantec Endpoint Protection\*\Bin64\**
  • C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\**
  • C:\Program Files\Symantec\Symantec Endpoint Protection\**
macOS
   
Linux
   

 

Tanium Client.

 

Tanium Client Documentation.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
 
  • C:\Program Files\Tanium\Tanium Client\Downloads\**
  • C:\Program Files\Tanium\Tanium Client\TaniumClient.exe
  • C:\Program Files\Tanium\Tanium Client\TaniumCX.exe
  • C:\Program Files\Tanium\Tanium Client\Tools\StdUtils\7za.exe
  • C:\Program Files\Tanium\Tanium Client\Tools\StdUtils\runasuser.exe
  • C:\Program Files\Tanium\Tanium Client\Tools\StdUtils\runasuser64.exe
  • C:\Program Files\Tanium\Tanium Client\Tools\StdUtils\TaniumExecWrapper.exe
  • C:\Program Files\Tanium\Tanium Client\Tools\StdUtils\TaniumFileInfo.exe
  • C:\Program Files\Tanium\Tanium Client\Tools\StdUtils\TPowerShell.exe
  • C:\Program Files (x86)\Tanium\Tanium Client\Downloads\**
  • C:\Program Files (x86)\Tanium\Tanium Client\TaniumClient.exe
  • C:\Program Files (x86)\Tanium\Tanium Client\TaniumCX.exe
  • C:\Program Files (x86)\Tanium\Tanium Client\Tools\StdUtils\7za.exe
  • C:\Program Files (x86)\Tanium\Tanium Client\Tools\StdUtils\runasuser.exe
  • C:\Program Files (x86)\Tanium\Tanium Client\Tools\StdUtils\runasuser64.exe
  • C:\Program Files (x86)\Tanium\Tanium Client\Tools\StdUtils\TaniumExecWrapper.exe
  • C:\Program Files (x86)\Tanium\Tanium Client\Tools\StdUtils\TaniumFileInfo.exe
  • C:\Program Files (x86)\Tanium\Tanium Client\Tools\StdUtils\TPowerShell.exe
macOS
 
  • /Library/Tanium/TaniumClient/Downloads/**
  • /Library/Tanium/TaniumClient/TaniumClient
  • /Library/Tanium/TaniumClient/taniumclient
  • /Library/Tanium/TaniumClient/TaniumCX
  • /Library/Tanium/TaniumClient/TaniumCX.app/Contents/MacOS/TaniumCX
  • /Library/Tanium/TaniumClient/Tools/StdUtils/TaniumExecWrapper
  • /Library/Tanium/TaniumClient/Tools/StdUtils/distribute-tools.sh
Linux
 
  • /opt/Tanium/TaniumClient/Downloads/**
  • /opt/Tanium/TaniumClient/TaniumClient
  • /opt/Tanium/TaniumClient/taniumclient
  • /opt/Tanium/TaniumClient/TaniumCX
  • /opt/Tanium/TaniumClient/TaniumCX.app/Contents/MacOS/TaniumCX
  • /opt/Tanium/TaniumClient/Tools/StdUtils/TaniumExecWrapper
  • /opt/Tanium/TaniumClient/Tools/StdUtils/distribute-tools.sh

 

Tenable.

 

Tenable Nessus Documentation.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
 
  • C:\Windows\tenable_ovaldi_2ef350e0435440418f7d33232f74f260.exe
  • C:\Windows\tenable_mw_scan_*.exe
  • C:\Windows\temp\nessus_*.bat
  • C:\Windows\Tenable\Nessus Agent\tenable_mw_scan_*.exe
  • C:\Windows\Tenable\Nessus Agent\temp\nessus_*.bat
  • C:\Program Files\Tenable\Nessus Agent\*
  • C:\Program Files (x86)\Tenable\Nessus Agent\*
  • C:\ProgramData\Tenable\Nessus Agent\*
macOS
 
  • /Library/NessusAgent/run/sbin/*
  • /Library/NessusAgent/run/bin/*
Linux
 
  • /opt/nessus_agent/sbin/*
  • /opt/nessus_agent/bin/*
  • /opt/nessus_agent/lib/nessus/*

 

Trellix (McAfee).

 

Trellix (McAfee) Documentation.

Trellix (McAfee) KB Article.

 

View exclusions.

Note:

Next DLP recommends removing or disabling Trellix DLP before installing Next Reveal for optimal compatibility and performance.

 

Process name exclusion Process path exclusion
Windows
  • masvc.exe
  • mfemactl.exe
  • macmnsvc.exe
  • macompatsvc.exe
  • cmdagent.exe
  • FrmInst.exe
  • maconfig.exe
  • McScanCheck.exe
  • McScript_InUse.exe
  • UpdaterUI.exe
  • marepomirror.exe
  • FramePkg.exe
  • mctray.exe
  • mcupdater.exe
  • mcshield.exe
  • mfefire.exe
  • mfemms.exe
  • mfevtps.exe
  • mfeatp.exe
  • mfeesp.exe
  • mfecanary.exe
  • mfeensppl.exe
  • mfefw.exe
  • mfetp.exe
  • mfehcs.exe
  • mcchhost.exe
  • mfewc.exe
  • msedsp.exe
  • mfeconsole.exe
  • C:\Program Files\McAfee\Endpoint Security\**
  • C:\Program Files (x86)\McAfee\Endpoint Security\**
  • C:\Program Files\McAfee\Agent\**
macOS
  • masvc
  • macmnsvc
  • macompatsvc
  • cmdagent
  • maconfig
  • McScanCheck
  • Mue_InUse
  
Linux
  • masvc
  • macmnsvc
  • macompatsvc
  • cmdagent
  • maconfig
  • McScanCheck
  • Mue_InUse
  

 

Trend Micro.

 

Trend Micro Documentation.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • TMBMSRV.exe
  • TmPfw.exe
  • dsagent.exe
  • tmlisten.exe
  • TmProxy.exe
  • ntrtscan.exe
  • TmCCSF.exe
  • CloudEndpointService.exe
  • coreFrameworkHost.exe
  • coreServiceShell.exe
  • dsa.exe
  • dsa-connect.exe
  • dsa-wrs-app.exe
  • EndpointBasecamp.exe
  • Notifier.exe
  • tm_netagent.exe
  • WSCommunicator.exe
  • C:\Program Files\Trend Micro\**
  • C:\Program Files (x86)\Trend Micro\**
  • C:\ProgramData\Trend Micro\**
macOS
   
Linux
   

 

Wazuh agent.

 

Wazuh agent Documentation.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • wazuh-agent.exe
  • C:\Program Files (x86)\ossec-agent\wazuh-agent.exe
macOS
 
  • /Library/Ossec/**
Linux
 
  • /var/ossec/**

 

Windows Defender Advanced Threat Protection.

 

Microsoft Defender for Endpoint.

Windows Defender Advanced Threat Protection Documentation.

Windows Defender Advanced Threat Protection Worldwide Documentation.

 

View exclusions:

Note:

Check if enabling 'Windows anti-malware process exclusion' in Agent configuration solves the problem before manually adding these.

 

xEDGYG1cddqBmaVZ-aA_BvEuRloHu3Z1Mw

 

Process name exclusion Process path exclusion
Windows
  • MsSense.exe
  • SenseCncProxy.exe
  • SenseIR.exe
  • C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
  • C:\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe
  • C:\Program Files\Windows Defender Advanced Threat Protection\SenseIR.exe
macOS
  • mdatp
  • /Library/Application Support/Microsoft/Defender/**
  • /Library/Logs/Microsoft/mdatp/**
  • /Library/LaunchAgents/com.microsoft.wdav.tray.plist
  • /Applications/Microsoft\ Defender.app/**
  • /usr/local/bin/mdatp
Linux
  • mdatp
  • /usr/bin/mdatp
  • /opt/microsoft/mdatp/**

 

Windows Updater.

 

Windows Updater Documentation.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • TiWorker.exe
  
macOS
   
Linux
   

 

WithSecure (formerly F-Secure).

 

View exclusions.
Process name exclusion Process path exclusion
Windows
  • nif2_ols_ca.exe
  • fsulprothoster.exe
  • ulu.exe
  • wsscanwizard.exe
  • fs_ui_32.exe
  • C:\Program Files (x86)\F-Secure\**
macOS
   
Linux
   

 

XProtect.

XProtect Documentation.

 

View exclusions.
Process name exclusion Process path exclusion
Windows
   
macOS
  • XProtectRemediatorSnowDrift
  • XProtectRemediatorSnowBeagle
  • /Library/Apple/System/Library/CoreServices/XProtect.app/Contents/XPCServices/XProtectPluginService.xpc/Contents/MacOS/XProtectPluginService
Linux
   
Labels:
3571
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.