End-User Notifications requirements

Review the requirements before you install and use End-User Notifications.

Tanium dependencies

In addition to a license for the End-User Notifications product module, make sure that your environment also meets the following requirements.

Component Requirement
Tanium™ Core Platform

7.2 or later.

Tanium™ Client

6.0.314.1540 or later (Windows 7 Service Pack 1 or later, and Windows Server 2008 or later).

7.2.314.2962 or later (Windows 7 Service Pack 1 or later, and Windows Server 2008 or later).

Tanium Deploy

(Required for end-user notifications) 1.0 or later.

(Required for end-user self service) 1.3 or later.

Tanium Patch (Required for end-user notifications) 2.1 or later.
Computer groups When you first log into the Tanium Console after installing the Tanium Server, the server automatically imports the computer groups that End-User Notifications requires: All Computers.

Tanium™ Module Server

End-User Notifications is installed and runs as a service on the Module Server host computer. The impact on the Module Server is minimal and depends on usage.


End-User Notifications supports the following client operating systems.

  • Windows 10
  • Windows Server 2016
  • Windows 8.1
  • Windows Server 2012 R2
  • Windows 8
  • Windows Server 2012
  • Windows 7
  • Windows Server 2008 R2

Host and network security requirements

Specific ports and processes are needed to run End-User Notifications.


The following ports are required for End-User Notifications communication.

Component Port Direction Purpose
Module Server 17476 Loopback Internal purposes; not externally accessible

Security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference.

Table 1:   End-User Notifications security exclusions
Target Device Process
Module Server <Module Server>\services\end-user-notifications-service\node.exe
<Module Server>\services\twsm-v1\twsm.exe
    Endpoints <Tanium Client>\Python27\TPython.exe (7.2.x clients)
<Tanium Client>\Python38\TPython.exe (7.4.x clients)
<Tanium>\Tanium End User Notification Tools\UserSessionProxy.exe
<Tanium>\Tanium End User Notification Tools\bin\end-user-notifications.exe
<Tanium>\Tanium End User Notification Tools\ (exclude from on-access or real-time scans)

User role requirements

Table 2:   End-User Notifications user role permissions
Permission End-User Notifications Administrator End-User Notifications Read Only User

Show Endusernotifications1

View the End-User Notifications shared service



End User Notifications Use Api

Access to the End-User Notifications API



End User Notifications Module Read

Read access to the End-User Notifications shared service

End User Notifications Module Write

Write access to the End-User Notifications shared services

1 To install End-User Notifications, you must have the reserved role of Administrator.

2 Denotes a provided permission.


Table 3:   Provided End-User Notifications Micro Admin and Advanced user role permissions
Permission Role Type Content Set for Permission End-User Notifications Administrator End-User Notifications Read Only User
Read User Group Micro Admin  
Read Computer Group Micro Admin  
Ask Dynamic Questions Advanced  
Read Sensor Advanced Reserved
Read Sensor Advanced Default
Read Sensor Advanced Base
Read Sensor Advanced End-User Notifications
Approve Action Advanced End-User Notifications
Execute Plugin Advanced End-User Notifications
Write Action Advanced End-User Notifications
Write Package Advanced End-User Notifications
Write Saved Question Advanced End-User Notifications

For more information and descriptions of content sets and permissions, see Tanium Core Platform User Guide: Users and user groups.