Host system security exclusions
To monitor and block unknown host system processes, many organizations use security software, such as host-based firewalls and antivirus detection. To ensure that such software does not interfere with Tanium operations, work with your network and security team to whitelist Tanium folders and processes, so that the software treats them as trusted exclusions. Typically, this means configuring the security software to exclude the installation directories of the Tanium™ Client and (for Windows deployments) Tanium Core Platform servers from real-time inspection. Configuring trusted exclusions also typically involves setting a policy to ignore input and output from Tanium binaries.
Tanium Core Platform servers do not require host system security exclusions in a Tanium Appliance or Tanium as a Service deployment. Tanium Clients on all operating systems (OSs) require host system security exclusions.
Tanium Core Platform folders
The following table lists Tanium Core Platform folders that antivirus and other host-based security applications must exclude from real-time scans. Include subfolders of these locations when you create the exception rules. The listed folder paths are the defaults. If you changed the folder locations to non-default paths, create rules based on the actual locations.
| Target Device | OS | Installation folder |
|---|---|---|
| ¹ Tanium™ Server | Windows 64-bit | \Program Files\Tanium\Tanium Server\ |
| Tanium™ Module Server | Windows 64-bit | \Program Files\Tanium\Tanium Module Server\ |
| Tanium™ Zone Server /
Zone Server Hub |
Windows 64-bit | \Program Files (x86)\Tanium\Tanium ZoneServer\ |
| ² Tanium Client endpoints | Windows 32-bit | \Program Files\Tanium\Tanium Client\ |
| Windows 64-bit | \Program Files (x86)\Tanium\Tanium Client\ | |
| macOS | /Library/Tanium/TaniumClient/ | |
| Linux, Solaris, AIX | /opt/Tanium/TaniumClient/ | |
| 1 You might also have to exclude the Tanium Server Downloads directory if it was moved out of the installation directory using the instructions in the KB article Relocate Downloads Directory.
2 For additional folder exclusions that are required during Tanium Client installation, see Client Management. |
||
Tanium Core Platform system processes
The following table lists Tanium Core Platform system processes that must be allowed (not blocked, quarantined, or otherwise processed). The <Module Server> and <Tanium Client> variables indicate the installation folder of the Module Server and Tanium Client, respectively.
- If you use Microsoft Group Policy Objects (GPO) or other central management tools to manage host firewalls, you might need to create rules to allow inbound and outbound TCP traffic across port 17472 on any managed endpoints, including the Tanium Server.
- If running McAfee Host Intrusion Prevention System (HIPS), mark the Tanium Client as both Trusted for Firewall and Trusted for IPS, per McAfee KB71704.
- The Tanium Client on Windows uses the Windows Update offline scan file, Wsusscn2.cab, to assess computers for installed or missing OS and application security patches. If your endpoint security solutions scan archive files, refer to the Microsoft KB for information on how to configure those tools to interact appropriately with the Wsusscn2.cab file.
Tanium binary file signer
Some security products base exclusion rules on file signers. Tanium uses an extended validation (EV) code-signing certificate with the following signer for the Tanium-generated binary files of Tanium Core Platform servers, Tanium Clients, and Tanium modules. Tanium also uses this certificate to sign VBS and PS1 files within action packages:
Subject: jurisdictionC=US/jurisdictionST=Delaware/businessCategory=Private Organization/serialNumber=4332270, C=US, ST=CA, L=Emeryville, O=Tanium Inc., CN=Tanium Inc.
Solution module folders
As a rule, Tanium solution modules are installed in subdirectories of the Tanium Module Server installation directory. This facilitates any exclusion rules you must create: simply exclude the Module Server installation directory and its subdirectories. This requirement applies only to a Module Server installed on Windows infrastructure.
Solution module processes
If you install Tanium modules and shared services, see the following sections for additional processes on the Module Server (Windows infrastructure only) and Tanium Client (all OSs) that you must configure as exclusions in security software.
The following sections use variables (such as <Module Server>) to indicate the installation folder of a Tanium Core Platform server or the Tanium Client.
- Asset
- Client Management
- Comply
- Connect
- Deploy
- Direct Connect
- Discover
- End-User Notifications
- Health Check
- Impact
- Incident Response
- Integrity Monitor
- Map
- Network Quarantine
- Patch
- Performance
- Protect
- Reputation
- Reveal
- Threat Response
- Trends
Asset
| Target Device | Notes | Process |
|---|---|---|
| Module Server | <Module Server>\services\asset-service\node.exe | |
| <Module Server>\services\asset-service\[email protected]\postgresql\lib\win32\bin\postgres.exe | ||
| <Module Server>\services\asset-service\[email protected]\postgresql\lib\win32\bin\pg_ctl.exe | ||
| Windows endpoints | For integration with Flexera | <Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe |
| macOS and Linux endpoints | For integration with Flexera | <Tanium Client>/Tools/EPI/TaniumEndpointIndex |
Client Management
| Target Device | Notes | Process |
|---|---|---|
| Module Server | "<Tanium Module Server>\services\client-management-service\node.exe" service.js | |
| <Tanium Module Server>\services\twsm-v1\twsm.exe | ||
| Windows x86 endpoints | During client installation | \Program Files\Tanium\TaniumClientBootstrap.exe |
| During client installation | \Program Files\Tanium\SetupClient.exe | |
| During client installation | <Tanium Client>\SetupClient.exe | |
| <Tanium Client>\TaniumClientExtensions.dll | ||
| <Tanium Client>\TaniumClientExtensions.dll.sig | ||
| <Tanium Client>\extensions\TaniumDEC.dll | ||
| <Tanium Client>\extensions\TaniumDEC.dll.sig | ||
| <Tanium Client>\TaniumCX.exe | ||
| Windows x64 endpoints | During client installation | \Program Files (x86)\Tanium\TaniumClientBootstrap.exe |
| During client installation | \Program Files (x86)\Tanium\SetupClient.exe | |
| During client installation | <Tanium Client>\SetupClient.exe | |
| <Tanium Client>\TaniumClientExtensions.dll | ||
| <Tanium Client>\TaniumClientExtensions.dll.sig | ||
| <Tanium Client>\extensions\TaniumDEC.dll | ||
| <Tanium Client>\extensions\TaniumDEC.dll.sig | ||
| <Tanium Client>\TaniumCX.exe | ||
| macOS endpoints | During client installation | /Library/Tanium/TaniumClientBootstrap |
| During client installation | /Library/Tanium/SetupClient | |
| During client installation | <Tanium Client>/SetupClient | |
| <Tanium Client>/libTaniumClientExtensions.dylib | ||
| <Tanium Client>/libTaniumClientExtensions.dylib.sig | ||
| <Tanium Client>/extensions/libTaniumDEC.dylib | ||
| <Tanium Client>/extensions/libTaniumDEC.dylib.sig | ||
| <Tanium Client>/TaniumCX | ||
| Linux endpoints | During client installation | /opt/Tanium/TaniumClientBootstrap |
| During client installation | /opt/Tanium/SetupClient | |
| During client installation | <Tanium Client>/SetupClient | |
| <Tanium Client>/libTaniumClientExtensions.so | ||
| <Tanium Client>/libTaniumClientExtensions.so.sig | ||
| <Tanium Client>/extensions/libTaniumDEC.so | ||
| <Tanium Client>/extensions/libTaniumDEC.so.sig | ||
| <Tanium Client>/TaniumCX | ||
| Solaris and AIX endpoints | During client installation | /opt/Tanium/TaniumClientBootstrap |
| During client installation | /opt/Tanium/SetupClient | |
| During client installation | <Tanium Client>/SetupClient |
| Target Device | Notes | Process |
|---|---|---|
| Windows x86 endpoint | <Tanium Client>\TaniumClientExtensions.dll | |
| <Tanium Client>\TaniumClientExtensions.dll.sig | ||
| <Tanium Client>\extensions\TaniumDEC.dll | ||
| <Tanium Client>\extensions\TaniumDEC.dll.sig | ||
| <Tanium Client>\TaniumCX.exe | ||
| Windows x64 endpoints | <Tanium Client>\TaniumClientExtensions.dll | |
| <Tanium Client>\TaniumClientExtensions.dll.sig | ||
| <Tanium Client>\extensions\TaniumDEC.dll | ||
| <Tanium Client>\extensions\TaniumDEC.dll.sig | ||
| <Tanium Client>\TaniumCX.exe | ||
| macOS endpoints | <Tanium Client>/libTaniumClientExtensions.dylib | |
| <Tanium Client>/libTaniumClientExtensions.dylib.sig | ||
| <Tanium Client>/extensions/libTaniumDEC.dylib | ||
| <Tanium Client>/extensions/libTaniumDEC.dylib.sig | ||
| <Tanium Client>/TaniumCX | ||
| Linux endpoints | <Tanium Client>/libTaniumClientExtensions.so | |
| <Tanium Client>/libTaniumClientExtensions.so.sig | ||
| <Tanium Client>/extensions/libTaniumDEC.so | ||
| <Tanium Client>/extensions/libTaniumDEC.so.sig | ||
| <Tanium Client>/TaniumCX |
Comply
| Target Device | Notes | Process |
|---|---|---|
| Module Server | <Module Server>\services\comply-service\node.exe | |
| <Module Server>\services\comply-service\node_modules\ovalindex\ovalindex.exe | ||
| Windows endpoints | <Tanium Client>\Tools\Comply\TaniumExecWrapper.exe | |
| <Tanium Client>\Tools\Comply\jre\bin\java.exe | ||
| <Tanium Client>\Tools\Comply\7za.exe | ||
| Linux/macOS/AIX endpoints | <Tanium Client>/Tools/Comply/TaniumExecWrapper | |
| <Tanium Client>/Tools/Comply/jre/bin/java | ||
| <Tanium Client>/Tools/Comply/7za | ||
| <Tanium Client>/Tools/Comply/xsltproc | ||
| Tanium Scan Engine | <Tanium Client>/Tools/Comply/joval/Joval4Tanium.jar | |
| <Tanium Client>/Tools/Comply/joval/Joval-Utilities.jar | ||
| CIS-CAT engine | <Tanium Client>/Tools/Comply/cis-cat/CIS-CAT.jar | |
| Linux only | <Tanium Client>/Tools/Comply/cis-cat/CIS-CAT.sh | |
| Windows only | <Tanium Client>/Tools/Comply/cis-cat/CIS-CAT.BAT | |
| SCC engine - Windows endpoints | <Tanium Client>\Tools\Comply\scc\cscc.exe | |
| <Tanium Client>\Tools\Comply\scc\cscc32.exe | ||
| <Tanium Client>\Tools\Comply\scc\cscc64.exe | ||
| <Tanium Client>\Tools\Comply\scc\scc.exe | ||
| <Tanium Client>\Tools\Comply\scc\scc32.exe | ||
| <Tanium Client>\Tools\Comply\scc\scc64.exe | ||
| SCC engine - Linux/macOS endpoints | <Tanium Client>/Tools/Comply/scc/cscc | |
| <Tanium Client>/Tools/Comply/scc/cscc.bin | ||
| <Tanium Client>/Tools/Comply/scc/scc | ||
| <Tanium Client>/Tools/Comply/scc/scc.bin |
| Target Device | Notes | Process |
|---|---|---|
| Windows endpoints | <Tanium Client>\Tools\Comply\TaniumExecWrapper.exe | |
| <Tanium Client>\Tools\Comply\jre\bin\java.exe | ||
| <Tanium Client>\Tools\Comply\7za.exe | ||
| Linux/macOS endpoints | <Tanium Client>/Tools/Comply/TaniumExecWrapper | |
| <Tanium Client>/Tools/Comply/jre/bin/java | ||
| <Tanium Client>/Tools/Comply/7za | ||
| <Tanium Client>/Tools/Comply/xsltproc | ||
| Tanium Scan Engine | <Tanium Client>/Tools/Comply/joval/Joval4Tanium.jar | |
| <Tanium Client>/Tools/Comply/joval/Joval-Utilities.jar | ||
| CIS-CAT engine | <Tanium Client>/Tools/Comply/cis-cat/CIS-CAT.jar | |
| Linux only | <Tanium Client>/Tools/Comply/cis-cat/CIS-CAT.sh | |
| Windows only | <Tanium Client>/Tools/Comply/cis-cat/CIS-CAT.BAT | |
| SCC engine - Windows endpoints | <Tanium Client>\Tools\Comply\scc\cscc.exe | |
| <Tanium Client>\Tools\Comply\scc\cscc32.exe | ||
| <Tanium Client>\Tools\Comply\scc\cscc64.exe | ||
| <Tanium Client>\Tools\Comply\scc\scc.exe | ||
| <Tanium Client>\Tools\Comply\scc\scc32.exe | ||
| <Tanium Client>\Tools\Comply\scc\scc64.exe | ||
| SCC engine - Linux/macOS endpoints | <Tanium Client>/Tools/Comply/scc/cscc | |
| <Tanium Client>/Tools/Comply/scc/cscc.bin | ||
| <Tanium Client>/Tools/Comply/scc/scc | ||
| <Tanium Client>/Tools/Comply/scc/scc.bin |
Connect
| Target device | Notes | Process |
|---|---|---|
| Module Server | <Tanium Module Server>\services\connect-service\node.exe |
No additional process exclusions are required.
Deploy
| Target device | Notes | Process |
|---|---|---|
| Module Server | <Module Server>\services\deploy-service\node.exe | |
| Windows endpoints | <Tanium Client>\Python27\TPython.exe | |
| 7.4.x clients | <Tanium Client>\Python38\TPython.exe | |
| 7.4.x clients | <Tanium Client>\Python38\*.dll | |
| <Tanium Client>\Tools\Deploy\7za.exe | ||
| <Tanium Client>\Tools\SoftwareManagement\7za.exe | ||
| <Tanium Client>\TaniumCX.exe | ||
| Linux endpoints | <Tanium Client>/python27/bin/pybin | |
| 7.2.x clients | <Tanium Client>/python27/pybin | |
| 7.4.x clients | <Tanium Client>/python38/python | |
| <Tanium Client>/TaniumCX | ||
| macOS endpoints | <Tanium Client>/python27/bin/pybin | |
| 7.2.x clients | <Tanium Client>/python27/pybin | |
| 7.4.x clients | <Tanium Client>/python38/python | |
| <Tanium Client>/TaniumCX |
| Target device | Notes | Process |
|---|---|---|
| Windows endpoints | <Tanium Client>\Python27\TPython.exe | |
| 7.4.x clients | <Tanium Client>\Python38\TPython.exe | |
| 7.4.x clients | <Tanium Client>\Python38\*.dll | |
| <Tanium Client>\Tools\Deploy\7za.exe | ||
| <Tanium Client>\Tools\SoftwareManagement\7za.exe | ||
| <Tanium Client>\TaniumCX.exe | ||
| Linux endpoints | <Tanium Client>/python27/bin/pybin | |
| 7.4.x clients | <Tanium Client>/python38/python | |
| <Tanium Client>/TaniumCX | ||
| macOS endpoints | <Tanium Client>/python27/bin/pybin | |
| 7.4.x clients | <Tanium Client>/python38/python | |
| <Tanium Client>/TaniumCX |
Direct Connect
| Target Device | Notes | Process |
|---|---|---|
| Windows endpoints | <Tanium Client>\TaniumClientExtensions.dll | |
| <Tanium Client>\TaniumClientExtensions.dll.sig | ||
| <Tanium Client>\extensions\TaniumDEC.dll | ||
| <Tanium Client>\extensions\TaniumDEC.dll.sig | ||
| <Tanium Client>\TaniumCX.exe | ||
| macOS endpoints | <Tanium Client>/libTaniumClientExtensions.dylib | |
| <Tanium Client>/libTaniumClientExtensions.dylib.sig | ||
| <Tanium Client>/extensions/libTaniumDEC.dylib | ||
| <Tanium Client>/extensions/libTaniumDEC.dylib.sig | ||
| <Tanium Client>/TaniumCX | ||
| Linux endpoints | <Tanium Client>/libTaniumClientExtensions.so | |
| <Tanium Client>/libTaniumClientExtensions.so.sig | ||
| <Tanium Client>/extensions/libTaniumDEC.so | ||
| <Tanium Client>/extensions/libTaniumDEC.so.sig | ||
| <Tanium Client>/TaniumCX |
Discover
| Target Device | Notes | Process |
|---|---|---|
| Module Server | "<Module Server>\services\discover\node.exe | |
| <Module Server>\plugins\content\discover-proxy\proxyplugin.exe | ||
| <Module Server>\services\twsm-v1\twsm.exe | ||
| Windows endpoints | (Level 3 and 4 profiles only) | C:\Program Files\Npcap |
| (Level 3 and 4 profiles only) | <Tanium Client>Tools\Discover\nmap\nmap.exe | |
| Linux endpoints | (Level 3 and 4 profiles only) |
<Tanium Client>/Tools/Discover/nmap/nmap |
| macOS endpoints | (Level 3 and 4 profiles only) | <Tanium Client>/Tools/Discover/nmap/nmap |
End-User Notifications
| Target Device | Notes | Process |
|---|---|---|
| Module Server | <Module Server>\services\end-user-notifications-service\node.exe | |
| <Module Server>\services\twsm-v1\twsm.exe | ||
| Windows endpoints | 7.2.x clients | <Tanium Client>\Python27\TPython.exe |
| 7.4.x clients | <Tanium Client>\Python38\TPython.exe | |
| <Tanium>\Tanium End User Notification Tools\UserSessionProxy.exe | ||
| <Tanium>\Tanium End User Notification Tools\bin\end-user-notifications.exe | ||
| exclude from on-access or real-time scans | <Tanium>\Tanium End User Notification Tools\ | |
| macOS endpoints | 7.2.x clients | <Tanium Client>/python27/python |
| 7.4.x clients | <Tanium Client>/python38/python | |
| /Library/Tanium/EndUserNotifications/bin/end-user-notifications.app | ||
| /Library/Tanium/EndUserNotifications |
| Target Device | Notes | Process |
|---|---|---|
| Windows endpoints | 7.4.x clients | <Tanium Client>\Python38\TPython.exe |
| <Tanium>\Tanium End User Notification Tools\UserSessionProxy.exe | ||
| <Tanium>\Tanium End User Notification Tools\bin\end-user-notifications.exe | ||
| exclude from on-access or real-time scans | <Tanium>\Tanium End User Notification Tools\ | |
| macOS endpoints | 7.4.x clients | <Tanium Client>/python38/python |
| /Library/Tanium/EndUserNotifications/bin/end-user-notifications.app | ||
| /Library/Tanium/EndUserNotifications |
Health Check
| Target Device | Notes | Process |
|---|---|---|
| Module Server | <Module Server>\services\health-service\node.exe | |
| <Module Server>\services\health-service\twsm.exe |
Impact
| Target Device | Notes | Process |
|---|---|---|
| Module Server (Windows) | <Module Server>\services\impact-service\TaniumImpactService.exe | |
| Windows endpoints | <Tanium Client>\Python38\TPython.exe | |
| <Tanium Client>\Python38\*.dll |
Incident Response
| Target Device | Notes | Process |
|---|---|---|
| Windows x86 or x64 endpoints | <Tanium Client>\Tools\IR\TaniumPersistenceAnalyzer.exe | |
| <Tanium Client>\Tools\EPI\TaniumExecWrapper.exe | ||
| <Tanium Client>\Tools\IR\TaniumExecWrapper.exe | ||
| <Tanium Client>\Tools\IR\TanFileInfo.exe | ||
| <Tanium Client>\Tools\IR\TaniumHandle.exe | ||
| <Tanium Client>\Tools\IR\TanListModules.exe | ||
| <Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe | ||
| <Tanium Client>\Tools\IR\PowerForensics\PowerForensics.dll | ||
| 1 | <Tanium Client>\Downloads\Action_nnn\Winpmem.gb414603.exe | |
| 1 | <Tanium Client>\Downloads\Action_nnn\TaniumFileTransfer.exe | |
| 7.2.x clients | <Tanium Client>\Python27\TPython.exe | |
| 7.4.x clients | <Tanium Client>\Python38\TPython.exe | |
| 7.4.x clients | <Tanium Client>\Python38\*.dll | |
| macOS endpoints | <Tanium Client>/Tools/EPI/TaniumExecWrapper | |
| <Tanium Client>/Tools/IR/TaniumExecWrapper | ||
| <Tanium Client>/Tools/EPI/TaniumEndpointIndex | ||
| 1,2 | <Tanium Client>/Downloads/Action_nnn/surge-collect | |
| 1,2 | <Tanium Client>/Downloads/Action_nnn/surge.dat | |
| 1 | <Tanium Client>/Downloads/Action_nnn/osxpmem.app/osxpmem | |
| 1 | <Tanium Client>/Downloads/Action_nnn/taniumfiletransfer | |
| 7.2.x clients | <Tanium Client>/python27/python | |
| 7.4.x clients | <Tanium Client>/python38/python | |
| Linux x86 or x64 endpoints | <Tanium Client>/Tools/EPI/TaniumExecWrapper | |
| <Tanium Client>/Tools/IR/TaniumExecWrapper | ||
| <Tanium Client>/Tools/EPI/TaniumEndpointIndex | ||
| 1,2 | <Tanium Client>/Downloads/Action_nnn/surge-collect | |
| 1,2 | <Tanium Client>/Downloads/Action_nnn/surge.dat | |
| 1 | <Tanium Client>/Downloads/Action_nnn/linpmem-<version>.bin | |
| 1 | <Tanium Client>/Downloads/Action_nnn/taniumfiletransfer | |
| 7.2.x clients | <Tanium Client>/python27/python | |
| 7.4.x clients | <Tanium Client>/python38/python | |
|
1 = Where nnn corresponds to the action ID. 2 = Exception is required if Volexity Surge is used for memory collection. |
||
Integrity Monitor
| Target Device | Notes | Process |
|---|---|---|
| Tanium Module Server | <Module Server>\services\integrity-monitor-service\node.exe | |
| Tanium Zone Server | <Zone Server>\proxy\node.exe | |
| Windows x86 and x64 endpoints | <Tanium Client>\Tools\EPI\TaniumExecWrapper.exe | |
| <Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe | ||
| <Tanium Client>\Tools\IM\TaniumSQLiteQuery.exe | ||
| <Tanium Client>\Tools\IM\TaniumExecWrapper.exe | ||
| <Tanium Client>\extensions\TaniumRecorder.dll | ||
| <Tanium Client>\extensions\TaniumRecorder.dll.sig | ||
| <Tanium Client>\extensions\recorder\proc.bin | ||
| <Tanium Client>\extensions\recorder\recorder.db | ||
| <Tanium Client>\extensions\recorder\recorder.db-shm | ||
| <Tanium Client>\extensions\recorder\recorder.db-wal | ||
| <Tanium Client>\extensions\core\libTaniumPythonCx.dll | ||
| <Tanium Client>\extensions\core\libTaniumPythonCx.dll.sig | ||
| <Tanium Client>\TaniumClientExtensions.dll | ||
| <Tanium Client>\TaniumClientExtensions.dll.sig | ||
| 7.2.x clients | <Tanium Client>\Python27\TPython.exe | |
| 7.4.x clients | <Tanium Client>\Python38\TPython.exe | |
| 7.4.x clients | <Tanium Client>\Python38\*.dll | |
| <Tanium Client>\TaniumCX.exe | ||
| Linux x86 and x64 endpoints | <Tanium Client>/TaniumAuditPipe | |
| <Tanium Client>/Tools/Trace/recorder | ||
| <Tanium Client>/Tools/EPI/TaniumEndpointIndex | ||
| <Tanium Client>/Tools/EPI/TaniumExecWrapper | ||
| <Tanium Client>/Tools/IM/TaniumExecWrapper | ||
| 7.2.x clients | <Tanium Client>/python27/python | |
| 7.4.x clients | <Tanium Client>/python38/python | |
| <Tanium Client>/libTaniumClientExtensions.so | ||
| <Tanium Client>/libTaniumClientExtensions.so.sig | ||
| <Tanium Client>/extensions/recorder/proc.bin | ||
| <Tanium Client>/extensions/recorder/recorder.db | ||
| <Tanium Client>/extensions/recorder/recorder.db-shm | ||
| <Tanium Client>/extensions/recorder/recorder.db-wal | ||
| <Tanium Client>/extensions/recorder/recorder.auditpipe | ||
| <Tanium Client>/extensions/core/libTaniumPythonCx.so | ||
| <Tanium Client>/extensions/core/libTaniumPythonCx.so.sig | ||
| <Tanium Client>/TaniumCX |
| Target Device | Notes | Process |
|---|---|---|
| Windows x86 and x64 endpoints | <Tanium Client>\Tools\EPI\TaniumExecWrapper.exe | |
| <Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe | ||
| <Tanium Client>\Tools\IM\TaniumSQLiteQuery.exe | ||
| <Tanium Client>\Tools\IM\TaniumExecWrapper.exe | ||
| <Tanium Client>\extensions\TaniumRecorder.dll | ||
| <Tanium Client>\extensions\TaniumRecorder.dll.sig | ||
| <Tanium Client>\extensions\recorder\proc.bin | ||
| <Tanium Client>\extensions\recorder\recorder.db | ||
| <Tanium Client>\extensions\recorder\recorder.db-shm | ||
| <Tanium Client>\extensions\recorder\recorder.db-wal | ||
| <Tanium Client>\extensions\core\libTaniumPythonCx.dll | ||
| <Tanium Client>\extensions\core\libTaniumPythonCx.dll.sig | ||
| <Tanium Client>\TaniumClientExtensions.dll | ||
| <Tanium Client>\TaniumClientExtensions.dll.sig | ||
| 7.4.x clients | <Tanium Client>\Python38\TPython.exe | |
| 7.4.x clients | <Tanium Client>\Python38\*.dll | |
| <Tanium Client>\TaniumCX.exe | ||
| Linux x86 and x64 endpoints | <Tanium Client>/TaniumAuditPipe | |
| <Tanium Client>/Tools/Trace/recorder | ||
| <Tanium Client>/Tools/EPI/TaniumEndpointIndex | ||
| <Tanium Client>/Tools/EPI/TaniumExecWrapper | ||
| <Tanium Client>/Tools/IM/TaniumExecWrapper | ||
| 7.4.x clients | <Tanium Client>/python38/python | |
| <Tanium Client>/libTaniumClientExtensions.so | ||
| <Tanium Client>/libTaniumClientExtensions.so.sig | ||
| <Tanium Client>/extensions/recorder/proc.bin | ||
| <Tanium Client>/extensions/recorder/recorder.db | ||
| <Tanium Client>/extensions/recorder/recorder.db-shm | ||
| <Tanium Client>/extensions/recorder/recorder.db-wal | ||
| <Tanium Client>/extensions/recorder/recorder.auditpipe | ||
| <Tanium Client>/extensions/core/libTaniumPythonCx.so | ||
| <Tanium Client>/extensions/core/libTaniumPythonCx.so.sig | ||
| <Tanium Client>/TaniumCX |
Map
| Target Device | Notes | Process |
|---|---|---|
| Module Server | <Tanium Module Server>\services\map-service\node.exe | |
| Windows endpoints | 7.2.x clients | <Tanium Client>\Python27\TPython.exe |
| 7.4.x clients | <Tanium Client>\Python38\TPython.exe | |
| 7.4.x clients | <Tanium Client>\Python38\*.dll | |
| <Tanium Client>\TaniumCX.exe | ||
| Linux endpoints | 7.2.x clients | <Tanium Client>/python27/bin/pybin |
| 7.4.x clients |
<Tanium Client>/python38/python |
|
| <Tanium Client>/Tools/Trace/recorder | ||
| <Tanium Client>/TaniumCX | ||
| macOS endpoints | <Tanium Client>/Tools/Trace/TaniumRecorder | |
| <Tanium Client>/TaniumCX |
| Target Device | Notes | Process |
|---|---|---|
| Windows endpoints | 7.4.x clients | <Tanium Client>\Python38\TPython.exe |
| 7.4.x clients | <Tanium Client>\Python38\*.dll | |
| <Tanium Client>\TaniumCX.exe | ||
| Linux endpoints | 7.4.x clients |
<Tanium Client>/python38/python |
| <Tanium Client>/Tools/Trace/recorder | ||
| <Tanium Client>/TaniumCX | ||
| macOS endpoints | <Tanium Client>/Tools/Trace/TaniumRecorder | |
| <Tanium Client>/TaniumCX |
Network Quarantine
No additional process exclusions are required.
Patch
| Target device | Notes | Process |
|---|---|---|
| Module Server | <Module Server>\services\patch-service\node.exe | |
| Windows endpoints | <Tanium Client>\Patch\tanium-patch.min.vbs | |
| <Tanium Client>\Patch\scans\Wsusscn2.cab | ||
| <Tanium Client>\Patch\tools\active-user-sessions.exe | ||
| <Tanium Client>\Patch\tools\run-patch-manager.min.vbs | ||
| <Tanium Client>\Patch\tools\TaniumExecWrapper.exe | ||
| <Tanium Client>\Patch\tools\TaniumFileInfo.exe | ||
| <Tanium Client>\Patch\tools\TaniumUpdateSearcher.exe | ||
| 7.2.x clients | <Tanium Client>\Python27\TPython.exe | |
| 7.2.x clients | <Tanium Client>\Python27\*.dll | |
| 7.4.x clients | <Tanium Client>\Python38\TPython.exe | |
| 7.4.x clients | <Tanium Client>\Python38\*.dll | |
| <Tanium Client>\TaniumCX.exe | ||
| <Tanium Client>\Tools\Patch\7za.exe | ||
| <Tanium Client>\Tools\Patch\TaniumExecWrapper.exe | ||
| exclude from on-access or real-time scans | <Tanium Client> | |
| Linux endpoints | 7.2.x clients | <Tanium Client>/python27/bin/pybin |
| 7.2.x clients | <Tanium Client>/python27/python | |
| 7.4.x clients | <Tanium Client>/python38/bin/pybin | |
| 7.4.x clients | <Tanium Client>/python38/python | |
| <Tanium Client>/Tools/Patch/TaniumExecWrapper |
| Target device | Notes | Process |
|---|---|---|
| Windows endpoints | <Tanium Client>\Patch\tanium-patch.min.vbs | |
| <Tanium Client>\Patch\scans\Wsusscn2.cab | ||
| <Tanium Client>\Patch\tools\active-user-sessions.exe | ||
| <Tanium Client>\Patch\tools\run-patch-manager.min.vbs | ||
| <Tanium Client>\Patch\tools\TaniumExecWrapper.exe | ||
| <Tanium Client>\Patch\tools\TaniumFileInfo.exe | ||
| <Tanium Client>\Patch\tools\TaniumUpdateSearcher.exe | ||
| 7.4.x clients | <Tanium Client>\Python38\TPython.exe | |
| 7.4.x clients | <Tanium Client>\Python38\*.dll | |
| <Tanium Client>\TaniumCX.exe | ||
| <Tanium Client>\Tools\Patch\7za.exe | ||
| <Tanium Client>\Tools\Patch\TaniumExecWrapper.exe | ||
| exclude from on-access or real-time scans | <Tanium Client> | |
| Linux endpoints | 7.4.x clients | <Tanium Client>/python38/bin/pybin |
| 7.4.x clients | <Tanium Client>/python38/python | |
| <Tanium Client>/Tools/Patch/TaniumExecWrapper |
Performance
| Target Device | Notes | Process |
|---|---|---|
| Tanium Module Server | <Module Server>\services\performance\node.exe | |
| <Module Server>\services\event-service\twsm.exe | ||
| Windows x86 and x64 endpoints | <Tanium Client>\Tools\Performance\TaniumTSDB.exe | |
| 7.2.x clients | <Tanium Client>\Python27\TPython.exe | |
| 7.4.x clients | <Tanium Client>\Python38\TPython.exe | |
| 7.4.x clients | <Tanium Client>\Python38\*.dll | |
| <Tanium Client>\TaniumCX.exe | ||
| macOS and Linux (x86 and x64) endpoints | <Tanium Client>/Tools/Performance/TaniumTSDB | |
| 7.2.x clients | <Tanium Client>/python27/python | |
| 7.4.x clients | <Tanium Client>/python38/python | |
| <Tanium Client>/TaniumCX |
| Target Device | Notes | Process |
|---|---|---|
| Windows (x86 and x64) endpoints | <Tanium Client>\Tools\Performance\TaniumTSDB.exe | |
| <Tanium Client>\Python38\TPython.exe | ||
| <Tanium Client>\Python38\*.dll | ||
| <Tanium Client>\TaniumCX.exe | ||
| macOS and Linux (x86 and x64) endpoints | <Tanium Client>/Tools/Performance/TaniumTSDB | |
| <Tanium Client>/python38/python | ||
| <Tanium Client>/TaniumCX |
Protect
| Target Device | Notes | Process |
|---|---|---|
| Module Server | <Tanium Module Server>\services\protect-service\7za.exe | |
| <Tanium Module Server>\services\protect-service\node.exe | ||
| Windows x86 endpoints | <Tanium Client>\Tools\StdUtils\7za.exe | |
| <Tanium Client>\Tools\Protect\LocalPolicyTool.exe | ||
| <Tanium Client>\Protect\LocalPolicyTool.exe | ||
| <Tanium Client>\Tools\Protect\devcon32.exe | ||
| (7.2.x clients) | <Tanium Client>\Python27\TPython.exe | |
| (7.4.x clients) | <Tanium Client>\Python38\TPython.exe | |
| (7.4.x clients) | <Tanium Client>\Python38\*.dll | |
| <Tanium Client>\TaniumCX.exe | ||
| Windows x64 endpoints | <Tanium Client>\Tools\StdUtils\7za.exe | |
| <Tanium Client>\Tools\Protect\LocalPolicyTool.exe | ||
| <Tanium Client>\Protect\LocalPolicyTool.exe | ||
| <Tanium Client>\Tools\Protect\devcon64.exe | ||
| (7.2.x clients) | <Tanium Client>\Python27\TPython.exe | |
| (7.4.x clients) | <Tanium Client>\Python38\TPython.exe | |
| (7.4.x clients) | <Tanium Client>\Python38\*.dll | |
| <Tanium Client>\TaniumCX.exe | ||
| macOS, and Linux x86 and x64 endpoints | (7.2.x clients) | <Tanium Client>/python27/python |
| (7.4.x clients) | <Tanium Client>/python38/python | |
| <Tanium Client>/TaniumCX |
Reputation
| Target device | Notes | Process |
|---|---|---|
| Module Server | <Module Server>\services\reputation-service\node.exe |
No additional process exclusions are required.
Reveal
| Target Device | Notes | Process |
|---|---|---|
| Module Server | <Tanium Module Server>\services\reveal-service\node.exe | |
| Windows endpoints | <Tanium Client>\TaniumCX.exe | |
| <Tanium Client>\Tools\EPI\TaniumExecWrapper.exe | ||
| <Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe | ||
| <Tanium Client>\Tools\Reveal\TaniumReveal.exe | ||
| <Tanium Client>\TaniumClientExtensions.dll | ||
| <Tanium Client>\TaniumClientExtensions.dll.sig | ||
| <Tanium Client>\extensions\RevealCX.dll | ||
| <Tanium Client>\extensions\RevealCX.dll.sig | ||
| <Tanium Client>\extensions\TaniumDEC.dll | ||
| <Tanium Client>\extensions\TaniumDEC.dll.sig | ||
| <Tanium Client>\extensions\core\libTaniumPythonCx.dll | ||
| <Tanium Client>\extensions\core\libTaniumPythonCx.dll.sig | ||
| 7.2.x clients | <Tanium Client>\Python27\TPython.exe | |
| 7.4.x clients | <Tanium Client>\Python38\TPython.exe | |
| 7.2.x clients | <Tanium Client>\Python38\*.dll | |
| Linux endpoints | <Tanium Client>/TaniumCX | |
| <Tanium Client>/Tools/EPI/TaniumExecWrapper | ||
| <Tanium Client>/Tools/EPI/TaniumEndpointIndex | ||
| <Tanium Client>/Tools/Reveal/TaniumReveal | ||
| <Tanium Client>/libTaniumClientExtensions.so | ||
| <Tanium Client>/libTaniumClientExtensions.so.sig | ||
| <Tanium Client>/extensions/libRevealCX.so | ||
| <Tanium Client>/extensions/libRevealCX.so.sig | ||
| <Tanium Client>/extensions/libTaniumDEC.so | ||
| <Tanium Client>/extensions/libTaniumDEC.so.sig | ||
| <Tanium Client>/extensions//core/libTaniumPythonCx.so | ||
| <Tanium Client>/extensions/core/libTaniumPythonCx.so.sig | ||
| 7.2.x clients | <Tanium Client>/python27/python | |
| 7.4.x clients | <Tanium Client>/python38/python | |
| macOS endpoints | <Tanium Client>/TaniumCX | |
| <Tanium Client>/Tools/EPI/TaniumExecWrapper | ||
| <Tanium Client>/Tools/EPI/TaniumEndpointIndex | ||
| <Tanium Client>/Tools/Reveal/TaniumReveal | ||
| <Tanium Client>/libTaniumClientExtensions.dylib | ||
| <Tanium Client>/libTaniumClientExtensions.dylib.sig | ||
| <Tanium Client>/extensions/libRevealCX.dylib | ||
| <Tanium Client>/extensions/libRevealCX.dylib.sig | ||
| <Tanium Client>/extensions/libTaniumDEC.dylib | ||
| <Tanium Client>/extensions/libTaniumDEC.dylib.sig | ||
| <Tanium Client>/extensions/core/libTaniumPythonCx.dylib | ||
| <Tanium Client>/extensions/core/libTaniumPythonCx.dylib.sig | ||
| 7.2.x clients | <Tanium Client>/python27/python | |
| 7.4.x clients | <Tanium Client>/python38/python |
| Target Device | Notes | Process |
|---|---|---|
| Windows endpoints | <Tanium Client>\TaniumCX.exe | |
| <Tanium Client>\Tools\EPI\TaniumExecWrapper.exe | ||
| <Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe | ||
| <Tanium Client>\Tools\Reveal\TaniumReveal.exe | ||
| <Tanium Client>\TaniumClientExtensions.dll | ||
| <Tanium Client>\TaniumClientExtensions.dll.sig | ||
| <Tanium Client>\extensions\RevealCX.dll | ||
| <Tanium Client>\extensions\RevealCX.dll.sig | ||
| <Tanium Client>\extensions\TaniumDEC.dll | ||
| <Tanium Client>\extensions\TaniumDEC.dll.sig | ||
| <Tanium Client>\extensions\core\libTaniumPythonCx.dll | ||
| <Tanium Client>\extensions\core\libTaniumPythonCx.dll.sig | ||
| 7.4.x clients | <Tanium Client>\Python38\TPython.exe | |
| Linux endpoints | <Tanium Client>/TaniumCX | |
| <Tanium Client>/Tools/EPI/TaniumExecWrapper | ||
| <Tanium Client>/Tools/EPI/TaniumEndpointIndex | ||
| <Tanium Client>/Tools/Reveal/TaniumReveal | ||
| <Tanium Client>/libTaniumClientExtensions.so | ||
| <Tanium Client>/libTaniumClientExtensions.so.sig | ||
| <Tanium Client>/extensions/libRevealCX.so | ||
| <Tanium Client>/extensions/libRevealCX.so.sig | ||
| <Tanium Client>/extensions/libTaniumDEC.so | ||
| <Tanium Client>/extensions/libTaniumDEC.so.sig | ||
| <Tanium Client>/extensions//core/libTaniumPythonCx.so | ||
| <Tanium Client>/extensions/core/libTaniumPythonCx.so.sig | ||
| 7.4.x clients | <Tanium Client>/python38/python | |
| macOS endpoints | <Tanium Client>/TaniumCX | |
| <Tanium Client>/Tools/EPI/TaniumExecWrapper | ||
| <Tanium Client>/Tools/EPI/TaniumEndpointIndex | ||
| <Tanium Client>/Tools/Reveal/TaniumReveal | ||
| <Tanium Client>/libTaniumClientExtensions.dylib | ||
| <Tanium Client>/libTaniumClientExtensions.dylib.sig | ||
| <Tanium Client>/extensions/libRevealCX.dylib | ||
| <Tanium Client>/extensions/libRevealCX.dylib.sig | ||
| <Tanium Client>/extensions/libTaniumDEC.dylib | ||
| <Tanium Client>/extensions/libTaniumDEC.dylib.sig | ||
| <Tanium Client>/extensions/core/libTaniumPythonCx.dylib | ||
| <Tanium Client>/extensions/core/libTaniumPythonCx.dylib.sig | ||
| 7.4.x clients | <Tanium Client>/python38/python |
Threat Response
| Target Device | Notes | Process |
|---|---|---|
| Tanium Module Server | <Module Server>\services\trace-service\node.exe | |
| <Module Server>\services\detect3\node.exe | ||
| <Module Server>\services\detect3\twsm.exe | ||
| <Module Server>\services\event-service\node.exe | ||
| <Module Server>\services\event-service\twsm.exe | ||
| <Module Server>\services\threat-response-service\node.exe | ||
| <Module Server>\services\twsm-v1\twsm.exe | ||
| Tanium Zone Server | <Zone Server>\proxy\node.exe | |
| Windows x86 and x64 endpoints | <Tanium Client>\Tools\EPI\TaniumExecWrapper.exe | |
| <Tanium Client>\Tools\IR\TaniumExecWrapper.exe | ||
| <Tanium Client>\Tools\IR\TanFileInfo.exe | ||
| <Tanium Client>\Tools\IR\TaniumFileInfo.exe | ||
| <Tanium Client>\Tools\IR\TaniumHandle.exe | ||
| <Tanium Client>\Tools\IR\TanListModules.exe | ||
| <Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe | ||
| <Tanium Client>\Tools\Trace\TaniumTraceWebsocketClient.exe | ||
| <Tanium Client>\Tools\Trace\TaniumTraceWebsocketClient64.exe | ||
| <Tanium Client>\Tools\Trace\TaniumExecWrapper.exe | ||
| <Tanium Client>\Tools\recorder\TaniumRecorderCtl.exe | ||
| <Tanium Client>\Tools\Detect3\TaniumDetectEngine.exe | ||
| <Tanium Client>\extensions\TaniumRecorder.dll | ||
| <Tanium Client>\extensions\TaniumRecorder.dll.sig | ||
| <Tanium Client>\extensions\SupportCX.dll | ||
| <Tanium Client>\extensions\SupportCX.dll.sig | ||
| <Tanium Client>\extensions\recorder\proc.bin | ||
| <Tanium Client>\extensions\recorder\recorder.db | ||
| <Tanium Client>\extensions\recorder\recorder.db-shm | ||
| <Tanium Client>\extensions\recorder\recorder.db-wal | ||
| <Tanium Client>\extensions\TaniumThreatResponse.dll | ||
| <Tanium Client>\extensions\TaniumThreatResponse.dll.sig | ||
| <Tanium Client>\extensions\core\libTaniumPythonCx.dll | ||
| <Tanium Client>\extensions\core\libTaniumPythonCx.dll.sig | ||
| <Tanium Client>\extensions\stream\*.py | ||
| <Tanium Client>\TaniumClientExtensions.dll | ||
| <Tanium Client>\TaniumClientExtensions.dll.sig | ||
| <Tanium Client>\Downloads\Action_nnn\TaniumFileTransfer.exe | ||
| <Tanium Client>\Downloads\Action_nnn\Winpmem.gb414603.exe1 | ||
| <Tanium Client>\Tools\IR\TaniumPersistenceAnalyzer.exe | ||
| <Tanium Client>\Tools\IR\PowerForensics\PowerForensics.dll | ||
| 7.2.x clients | <Tanium Client>\Python27\TPython.exe | |
| 7.4.x clients | <Tanium Client>\Python38\TPython.exe | |
| 7.4.x clients | <Tanium Client>\Python38\*.dll | |
| <Tanium Client>\TaniumSensorDebugger.exe | ||
| <Tanium Client>\TaniumCX.exe | ||
| <Tanium Client>\extensions\TaniumDEC.dll | ||
| <Tanium Client>\extensions\TaniumDEC.dll.sig | ||
| Linux x86 and x64 endpoints | <Tanium Client>/TaniumAuditPipe | |
| <Tanium Client>/TaniumCX | ||
| <Tanium Client>/TaniumSensorDebugger | ||
| <Tanium Client>/Tools/EPI/TaniumExecWrapper | ||
| <Tanium Client>/Tools/IR/TaniumExecWrapper | ||
| <Tanium Client>/Tools/EPI/TaniumEndpointIndex | ||
| <Tanium Client>/Tools/Trace/TaniumTraceWebsocketClient | ||
| <Tanium Client>/Tools/Trace/TaniumExecWrapper | ||
| <Tanium Client>/Tools/Detect3/TaniumDetectEngine | ||
| 7.2.x clients | <Tanium Client>/python27/python | |
| 7.4.x clients | <Tanium Client>/python38/python | |
| <Tanium Client>/libTaniumClientExtensions.so | ||
| <Tanium Client>/libTaniumClientExtensions.so.sig | ||
| <Tanium Client>/libSupportCX.so | ||
| <Tanium Client>/libSupportCX.so.sig | ||
| <Tanium Client>/extensions/libTaniumThreatResponse.so | ||
| <Tanium Client>/extensions/libTaniumThreatResponse.so.sig | ||
| <Tanium Client>/extensions/libTaniumRecorder.so | ||
| <Tanium Client>/extensions/libTaniumRecorder.dylib.sig | ||
| <Tanium Client>/extensions/recorder/proc.bin | ||
| <Tanium Client>/extensions/recorder/recorder.db | ||
| <Tanium Client>/extensions/recorder/recorder.db-shm | ||
| <Tanium Client>/extensions/recorder/recorder.db-wal | ||
| <Tanium Client>/extensions/recorder/recorder.auditpipe | ||
| <Tanium Client>/extensions/core/libTaniumPythonCx.so | ||
| <Tanium Client>/extensions/core/libTaniumPythonCx.so.sig | ||
| <Tanium Client>/extensions/libTaniumDEC.so | ||
| <Tanium Client>/extensions/libTaniumDEC.so.sig | ||
| <Tanium Client>/extensions/stream/*.py | ||
| <Tanium Client>/Downloads/Action_nnn/surge-collect1,2 | ||
| 1,2 | <Tanium Client>/Downloads/Action_nnn/surge.dat | |
| 1 | <Tanium Client>/Downloads/Action_nnn/linpmem-<version>.bin | |
| 1 | <Tanium Client>/Downloads/Action_nnn/taniumfiletransfer | |
| macOS endpoints | <Tanium Client>/TaniumCX | |
| <Tanium Client>/TaniumSensorDebugger | ||
| <Tanium Client>/Tools/EPI/TaniumExecWrapper | ||
| <Tanium Client>/Tools/IR/TaniumExecWrapper | ||
| <Tanium Client>/Tools/EPI/TaniumEndpointIndex | ||
| <Tanium Client>/Tools/Trace/TaniumTraceWebsocketClient | ||
| <Tanium Client>/Tools/Trace/TaniumExecWrapper | ||
| <Tanium Client>/Tools/Detect3/TaniumDetectEngine | ||
| 7.2.x clients | <Tanium Client>/python27/python | |
| 7.4.x clients | <Tanium Client>/python38/python | |
| <Tanium Client>/libTaniumClientExtensions.dylib | ||
| <Tanium Client>/libTaniumClientExtensions.dylib.sig | ||
| <Tanium Client>/extensions/libTaniumThreatResponse.dylib | ||
| <Tanium Client>/extensions/libTaniumThreatResponse.dylib.sig | ||
| <Tanium Client>/extensions/libTaniumRecorder.dylib | ||
| <Tanium Client>/extensions/libTaniumRecorder.dylib.sig | ||
| <Tanium Client>/extensions/recorder/proc.bin | ||
| <Tanium Client>/extensions/recorder/recorder.db | ||
| <Tanium Client>/extensions/recorder/recorder.db-shm | ||
| <Tanium Client>/extensions/recorder/recorder.db-wal | ||
| <Tanium Client>/extensions/recorder/recorder.auditpipe | ||
| <Tanium Client>/extensions/core/libTaniumPythonCx.dylib | ||
| <Tanium Client>/extensions/core/libTaniumPythonCx.dylib.sig | ||
| <Tanium Client>/extensions/stream/*.py | ||
| <Tanium Client>/extensions/libTaniumDEC.dylib | ||
| <Tanium Client>/extensions/libTaniumDEC.dylib.sig | ||
| <Tanium Client>/extensions/libSupportCX.dylib | ||
| <Tanium Client>/extensions/libSupportCX.dylib.sig | ||
| 1,2 | <Tanium Client>/Downloads/Action_nnn/surge-collect | |
| 1,2 | <Tanium Client>/Downloads/Action_nnn/surge.dat | |
| 1 | <Tanium Client>/Downloads/Action_nnn/osxpmem.app/osxpmem | |
| 1 | <Tanium Client>/Downloads/Action_nnn/taniumfiletransfer | |
| 1 = Where nnn corresponds to the action ID. 2 = Exception is required if Volexity Surge is used for memory collection. |
||
| Target Device | Notes | Process |
|---|---|---|
| Tanium Zone Server | <Zone Server>\proxy\node.exe | |
| Windows x86 and x64 endpoints | <Tanium Client>\Tools\EPI\TaniumExecWrapper.exe | |
| <Tanium Client>\Tools\IR\TaniumExecWrapper.exe | ||
| <Tanium Client>\Tools\IR\TanFileInfo.exe | ||
| <Tanium Client>\Tools\IR\TaniumFileInfo.exe | ||
| <Tanium Client>\Tools\IR\TaniumHandle.exe | ||
| <Tanium Client>\Tools\IR\TanListModules.exe | ||
| <Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe | ||
| <Tanium Client>\Tools\Trace\TaniumTraceWebsocketClient.exe | ||
| <Tanium Client>\Tools\Trace\TaniumTraceWebsocketClient64.exe | ||
| <Tanium Client>\Tools\Trace\TaniumExecWrapper.exe | ||
| <Tanium Client>\Tools\recorder\TaniumRecorderCtl.exe | ||
| <Tanium Client>\Tools\Detect3\TaniumDetectEngine.exe | ||
| <Tanium Client>\extensions\TaniumRecorder.dll | ||
| <Tanium Client>\extensions\TaniumRecorder.dll.sig | ||
| <Tanium Client>\extensions\recorder\proc.bin | ||
| <Tanium Client>\extensions\recorder\recorder.db | ||
| <Tanium Client>\extensions\recorder\recorder.db-shm | ||
| <Tanium Client>\extensions\recorder\recorder.db-wal | ||
| <Tanium Client>\extensions\TaniumThreatResponse.dll | ||
| <Tanium Client>\extensions\TaniumThreatResponse.dll.sig | ||
| <Tanium Client>\extensions\core\libTaniumPythonCx.dll | ||
| <Tanium Client>\extensions\core\libTaniumPythonCx.dll.sig | ||
| <Tanium Client>\TaniumClientExtensions.dll | ||
| <Tanium Client>\TaniumClientExtensions.dll.sig | ||
| <Tanium Client>\Downloads\Action_nnn\TaniumFileTransfer.exe | ||
| <Tanium Client>\Downloads\Action_nnn\Winpmem.gb414603.exe1 | ||
| <Tanium Client>\Tools\IR\TaniumPersistenceAnalyzer.exe | ||
| <Tanium Client>\Tools\IR\PowerForensics\PowerForensics.dll | ||
| 7.4.x clients | <Tanium Client>\Python38\TPython.exe | |
| 7.4.x clients | <Tanium Client>\Python38\*.dll | |
| <Tanium Client>\TaniumSensorDebugger.exe | ||
| <Tanium Client>\TaniumCX.exe | ||
| <Tanium Client>\extensions\TaniumDEC.dll | ||
| <Tanium Client>\extensions\TaniumDEC.dll.sig | ||
| Linux x86 and x64 endpoints | <Tanium Client>/TaniumAuditPipe | |
| <Tanium Client>/TaniumCX | ||
| <Tanium Client>/TaniumSensorDebugger | ||
| <Tanium Client>/Tools/EPI/TaniumExecWrapper | ||
| <Tanium Client>/Tools/IR/TaniumExecWrapper | ||
| <Tanium Client>/Tools/EPI/TaniumEndpointIndex | ||
| <Tanium Client>/Tools/Trace/TaniumTraceWebsocketClient | ||
| <Tanium Client>/Tools/Trace/TaniumExecWrapper | ||
| <Tanium Client>/Tools/Detect3/TaniumDetectEngine | ||
| 7.4.x clients | <Tanium Client>/python38/python | |
| <Tanium Client>/libTaniumClientExtensions.so | ||
| <Tanium Client>/libTaniumClientExtensions.so.sig | ||
| <Tanium Client>/extensions/libTaniumThreatResponse.so | ||
| <Tanium Client>/extensions/libTaniumThreatResponse.so.sig | ||
| <Tanium Client>/extensions/libTaniumRecorder.so | ||
| <Tanium Client>/extensions/libTaniumRecorder.dylib.sig | ||
| <Tanium Client>/extensions/recorder/proc.bin | ||
| <Tanium Client>/extensions/recorder/recorder.db | ||
| <Tanium Client>/extensions/recorder/recorder.db-shm | ||
| <Tanium Client>/extensions/recorder/recorder.db-wal | ||
| <Tanium Client>/extensions/recorder/recorder.auditpipe | ||
| <Tanium Client>/extensions/core/libTaniumPythonCx.so | ||
| <Tanium Client>/extensions/core/libTaniumPythonCx.so.sig | ||
| <Tanium Client>/extensions/libTaniumDEC.so | ||
| <Tanium Client>/extensions/libTaniumDEC.so.sig | ||
| <Tanium Client>/Downloads/Action_nnn/surge-collect1,2 | ||
| 1,2 | <Tanium Client>/Downloads/Action_nnn/surge.dat | |
| 1 | <Tanium Client>/Downloads/Action_nnn/linpmem-<version>.bin | |
| 1 | <Tanium Client>/Downloads/Action_nnn/taniumfiletransfer | |
| macOS endpoints | <Tanium Client>/TaniumCX | |
| <Tanium Client>/TaniumSensorDebugger | ||
| <Tanium Client>/Tools/EPI/TaniumExecWrapper | ||
| <Tanium Client>/Tools/IR/TaniumExecWrapper | ||
| <Tanium Client>/Tools/EPI/TaniumEndpointIndex | ||
| <Tanium Client>/Tools/Trace/TaniumTraceWebsocketClient | ||
| <Tanium Client>/Tools/Trace/TaniumExecWrapper | ||
| <Tanium Client>/Tools/Detect3/TaniumDetectEngine | ||
| 7.4.x clients | <Tanium Client>/python38/python | |
| <Tanium Client>/libTaniumClientExtensions.dylib | ||
| <Tanium Client>/libTaniumClientExtensions.dylib.sig | ||
| <Tanium Client>/extensions/libTaniumThreatResponse.dylib | ||
| <Tanium Client>/extensions/libTaniumThreatResponse.dylib.sig | ||
| <Tanium Client>/extensions/libTaniumRecorder.dylib | ||
| <Tanium Client>/extensions/libTaniumRecorder.dylib.sig | ||
| <Tanium Client>/extensions/recorder/proc.bin | ||
| <Tanium Client>/extensions/recorder/recorder.db | ||
| <Tanium Client>/extensions/recorder/recorder.db-shm | ||
| <Tanium Client>/extensions/recorder/recorder.db-wal | ||
| <Tanium Client>/extensions/recorder/recorder.auditpipe | ||
| <Tanium Client>/extensions/core/libTaniumPythonCx.dylib | ||
| <Tanium Client>/extensions/core/libTaniumPythonCx.dylib.sig | ||
| <Tanium Client>/extensions/libTaniumDEC.dylib | ||
| <Tanium Client>/extensions/libTaniumDEC.dylib.sig | ||
| 1,2 | <Tanium Client>/Downloads/Action_nnn/surge-collect | |
| 1,2 | <Tanium Client>/Downloads/Action_nnn/surge.dat | |
| 1 | <Tanium Client>/Downloads/Action_nnn/osxpmem.app/osxpmem | |
| 1 | <Tanium Client>/Downloads/Action_nnn/taniumfiletransfer | |
| 1 = Where nnn corresponds to the action ID. 2 = Exception is required if Volexity Surge is used for memory collection. |
||
Trends
| Target Device | Notes | Process |
|---|---|---|
| Module Server | <Tanium Module Server>\services\twsm-v1\twsm.exe | |
| <Tanium Module Server>\services\trends\node_modules\@tanium \postgresql\lib\win32\bin\postgres.exe |
||
| <Tanium Module Server>\services\trends\node_modules\@tanium \postgresql\lib\win32\bin\pg_ctl.exe |
No additional process exclusions are required.
Last updated: 7/14/2020 9:15 AM | Feedback