Host system security exclusions

If security software is implemented in your environment to monitor and block unknown host system processes, Tanium recommends that a security administrator create exclusions to allow Tanium Client processes to run without interference. Tanium also recommends implementing advanced antivirus (AV) software that permits customized and detailed exclusions that typically do not block known Tanium processes. Some AV software might require excluding the installation directories of the Tanium Client and (for Windows deployments) Tanium Core Platform servers from real-time inspection. Typically, configuring trusted exclusions also involves setting a policy to ignore the input and output of Tanium binaries. The configuration of these exclusions varies based on the AV software.

In certain implementations, creating the security exclusions and optimizations described in the following sections might increase the attack vulnerability of a system and might expose devices to various security threats. Using advanced AV software that permits detailed exclusions potentially reduces risk while limiting Tanium performance impacts. Tanium recommends rigorously testing any exclusions or optimizations in a lab environment to thoroughly understand any impact on security and performance before implementation. Tanium also strongly recommends that you involve your AV vendor and security teams in reviewing these guidelines before applying them.

Tanium Core Platform servers do not require host system security exclusions in a Tanium Appliance deployment. Tanium recommends implementing host system security exclusions for Tanium Clients on all operating systems (OSs).

Tanium Client Core Platform folders

If you plan to implement exclusions on a folder-by-folder basis, the following table lists Tanium Client Core Platform folders that Tanium recommends AV and other host-based security applications exclude from real-time scans. Include subfolders of these locations when you create the exception rules.

Whenever a new action runs on a managed endpoint, the Tanium Client adds a subfolder to contain the associated package files. The parent folder is <Tanium Client installation folder>/Downloads and the subfolder is named Action_<ID>, where <ID> is the action identifier. Include the Action_<ID> subfolders when you create exception rules for Tanium Clients.

The listed folder paths are the defaults. If you changed the folder locations to non-default paths, create rules based on the actual locations.

Table 1: Security exclusions for Tanium Client folders
Endpoint OS	Installation folder
Windows 32-bit	\Program Files\Tanium\Tanium Client
Windows 64-bit	\Program Files (x86)\Tanium\Tanium Client
macOS	/Library/Tanium/TaniumClient
Linux, Solaris	/opt/Tanium/TaniumClient

Table 1: Security exclusions for Tanium Core Platform folders
Target Device	OS	Installation folder
¹ Tanium Server	Windows 64-bit	\Program Files\Tanium\Tanium Server
Tanium Module Server	Windows 64-bit	\Program Files\Tanium\Tanium Module Server
Tanium Module Server		\Program Files\Tanium\Tanium Module Postgres
Tanium Zone Server, Zone Server Hub	Windows 64-bit	\Program Files (x86)\Tanium\Tanium ZoneServer
² Tanium Client endpoints	Windows 32-bit	\Program Files\Tanium\Tanium Client
	Windows 64-bit	\Program Files (x86)\Tanium\Tanium Client
	macOS	/Library/Tanium/TaniumClient
	Linux, Solaris, AIX	/opt/Tanium/TaniumClient
¹ You might also choose to exclude the <Tanium Server installation folder>/Downloads subfolder if it was moved out of the installation folder. See Tanium Core Platform Deployment Guide for Windows: Relocate the package file repository. ² For additional folder exclusions that Tanium recommends during Tanium Client installation, see Tanium Client Management User Guide: Security exclusions for Client Management.

Tanium Client Core Platform system processes

The following table lists Tanium Client Core Platform system processes that Tanium recommends allowing (not blocking, quarantining, or otherwise processing). The <Tanium Client> variable indicates the client installation folder. The variables such as <Module Server> indicate the installation folder of the platform servers and Tanium Client.

Table 2: Security exclusions for Tanium Client processes
Endpoint OS	Process
Windows, macOS, Linux	<Tanium Client>/Tools/StdUtils folder or all the files that it contains, including: 7za.exe (Windows only) runasuser.exe (Windows only) runasuser64.exe (Windows only) TaniumExecWrapper.exe (Windows) or TaniumExecWrapper (macOS, Linux) TaniumFileInfo.exe (Windows only) TPowerShell.exe (Windows only) distribute-tools.sh (macOS, Linux only)
Windows	<Tanium Client>\TaniumClient.exe
Windows	<Tanium Client>\TaniumCX.exe
macOS, Linux, Solaris, AIX	<Tanium Client>/TaniumClient
	<Tanium Client>/taniumclient
	<Tanium Client>/TaniumCX

Table 2: Security exclusions for Tanium Core Platform processes
Target Device	OS	Process
Tanium Server	Windows	<Tanium Server>\TaniumReceiver.exe
Tanium Module Server	Windows	<Module Server>\services\comply-service\_new_\src\utils\7z\7za.exe <Module Server>\plugins\console\lib\7za.exe
		<Module Server>\TaniumModuleServer.exe
		<Module Server>\temp\content-management\ContentManagement.exe
		<Module Server>\services\tanium-data-service\TaniumDataService.exe
Tanium Zone Server, Zone Server Hub	Windows	<Zone Server>\TaniumZoneServer.exe
Tanium Zone Server, Zone Server Hub	Windows	<Zone Server Hub>\TaniumZoneServer.exe
Tanium Client endpoints	Windows, macOS, Linux	<Tanium Client>/Tools/StdUtils folder or all the files that it contains, including: 7za.exe (Windows only) runasuser.exe (Windows only) runasuser64.exe (Windows only) TaniumExecWrapper.exe (Windows) or TaniumExecWrapper (macOS, Linux) TaniumFileInfo.exe (Windows only) TPowerShell.exe (Windows only) distribute-tools.sh (macOS, Linux only)
	Windows	<Tanium Client>\TaniumClient.exe
	Windows	<Tanium Client>\TaniumCX.exe
	macOS, Linux, Solaris, AIX	<Tanium Client>/TaniumClient
		<Tanium Client>/taniumclient
		<Tanium Client>/TaniumCX

If you use Microsoft Group Policy Objects (GPO) or other central management tools to manage host firewalls, you might choose to create rules to allow inbound and outbound TCP traffic across port 17472 and port 17486 on any managed endpoints, including the Tanium Server.
If McAfee Host Intrusion Prevention System (HIPS) is running in your environment, Tanium recommends marking the Tanium Client as both Trusted for Firewall and Trusted for IPS, per McAfee KB71704.
The Tanium Client on Windows uses the Windows Update offline scan file, Wsusscn2.cab, to assess computers for installed or missing OS and application security patches. If your endpoint security solutions scan archive files, refer to the Microsoft KB for information on how to configure those tools to interact appropriately with Wsusscn2.cab.

Tanium binary file signers

Some security products base exclusion rules on file signers. Tanium uses an extended validation (EV) code-signing certificate with the following signers for the Tanium-generated binary files of Tanium Core Platform servers, Tanium Clients, and Tanium solutions (modules and shared services). Tanium also uses this certificate to sign VBS and PS1 files within action packages:

Table 3: Tanium binary file signers
Operating system	Signer
Windows	Files are signed by: Subject: jurisdictionC=US/jurisdictionST=Delaware/businessCategory=Private Organization/serialNumber=4332270, C=US, ST=CA, L=Emeryville, O=Tanium Inc., CN=Tanium Inc.
macOS	The following Apple developer ID is used to sign and notarize files: Tanium Inc. (TZTPM3VTUU)

Module Server solution folders

Tanium solutions are installed in subfolders of the Tanium Module Server installation folder. This facilitates any exclusion rules that you create: simply exclude the Module Server installation folder and its subfolders. This applies only to a Module Server installed on Windows infrastructure.

Solution-specific exclusions

The following sections list additional processes, folders, and files on the Module Server (Windows infrastructure only) and Tanium Client (all OSs) that Tanium recommends you configure as exclusions in security software to enable the latest versions of Tanium modules and shared services to work. To view version-specific exclusions for any Tanium solution, see the PDF Archive.

The following sections use variables (such as <Module Server>) to indicate the installation folder of a Tanium Core Platform server or the Tanium Client.The following sections use the <Tanium Client> variable to indicate the client installation folder.

API Gateway
Asset
Blob Service
Client Management
Comply
Connect
Console: The host and network security requirements of the Tanium Core Platform apply to the Tanium Console:
- Tanium Client Core Platform folders
- Tanium Client Core Platform system processes
Deploy
Direct Connect
Discover
Endpoint Configuration
End-User Notifications
Enforce
Feed
Health Check
Impact
Integrity Monitor
Interact: The host and network security requirements of the Tanium Core Platform apply to Interact:
- Tanium Client Core Platform folders
- Tanium Client Core Platform system processes
Map
Patch
Performance
Provision
RDB Service
Reporting
Reputation
Reveal
Risk
Secrets Service
System User Service
Threat Response
Trends

API Gateway

API Gateway security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\gateway-service\TaniumGatewayService.exe

No additional process exclusions are required.

Asset

Asset security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\asset-service\node.exe
		Process	<Module Server>\services\asset-service\node_modules\@tanium\postgresql\lib\win32\bin\postgres.exe
		Process	<Module Server>\services\asset-service\node_modules\@tanium\postgresql\lib\win32\bin\pg_ctl.exe
		Process	<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints	For integration with Flexera	Process	<Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe
	For integration with Flexera	Process	<Tanium Client>\Tools\Asset\TaniumFileEvidence.exe
		File	<Tanium Client>\extensions\TaniumSoftwareManager.dll
		File	<Tanium Client>\extensions\TaniumSoftwareManager.dll.sig
		File	<Tanium Client>\TaniumClientExtensions.dll
		File	<Tanium Client>\TaniumClientExtensions.dll.sig
		File	<Tanium Client>\extensions\SupportCX.dll
		File	<Tanium Client>\extensions\SupportCX.dll.sig
		File	<Tanium Client>\extensions\TaniumConfig.dll
		File	<Tanium Client>\extensions\TaniumConfig.dll.sig
macOS endpoints	For integration with Flexera	Process	<Tanium Client>/Tools/EPI/TaniumEndpointIndex
	For integration with Flexera	Process	<Tanium Client>/Tools/Asset/TaniumFileEvidence
		File	<Tanium Client>/extensions/libTaniumSoftwareManager.dylib
		File	<Tanium Client>/extensions/libTaniumSoftwareManager.dylib.sig
		File	<Tanium Client>/libTaniumClientExtensions.dylib
		File	<Tanium Client>/libTaniumClientExtensions.dylib.sig
		File	<Tanium Client>/extensions/libSupportCX.dylib
		File	<Tanium Client>/extensions/libSupportCX.dylib.sig
		File	<Tanium Client>/extensions/libTaniumConfig.dylib
		File	<Tanium Client>/extensions/libTaniumConfig.dylib.sig
Linux endpoints	For integration with Flexera	Process	<Tanium Client>/Tools/EPI/TaniumEndpointIndex
	For integration with Flexera	Process	<Tanium Client>/Tools/Asset/TaniumFileEvidence
		File	<Tanium Client>/extensions/libTaniumSoftwareManager.so
		File	<Tanium Client>/extensions/libTaniumSoftwareManager.so.sig
		File	<Tanium Client>/libTaniumClientExtensions.so
		File	<Tanium Client>/libTaniumClientExtensions.so.sig
		File	<Tanium Client>/extensions/libSupportCX.so
		File	<Tanium Client>/extensions/libSupportCX.so.sig
		File	<Tanium Client>/extensions/libTaniumConfig.so
		File	<Tanium Client>/extensions/libTaniumConfig.so.sig

Asset security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Windows endpoints	For integration with Flexera	Process	<Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe
	For integration with Flexera	Process	<Tanium Client>\Tools\Asset\TaniumFileEvidence.exe
		File	<Tanium Client>\extensions\TaniumSoftwareManager.dll
		File	<Tanium Client>\extensions\TaniumSoftwareManager.dll.sig
		File	<Tanium Client>\TaniumClientExtensions.dll
		File	<Tanium Client>\TaniumClientExtensions.dll.sig
		File	<Tanium Client>\extensions\SupportCX.dll
		File	<Tanium Client>\extensions\SupportCX.dll.sig
		File	<Tanium Client>\extensions\TaniumConfig.dll
		File	<Tanium Client>\extensions\TaniumConfig.dll.sig
macOS endpoints	For integration with Flexera	Process	<Tanium Client>/Tools/EPI/TaniumEndpointIndex
	For integration with Flexera	Process	<Tanium Client>/Tools/Asset/TaniumFileEvidence
		File	<Tanium Client>/extensions/libTaniumSoftwareManager.dylib
		File	<Tanium Client>/extensions/libTaniumSoftwareManager.dylib.sig
		File	<Tanium Client>/libTaniumClientExtensions.dylib
		File	<Tanium Client>/libTaniumClientExtensions.dylib.sig
		File	<Tanium Client>/extensions/libSupportCX.dylib
		File	<Tanium Client>/extensions/libSupportCX.dylib.sig
		File	<Tanium Client>/extensions/libTaniumConfig.dylib
		File	<Tanium Client>/extensions/libTaniumConfig.dylib.sig
Linux endpoints	For integration with Flexera	Process	<Tanium Client>/Tools/EPI/TaniumEndpointIndex
	For integration with Flexera	Process	<Tanium Client>/Tools/Asset/TaniumFileEvidence
		File	<Tanium Client>/extensions/libTaniumSoftwareManager.so
		File	<Tanium Client>/extensions/libTaniumSoftwareManager.so.sig
		File	<Tanium Client>/libTaniumClientExtensions.so
		File	<Tanium Client>/libTaniumClientExtensions.so.sig
		File	<Tanium Client>/extensions/libSupportCX.so
		File	<Tanium Client>/extensions/libSupportCX.so.sig
		File	<Tanium Client>/extensions/libTaniumConfig.so
		File	<Tanium Client>/extensions/libTaniumConfig.so.sig

Benchmark

Risk security exclusions
Target Device	Exclusion Type	Process
Windows endpoints	Process	<Tanium Client>\TaniumCX.exe
Windows endpoints	File	<Tanium Client>\extensions\TaniumRisk.dll
Linux endpoints	Process	<Tanium Client>/TaniumCX
Linux endpoints	File	<Tanium Client>/libTaniumRisk.so
macOS endpoints	Process	<Tanium Client>/TaniumCX
macOS endpoints	File	<Tanium Client>/libTaniumRisk.dylib

Risk security exclusions
Target Device	Exclusion Type	Process
Windows endpoints	Process	<Tanium Client>\TaniumCX.exe
Windows endpoints	File	<Tanium Client>\extensions\TaniumRisk.dll
Linux endpoints	Process	<Tanium Client>/TaniumCX
Linux endpoints	File	<Tanium Client>/libTaniumRisk.so
macOS endpoints	Process	<Tanium Client>/TaniumCX
macOS endpoints	File	<Tanium Client>/libTaniumRisk.dylib

Blob Service

Blob Service security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\blob-service\TaniumBlobService.exe

No additional process exclusions are recommended.

Client Management

Table 4: Client Management security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\client-management-service\node.exe
		Process	<Module Server>\services\client-profile-service\TaniumClientProfileService.exe
	When Direct Connect is installed	Process	<Module Server>\services\direct-connect-service\TaniumDirectConnectService.exe
	When Discover is installed	Process	<Module Server>\services\discover-service\node.exe
	When Discover is installed	Process	<Module Server>\plugins\content\discover-proxy\proxyplugin.exe
		Process	<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
		Process	<Module Server>\services\twsm-v1\twsm.exe
Zone Server	When Direct Connect is installed	Process	<Tanium Installation Directory>\Tanium Direct Connect Zone Proxy\node.exe
Zone Server	When Direct Connect is installed	Process	<Tanium Installation Directory>\Tanium Direct Connect Zone Proxy\twsm.exe
Windows x86 endpoints	During client installation	Process	\Program Files\Tanium\TaniumClientBootstrap.exe
	During client installation	Process	\Program Files\Tanium\SetupClient.exe
	During client installation	Process	<Tanium Client>\SetupClient.exe
		File	<Tanium Client>\TaniumClientExtensions.dll
		File	<Tanium Client>\TaniumClientExtensions.dll.sig
		Process	<Tanium Client>\TaniumCX.exe
	When Direct Connect is installed	File	<Tanium Client>\extensions\TaniumDEC.dll
	When Direct Connect is installed	File	<Tanium Client>\extensions\TaniumDEC.dll.sig
	When Discover is installed; satellite profiles only	File	<Tanium Client>\extensions\TaniumDiscover.dll
	When Discover is installed; satellite profiles only	File	<Tanium Client>\extensions\TaniumDiscover.dll.sig
	When Discover is installed; satellite profiles only	File	<Tanium Client>\extensions\TaniumExtras.dll
	When Discover is installed; satellite profiles only	File	<Tanium Client>\extensions\TaniumExtras.dll.sig
	When Discover is installed; (Distributed level 3, distributed level 4, and satellite profiles only)	Folder	C:\Program Files\Npcap
	When Discover is installed; (Distributed level 3, distributed level 4, and satellite profiles only)	Process	<Tanium Client>\Tools\Discover\nmap\nmap.exe
Windows x64 endpoints	During client installation	Process	\Program Files (x86)\Tanium\TaniumClientBootstrap.exe
	During client installation	Process	\Program Files (x86)\Tanium\SetupClient.exe
	During client installation	Process	<Tanium Client>\SetupClient.exe
		File	<Tanium Client>\TaniumClientExtensions.dll
		File	<Tanium Client>\TaniumClientExtensions.dll.sig
		Process	<Tanium Client>\TaniumCX.exe
	When Direct Connect is installed	File	<Tanium Client>\extensions\TaniumDEC.dll
	When Direct Connect is installed	File	<Tanium Client>\extensions\TaniumDEC.dll.sig
	When Discover is installed (Satellite profiles only)	File	<Tanium Client>\extensions\TaniumDiscover.dll
	When Discover is installed (Satellite profiles only)	File	<Tanium Client>\extensions\TaniumDiscover.dll.sig
	When Discover is installed (Satellite profiles only)	File	<Tanium Client>\extensions\TaniumExtras.dll
	When Discover is installed (Satellite profiles only)	File	<Tanium Client>\extensions\TaniumExtras.dll.sig
	When Discover is installed (Distributed level 3, distributed level 4, and satellite profiles only)	Folder	C:\Program Files\Npcap
	When Discover is installed (Distributed level 3, distributed level 4, and satellite profiles only)	Process	<Tanium Client>\Tools\Discover\nmap\nmap.exe
macOS endpoints	During client installation	Process	/Library/Tanium/TaniumClientBootstrap
	During client installation	Process	/Library/Tanium/SetupClient
	During client installation	Process	<Tanium Client>/SetupClient
		File	<Tanium Client>/libTaniumClientExtensions.dylib
		File	<Tanium Client>/libTaniumClientExtensions.dylib.sig
		Process	<Tanium Client>/TaniumCX
	When Direct Connect is installed	File	<Tanium Client>/extensions/libTaniumDEC.dylib
	When Direct Connect is installed	File	<Tanium Client>/extensions/libTaniumDEC.dylib.sig
	When Discover is installed (Distributed level 3, distributed level 4, and satellite profiles only)	Process	<Tanium Client>/Tools/Discover/nmap/nmap
	When Discover is installed (Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumDEC.dylib
	When Discover is installed (Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumDEC.dylib.sig
	When Discover is installed (Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumDiscover.dylib
	When Discover is installed (Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumDiscover.dylib.sig
	When Discover is installed (Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumExtras.dylib
	When Discover is installed (Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumExtras.dylib.sig
Linux endpoints	During client installation	Process	/opt/Tanium/TaniumClientBootstrap
	During client installation	Process	/opt/Tanium/SetupClient
	During client installation	Process	<Tanium Client>/SetupClient
		File	<Tanium Client>/libTaniumClientExtensions.so
		File	<Tanium Client>/libTaniumClientExtensions.so.sig
		Process	<Tanium Client>/TaniumCX
	When Direct Connect is installed	File	<Tanium Client>/extensions/libTaniumDEC.so
	When Direct Connect is installed	File	<Tanium Client>/extensions/libTaniumDEC.so.sig
	When Discover is installed; (Distributed level 3, distributed level 4, and satellite profiles only)	Folder	<Tanium Client>/Tools/Discover/nmap/nmap
	When Discover is installed (Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumDiscover.so
	When Discover is installed (Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumDiscover.so.sig
	When Discover is installed (Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumExtras.so
	When Discover is installed (Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumExtras.so.sig
Solaris and AIX endpoints	During client installation	Process	/opt/Tanium/TaniumClientBootstrap
	During client installation	Process	/opt/Tanium/SetupClient
	During client installation	Process	<Tanium Client>/SetupClient

Table 4: Client Management security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Windows x86 endpoints	During client installation	Process	\Program Files\Tanium\TaniumClientBootstrap.exe
	During client installation	Process	\Program Files\Tanium\SetupClient.exe
	During client installation	Process	<Tanium Client>\SetupClient.exe
		File	<Tanium Client>\TaniumClientExtensions.dll
		File	<Tanium Client>\TaniumClientExtensions.dll.sig
		Process	<Tanium Client>\TaniumCX.exe
	When Direct Connect is installed	File	<Tanium Client>\extensions\TaniumDEC.dll
	When Direct Connect is installed	File	<Tanium Client>\extensions\TaniumDEC.dll.sig
	When Discover is installed; satellite profiles only	File	<Tanium Client>\extensions\TaniumDiscover.dll
	When Discover is installed; satellite profiles only	File	<Tanium Client>\extensions\TaniumDiscover.dll.sig
	When Discover is installed; satellite profiles only	File	<Tanium Client>\extensions\TaniumExtras.dll
	When Discover is installed; satellite profiles only	File	<Tanium Client>\extensions\TaniumExtras.dll.sig
	When Discover is installed; (Distributed level 3, distributed level 4, and satellite profiles only)	Folder	C:\Program Files\Npcap
	When Discover is installed; (Distributed level 3, distributed level 4, and satellite profiles only)	Process	<Tanium Client>\Tools\Discover\nmap\nmap.exe
Windows x64 endpoints	During client installation	Process	\Program Files (x86)\Tanium\TaniumClientBootstrap.exe
	During client installation	Process	\Program Files (x86)\Tanium\SetupClient.exe
	During client installation	Process	<Tanium Client>\SetupClient.exe
		File	<Tanium Client>\TaniumClientExtensions.dll
		File	<Tanium Client>\TaniumClientExtensions.dll.sig
		Process	<Tanium Client>\TaniumCX.exe
	When Direct Connect is installed	File	<Tanium Client>\extensions\TaniumDEC.dll
	When Direct Connect is installed	File	<Tanium Client>\extensions\TaniumDEC.dll.sig
	When Discover is installed (Satellite profiles only)	File	<Tanium Client>\extensions\TaniumDiscover.dll
	When Discover is installed (Satellite profiles only)	File	<Tanium Client>\extensions\TaniumDiscover.dll.sig
	When Discover is installed (Satellite profiles only)	File	<Tanium Client>\extensions\TaniumExtras.dll
	When Discover is installed (Satellite profiles only)	File	<Tanium Client>\extensions\TaniumExtras.dll.sig
	When Discover is installed (Distributed level 3, distributed level 4, and satellite profiles only)	Folder	C:\Program Files\Npcap
	When Discover is installed (Distributed level 3, distributed level 4, and satellite profiles only)	Process	<Tanium Client>\Tools\Discover\nmap\nmap.exe
macOS endpoints	During client installation	Process	/Library/Tanium/TaniumClientBootstrap
	During client installation	Process	/Library/Tanium/SetupClient
	During client installation	Process	<Tanium Client>/SetupClient
		File	<Tanium Client>/libTaniumClientExtensions.dylib
		File	<Tanium Client>/libTaniumClientExtensions.dylib.sig
		Process	<Tanium Client>/TaniumCX
	When Direct Connect is installed	File	<Tanium Client>/extensions/libTaniumDEC.dylib
	When Direct Connect is installed	File	<Tanium Client>/extensions/libTaniumDEC.dylib.sig
	When Discover is installed (Distributed level 3, distributed level 4, and satellite profiles only)	Process	<Tanium Client>/Tools/Discover/nmap/nmap
	When Discover is installed (Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumDEC.dylib
	When Discover is installed (Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumDEC.dylib.sig
	When Discover is installed (Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumDiscover.dylib
	When Discover is installed (Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumDiscover.dylib.sig
	When Discover is installed (Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumExtras.dylib
	When Discover is installed (Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumExtras.dylib.sig
Linux endpoints	During client installation	Process	/opt/Tanium/TaniumClientBootstrap
	During client installation	Process	/opt/Tanium/SetupClient
	During client installation	Process	<Tanium Client>/SetupClient
		File	<Tanium Client>/libTaniumClientExtensions.so
		File	<Tanium Client>/libTaniumClientExtensions.so.sig
		Process	<Tanium Client>/TaniumCX
	When Direct Connect is installed	File	<Tanium Client>/extensions/libTaniumDEC.so
	When Direct Connect is installed	File	<Tanium Client>/extensions/libTaniumDEC.so.sig
	When Discover is installed; (Distributed level 3, distributed level 4, and satellite profiles only)	Folder	<Tanium Client>/Tools/Discover/nmap/nmap
	When Discover is installed (Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumDiscover.so
	When Discover is installed (Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumDiscover.so.sig
	When Discover is installed (Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumExtras.so
	When Discover is installed (Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumExtras.so.sig
Solaris and AIX endpoints	During client installation	Process	/opt/Tanium/TaniumClientBootstrap
	During client installation	Process	/opt/Tanium/SetupClient
	During client installation	Process	<Tanium Client>/SetupClient

Comply

Comply security exclusions
Target Device	Exclusion Type	Exclusion
Module Server	Process	<Module Server>\services\comply-service\node.exe
	Process	<Module Server>\services\comply-service\node_modules\ovalindex\build\bin\ovalindex.exe
	Process	<Module Server>\services\comply-service\__new__\src\util\7z\7za.exe
	Process	<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints	Process	<Tanium Client>\TaniumCX.exe
	File	<Tanium Client>\TaniumClientExtensions.dll
	File	<Tanium Client>\TaniumClientExtensions.dll.sig
	File	<Tanium Client>\extensions\TaniumComply.dll
	File	<Tanium Client>\extensions\TaniumComply.dll.sig
	File	<Tanium Client>\extensions\comply\data\comply.db
	File	<Tanium Client>\extensions\comply\data\current-ciscat-config.json
	File	<Tanium Client>\extensions\comply\data\current-intel-config.json
	File	<Tanium Client>\extensions\comply\data\current-java-config.json
	File	<Tanium Client>\extensions\comply\data\current-joval-config.json
	File	<Tanium Client>\extensions\comply\data\current-scan-config.json
	File	<Tanium Client>\extensions\comply\downloads\download.db
	Process	<Tanium Client>\extensions\comply\jre\bin\java.exe
	File	<Tanium Client>\Tools\Comply\run-assessment.vbs
	File	<Tanium Client>\Tools\Comply\delete-assessment.vbs
Linux/macOS/AIX endpoints	Process	<Tanium Client>/TaniumCX
	File	<Tanium Client>/libTaniumClientExtensions.so
	File	<Tanium Client>/libTaniumClientExtensions.so.sig
	File	<Tanium Client>/extensions/libTaniumComply.so
	File	<Tanium Client>/extensions/libTaniumComply.so.sig
	File	<Tanium Client>/extensions/comply/data/comply.db
	File	<Tanium Client>/extensions/comply/data/current-ciscat-config.json
	File	<Tanium Client>/extensions/comply/data/current-intel-config.json
	File	<Tanium Client>/extensions/comply/data/current-java-config.json
	File	<Tanium Client>/extensions/comply/data/current-joval-config.json
	File	<Tanium Client>/extensions/comply/data/current-scan-config.json
	File	<Tanium Client>/extensions/comply/downloads/download.db
	Process	<Tanium Client>/extensions/comply/jre/bin/java
	File	<Tanium Client>/Tools/Comply/run-assessment.sh
	File	<Tanium Client>/Tools/Comply/delete-assessment.sh
Tanium scan engine - all supported endpoints	File	<Tanium Client>/extensions/comply/engines/joval/Joval-Utilities.jar
CIS-CAT engine -all supported endpoints	File	<Tanium Client>/extensions/comply/engines/ciscat/CISCAT.jar
CIS-CAT engine - Linux endpoints only	File	<Tanium Client>/extensions/comply/engines/ciscat/CIS-CAT.sh
CIS-CAT engine -Windows endpoints only	File	<Tanium Client>\extensions\comply\engines\ciscat\CIS-CAT.BAT
SCC engine - Windows endpoints	Process	<Tanium Client>\extensions\comply\engines\scc\cscc.exe
	Process	<Tanium Client>\extensions\comply\engines\scc\cscc32.exe
	Process	<Tanium Client>\extensions\comply\engines\scc\cscc64.exe
	Process	<Tanium Client>\extensions\comply\engines\scc\scc.exe
	Process	<Tanium Client>\extensions\comply\engines\scc\scc32.exe
	Process	<Tanium Client>\extensions\comply\engines\scc\scc64.exe
SCC engine - Linux/macOS endpoints	Process	<Tanium Client>\extensions/comply/engines/scc/cscc
	File	<Tanium Client>\extensions/comply/engines/scc/cscc.bin
	Process	<Tanium Client>\extensions/comply/engines/scc/scc
	File	<Tanium Client>\extensions/comply/engines/scc/scc.bin

Comply security exclusions
Target Device	Exclusion Type	Exclusion
Windows endpoints	Process	<Tanium Client>\TaniumCX.exe
	File	<Tanium Client>\TaniumClientExtensions.dll
	File	<Tanium Client>\TaniumClientExtensions.dll.sig
	File	<Tanium Client>\extensions\TaniumComply.dll
	File	<Tanium Client>\extensions\TaniumComply.dll.sig
	File	<Tanium Client>\extensions\comply\data\comply.db
	File	<Tanium Client>\extensions\comply\data\current-ciscat-config.json
	File	<Tanium Client>\extensions\comply\data\current-intel-config.json
	File	<Tanium Client>\extensions\comply\data\current-java-config.json
	File	<Tanium Client>\extensions\comply\data\current-joval-config.json
	File	<Tanium Client>\extensions\comply\data\current-scan-config.json
	File	<Tanium Client>\extensions\comply\downloads\download.db
	Process	<Tanium Client>\extensions\comply\jre\bin\java.exe
	File	<Tanium Client>\Tools\Comply\run-assessment.vbs
	File	<Tanium Client>\Tools\Comply\delete-assessment.vbs
Linux/macOS/AIX endpoints	Process	<Tanium Client>/TaniumCX
	File	<Tanium Client>/libTaniumClientExtensions.so
	File	<Tanium Client>/libTaniumClientExtensions.so.sig
	File	<Tanium Client>/extensions/libTaniumComply.so
	File	<Tanium Client>/extensions/libTaniumComply.so.sig
	File	<Tanium Client>/extensions/comply/data/comply.db
	File	<Tanium Client>/extensions/comply/data/current-ciscat-config.json
	File	<Tanium Client>/extensions/comply/data/current-intel-config.json
	File	<Tanium Client>/extensions/comply/data/current-java-config.json
	File	<Tanium Client>/extensions/comply/data/current-joval-config.json
	File	<Tanium Client>/extensions/comply/data/current-scan-config.json
	File	<Tanium Client>/extensions/comply/downloads/download.db
	Process	<Tanium Client>/extensions/comply/jre/bin/java
	File	<Tanium Client>/Tools/Comply/run-assessment.sh
	File	<Tanium Client>/Tools/Comply/delete-assessment.sh
Tanium scan engine - all supported endpoints	File	<Tanium Client>/extensions/comply/engines/joval/Joval-Utilities.jar
CIS-CAT engine -all supported endpoints	File	<Tanium Client>/extensions/comply/engines/ciscat/CISCAT.jar
CIS-CAT engine - Linux endpoints only	File	<Tanium Client>/extensions/comply/engines/ciscat/CIS-CAT.sh
CIS-CAT engine -Windows endpoints only	File	<Tanium Client>\extensions\comply\engines\ciscat\CIS-CAT.BAT
SCC engine - Windows endpoints	Process	<Tanium Client>\extensions\comply\engines\scc\cscc.exe
	Process	<Tanium Client>\extensions\comply\engines\scc\cscc32.exe
	Process	<Tanium Client>\extensions\comply\engines\scc\cscc64.exe
	Process	<Tanium Client>\extensions\comply\engines\scc\scc.exe
	Process	<Tanium Client>\extensions\comply\engines\scc\scc32.exe
	Process	<Tanium Client>\extensions\comply\engines\scc\scc64.exe
SCC engine - Linux/macOS endpoints	Process	<Tanium Client>/extensions/comply/engines/scc/cscc
	File	<Tanium Client>/extensions/comply/engines/scc/cscc.bin
	Process	<Tanium Client>/extensions/comply/engines/scc/scc
	File	<Tanium Client>/extensions/comply/engines/scc/scc.bin

Connect

Connect security exclusions
Target Device	Exclusion Type	Exclusion
Module Server	Process	<Module Server>\services\connect-service\node.exe
	Process	<Module Server>\extensions\TaniumSoftwareManager.dll
	Process	<Module Server>\extensions\TaniumSoftwareManager.dll.sig

No additional process exclusions are required.

Criticality

Platform Deployment Reference security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\criticality-service\TaniumCriticalityService.exe

No additional process exclusions are required.

Deploy

For Windows endpoints, review and follow the Microsoft antivirus security exclusion recommendations for enterprise computers. For more information, see Microsoft Support: Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows (KB822158).

Deploy security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\deploy-service\node.exe
Module Server	Required when Endpoint Configuration is installed	Process	<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints	Required only for the Microsoft Windows 10 Upgrade packages	Folder	C:\Deploy\Tanium
		Process	<Tanium Client>\Python38\TPython.exe
		Folder	<Tanium Client>\Python38
		Process	<Tanium Client>\Tools\Deploy\7za.exe
		Process	<Tanium Client>\Tools\SoftwareManagement\7za.exe
		Process	<Tanium Client>\TaniumCX.exe
		File	<Tanium Client>\extensions\TaniumSoftwareManager.dll
		File	<Tanium Client>\extensions\TaniumSoftwareManager.dll.sig
Linux endpoints		Process	<Tanium Client>/python38/python
		Folder	<Tanium Client>/python38
		Process	<Tanium Client>/TaniumCX
		File	<Tanium Client>/Tools/SoftwareManagement/data/software-management.db
		File	<Tanium Client>/Tools/SoftwareManagement/data/software-management.db-wal
		File	<Tanium Client>/Tools/SoftwareManagement/data/software-management.db-shm
		File	<Tanium Client>/extensions/libTaniumSoftwareManager.so
		File	<Tanium Client>/extensions/libTaniumSoftwareManager.so.sig
macOS endpoints		Process	<Tanium Client>/python38/python
		Folder	<Tanium Client>/python38
		Process	<Tanium Client>/TaniumCX
		File	<Tanium Client>/extensions/libTaniumSoftwareManager.dylib
		File	<Tanium Client>/extensions/libTaniumSoftwareManager.dylib.sig

Deploy security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Windows endpoints	Required only for the Microsoft Windows 10 Upgrade packages	Folder	C:\Deploy\Tanium
		Process	<Tanium Client>\Python38\TPython.exe
		Folder	<Tanium Client>\Python38
		Process	<Tanium Client>\Tools\Deploy\7za.exe
		Process	<Tanium Client>\Tools\SoftwareManagement\7za.exe
		Process	<Tanium Client>\TaniumCX.exe
		File	<Tanium Client>\extensions\TaniumSoftwareManager.dll
		File	<Tanium Client>\extensions\TaniumSoftwareManager.dll.sig
Linux endpoints		Process	<Tanium Client>/python38/python
		Folder	<Tanium Client>/python38
		Process	<Tanium Client>/TaniumCX
		File	<Tanium Client>/Tools/SoftwareManagement/data/software-management.db
		File	<Tanium Client>/Tools/SoftwareManagement/data/software-management.db-wal
		File	<Tanium Client>/Tools/SoftwareManagement/data/software-management.db-shm
		File	<Tanium Client>/extensions/libTaniumSoftwareManager.so
		File	<Tanium Client>/extensions/libTaniumSoftwareManager.so.sig
macOS endpoints		Process	<Tanium Client>/python38/python
		Folder	<Tanium Client>/python38
		Process	<Tanium Client>/TaniumCX
		File	<Tanium Client>/extensions/libTaniumSoftwareManager.dylib
		File	<Tanium Client>/extensions/libTaniumSoftwareManager.dylib.sig

Direct Connect

Direct Connect security exclusions
Target Device	Exclusion Type	Exclusion
Module Server	Process	<Module Server>\services\direct-connect-service\TaniumDirectConnectService.exe
Module Server	Process	<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Zone Server	Process	<Tanium Installation Directory>\Tanium Direct Connect Zone Proxy\node.exe
Zone Server	Process	<Tanium Installation Directory>\Tanium Direct Connect Zone Proxy\twsm.exe
Windows endpoints	File	<Tanium Client>\TaniumClientExtensions.dll
	File	<Tanium Client>\TaniumClientExtensions.dll.sig
	File	<Tanium Client>\extensions\TaniumDEC.dll
	File	<Tanium Client>\extensions\TaniumDEC.dll.sig
	Process	<Tanium Client>\TaniumCX.exe
macOS endpoints	File	<Tanium Client>/libTaniumClientExtensions.dylib
	File	<Tanium Client>/libTaniumClientExtensions.dylib.sig
	File	<Tanium Client>/extensions/libTaniumDEC.dylib
	File	<Tanium Client>/extensions/libTaniumDEC.dylib.sig
	Process	<Tanium Client>/TaniumCX
Linux endpoints	File	<Tanium Client>/libTaniumClientExtensions.so
	File	<Tanium Client>/libTaniumClientExtensions.so.sig
	File	<Tanium Client>/extensions/libTaniumDEC.so
	File	<Tanium Client>/extensions/libTaniumDEC.so.sig
	Process	<Tanium Client>/TaniumCX

Direct Connect security exclusions
Target Device	Exclusion Type	Exclusion
Windows endpoints	File	<Tanium Client>\TaniumClientExtensions.dll
	File	<Tanium Client>\TaniumClientExtensions.dll.sig
	File	<Tanium Client>\extensions\TaniumDEC.dll
	File	<Tanium Client>\extensions\TaniumDEC.dll.sig
	Process	<Tanium Client>\TaniumCX.exe
macOS endpoints	File	<Tanium Client>/libTaniumClientExtensions.dylib
	File	<Tanium Client>/libTaniumClientExtensions.dylib.sig
	File	<Tanium Client>/extensions/libTaniumDEC.dylib
	File	<Tanium Client>/extensions/libTaniumDEC.dylib.sig
	Process	<Tanium Client>/TaniumCX
Linux endpoints	File	<Tanium Client>/libTaniumClientExtensions.so
	File	<Tanium Client>/libTaniumClientExtensions.so.sig
	File	<Tanium Client>/extensions/libTaniumDEC.so
	File	<Tanium Client>/extensions/libTaniumDEC.so.sig
	Process	<Tanium Client>/TaniumCX

Discover

Discover security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\discover-service\node.exe
		Process	<Module Server>\plugins\content\discover-proxy\proxyplugin.exe
		Process	<Module Server>\services\twsm-v1\twsm.exe
		Process	<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints		Process	<Tanium Client>\TaniumCX.exe
		File	<Tanium Client>\TaniumClientExtensions.dll
		File	<Tanium Client>\TaniumClientExtensions.dll.sig
		File	<Tanium Client>\extensions\SupportCX.dll
		File	<Tanium Client>\extensions\SupportCX.dll.sig
		File	<Tanium Client>\extensions\TaniumConfig.dll
		File	<Tanium Client>\extensions\TaniumConfig.dll.sig
		File	<Tanium Client>\extensions\discover\data\discover.db
		File	<Tanium Client>\extensions\discover\data\discover.db-wal
		File	<Tanium Client>\extensions\discover\data\discover.db-shm
	(Distributed level 3, distributed level 4, and satellite profiles only)	Folder	C:\Program Files\Npcap
	(Distributed level 3, distributed level 4, and satellite profiles only)	Process	<Tanium Client>\Tools\Discover\nmap\nmap.exe
	(When Direct Connect is installed; satellite profiles only)	File	<Tanium Client>\extensions\TaniumDEC.dll
	(When Direct Connect is installed; satellite profiles only)	File	<Tanium Client>\extensions\TaniumDEC.dll.sig
	(Satellite profiles only)	File	<Tanium Client>\extensions\TaniumDiscover.dll
	(Satellite profiles only)	File	<Tanium Client>\extensions\TaniumDiscover.dll.sig
	(Satellite profiles only)	File	<Tanium Client>\extensions\TaniumExtras.dll
	(Satellite profiles only)	File	<Tanium Client>\extensions\TaniumExtras.dll.sig
	7.4.x clients	Folder	<Tanium Client>\python38
	7.4.x clients¹	Process	<Tanium Client>\python38\TPython.exe
Linux endpoints		Process	<Tanium Client>/TaniumCX
		File	<Tanium Client>/libTaniumClientExtensions.so
		File	<Tanium Client>/libTaniumClientExtensions.so.sig
		File	<Tanium Client>/extensions/libSupportCX.so
		File	<Tanium Client>/extensions/libSupportCX.so.sig
		File	<Tanium Client>/extensions/libTaniumConfig.so
		File	<Tanium Client>/extensions/libTaniumConfig.so.sig
		File	<Tanium Client>/extensions/discover/data/discover.db
		File	<Tanium Client>/extensions/discover/data/discover.db-wal
		File	<Tanium Client>/extensions/discover/data/discover.db-shm
	(Distributed level 3, distributed level 4, and satellite profiles only)	Process	<Tanium Client>/Tools/Discover/nmap/nmap
	(When Direct Connect is installed; satellite profiles only)	File	<Tanium Client>/extensions/libTaniumDEC.so
	(When Direct Connect is installed; satellite profiles only)	File	<Tanium Client>/extensions/libTaniumDEC.so.sig
	(Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumDiscover.so
	(Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumDiscover.so.sig
	(Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumExtras.so
	(Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumExtras.so.sig
	7.4.x clients	Folder	<Tanium Client>/python38
	7.4.x clients	Process	<Tanium Client>/python38/python
macOS endpoints		Process	<Tanium Client>/TaniumCX
		File	<Tanium Client>/libTaniumClientExtensions.dylib
		File	<Tanium Client>/libTaniumClientExtensions.dylib.sig
		File	<Tanium Client>/extensions/libSupportCX.dylib
		File	<Tanium Client>/extensions/libSupportCX.dylib.sig
		File	<Tanium Client>/extensions/libTaniumConfig.dylib
		File	<Tanium Client>/extensions/libTaniumConfig.dylib.sig
		File	<Tanium Client>/extensions/discover/data/discover.db
		File	<Tanium Client>/extensions/discover/data/discover.db-wal
		File	<Tanium Client>/extensions/discover/data/discover.db-shm
	(Distributed level 3, distributed level 4, and satellite profiles only)	Process	<Tanium Client>/Tools/Discover/nmap/nmap
	(When Direct Connect is installed; satellite profiles only)	File	<Tanium Client>/extensions/libTaniumDEC.dylib
	(When Direct Connect is installed; satellite profiles only)	File	<Tanium Client>/extensions/libTaniumDEC.dylib.sig
	(Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumDiscover.dylib
	(Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumDiscover.dylib.sig
	(Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumExtras.dylib
	(Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumExtras.dylib.sig
	7.4.x clients	Folder	<Tanium Client>/python38
	7.4.x clients	Process	<Tanium Client>/python38/python
¹ = TPython requires SHA2 support to allow installation.

Discover security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Windows endpoints		Process	<Tanium Client>\TaniumCX.exe
		File	<Tanium Client>\TaniumClientExtensions.dll
		File	<Tanium Client>\TaniumClientExtensions.dll.sig
		File	<Tanium Client>\extensions\SupportCX.dll
		File	<Tanium Client>\extensions\SupportCX.dll.sig
		File	<Tanium Client>\extensions\TaniumConfig.dll
		File	<Tanium Client>\extensions\TaniumConfig.dll.sig
		File	<Tanium Client>\extensions\discover\data\discover.db
		File	<Tanium Client>\extensions\discover\data\discover.db-wal
		File	<Tanium Client>\extensions\discover\data\discover.db-shm
	(Distributed level 3, distributed level 4, and satellite profiles only)	Folder	C:\Program Files\Npcap
	(Distributed level 3, distributed level 4, and satellite profiles only)	Process	<Tanium Client>\Tools\Discover\nmap\nmap.exe
	(When Direct Connect is installed; satellite profiles only)	File	<Tanium Client>\extensions\TaniumDEC.dll
	(When Direct Connect is installed; satellite profiles only)	File	<Tanium Client>\extensions\TaniumDEC.dll.sig
	(Satellite profiles only)	File	<Tanium Client>\extensions\TaniumDiscover.dll
	(Satellite profiles only)	File	<Tanium Client>\extensions\TaniumDiscover.dll.sig
	(Satellite profiles only)	File	<Tanium Client>\extensions\TaniumExtras.dll
	(Satellite profiles only)	File	<Tanium Client>\extensions\TaniumExtras.dll.sig
	7.4.x clients	Folder	<Tanium Client>\python38
	7.4.x clients¹	Process	<Tanium Client>\python38\TPython.exe
Linux endpoints		Process	<Tanium Client>/TaniumCX
		File	<Tanium Client>/libTaniumClientExtensions.so
		File	<Tanium Client>/libTaniumClientExtensions.so.sig
		File	<Tanium Client>/extensions/libSupportCX.so
		File	<Tanium Client>/extensions/libSupportCX.so.sig
		File	<Tanium Client>/extensions/libTaniumConfig.so
		File	<Tanium Client>/extensions/libTaniumConfig.so.sig
		File	<Tanium Client>/extensions/discover/data/discover.db
		File	<Tanium Client>/extensions/discover/data/discover.db-wal
		File	<Tanium Client>/extensions/discover/data/discover.db-shm
	(Distributed level 3, distributed level 4, and satellite profiles only)	Process	<Tanium Client>/Tools/Discover/nmap/nmap
	(When Direct Connect is installed; satellite profiles only)	File	<Tanium Client>/extensions/libTaniumDEC.so
	(When Direct Connect is installed; satellite profiles only)	File	<Tanium Client>/extensions/libTaniumDEC.so.sig
	(Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumDiscover.so
	(Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumDiscover.so.sig
	(Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumExtras.so
	(Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumExtras.so.sig
	7.4.x clients	Folder	<Tanium Client>/python38
	7.4.x clients	Process	<Tanium Client>/python38/python
macOS endpoints		Process	<Tanium Client>/TaniumCX
		File	<Tanium Client>/libTaniumClientExtensions.dylib
		File	<Tanium Client>/libTaniumClientExtensions.dylib.sig
		File	<Tanium Client>/extensions/libSupportCX.dylib
		File	<Tanium Client>/extensions/libSupportCX.dylib.sig
		File	<Tanium Client>/extensions/libTaniumConfig.dylib
		File	<Tanium Client>/extensions/libTaniumConfig.dylib.sig
		File	<Tanium Client>/extensions/discover/data/discover.db
		File	<Tanium Client>/extensions/discover/data/discover.db-wal
		File	<Tanium Client>/extensions/discover/data/discover.db-shm
	(Distributed level 3, distributed level 4, and satellite profiles only)	Process	<Tanium Client>/Tools/Discover/nmap/nmap
	(When Direct Connect is installed; satellite profiles only)	File	<Tanium Client>/extensions/libTaniumDEC.dylib
	(When Direct Connect is installed; satellite profiles only)	File	<Tanium Client>/extensions/libTaniumDEC.dylib.sig
	(Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumDiscover.dylib
	(Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumDiscover.dylib.sig
	(Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumExtras.dylib
	(Satellite profiles only)	File	<Tanium Client>/extensions/libTaniumExtras.dylib.sig
	7.4.x clients	Folder	<Tanium Client>/python38
	7.4.x clients	Process	<Tanium Client>/python38/python
¹ = TPython requires SHA2 support to allow installation.

Endpoint Configuration

No additional process exclusions are recommended.

Endpoint Configuration security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe

End-User Notifications

End-User Notifications security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server	Required when Endpoint Configuration is installed	Process	<Module Server>\temp\endpoint-configuration-service\TaniumEndpointConfigService.exe
		Process	<Module Server>\services\end-user-notifications-service\node.exe
		Process	<Module Server>\services\twsm-v1\twsm.exe
Windows endpoints	7.2.x clients	Process	<Tanium Client>\Python27\TPython.exe
	7.4.x clients	Process	<Tanium Client>\Python38\TPython.exe
	64-bit OS versions	Process	%programfiles(x86)%\Tanium\Tanium End User Notification Tools\UserSessionProxy.exe
	32-bit OS versions	Process	%programfiles%\Tanium\Tanium End User Notification Tools\UserSessionProxy.exe
	64-bit OS versions	Process	%programfiles(x86)%\Tanium\Tanium End User Notification Tools\bin\end-user-notifications.exe
	32-bit OS versions	Process	%programfiles%\Tanium\Tanium End User Notification Tools\bin\end-user-notifications.exe
	exclude from on-access or real-time scans (64-bit OS versions)	Folder	%programfiles(x86)%\Tanium\Tanium End User Notification Tools
	exclude from on-access or real-time scans (32-bit OS versions)	Folder	%programfiles%\Tanium\Tanium End User Notification Tools
		Folder	%programdata%\Tanium
macOS endpoints	7.2.x clients	Process	<Tanium Client>/python27/bin/pybin
	7.4.x clients	Process	<Tanium Client>/python38/bin/pybin
		Process	/Library/Tanium/EndUserNotifications/bin/end-user-notifications.app
		Folder	/Library/Tanium/EndUserNotifications

End-User Notifications security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Windows endpoints	7.4.x clients	Process	<Tanium Client>\Python38\TPython.exe
	64-bit OS versions	Process	%programfiles(x86)%\Tanium\Tanium End User Notification Tools\UserSessionProxy.exe
	32-bit OS versions	Process	%programfiles%\Tanium\Tanium End User Notification Tools\UserSessionProxy.exe
	64-bit OS versions	Process	%programfiles(x86)%\Tanium\Tanium End User Notification Tools\bin\end-user-notifications.exe
	32-bit OS versions	Process	%programfiles%\Tanium\Tanium End User Notification Tools\bin\end-user-notifications.exe
	exclude from on-access or real-time scans (64-bit OS versions)	Folder	%programfiles(x86)%\Tanium\Tanium End User Notification Tools
	exclude from on-access or real-time scans (32-bit OS versions)	Folder	%programfiles%\Tanium\Tanium End User Notification Tools
		Folder	%programdata%\Tanium
macOS endpoints	7.4.x clients	Process	<Tanium Client>/python38/bin/pybin
		Process	/Library/Tanium/EndUserNotifications/bin/end-user-notifications.app
		Folder	/Library/Tanium/EndUserNotifications

Enforce

Enforce security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\enforce-service\node.exe
Windows x86 endpoints		Process	<Tanium Client>\Tools\StdUtils\7za.exe
		Process	<Tanium Client>\Tools\Enforce\devcon32.exe
		Process	<Tanium Client>\Tools\Enforce\LocalPolicyTool.exe
	7.4.x clients 7.2.x clients	Process	<Tanium Client>\Python38\TPython.exe
	7.4.x clients 7.2.x clients	Folder	<Tanium Client>\Python38
		Process	<Tanium Client>\TaniumClient.exe
		Process	<Tanium Client>\TaniumCX.exe
Windows x64 endpoints		Process	<Tanium Client>\Tools\StdUtils\7za.exe
		Process	<Tanium Client>\Tools\Enforce\devcon64.exe
		Process	<Tanium Client>\Tools\Enforce\LocalPolicyTool.exe
	7.4.x clients 7.2.x clients	Process	<Tanium Client>\Python38\TPython.exe
	7.4.x clients 7.2.x clients	Folder	<Tanium Client>\Python38
		Process	<Tanium Client>\TaniumClient.exe
		Process	<Tanium Client>\TaniumCX.exe
macOS and Linux x86 and x64 endpoints	7.4.x clients 7.2.x clients	Process	<Tanium Client>/python38/python
	7.4.x clients 7.2.x clients	Folder	<Tanium Client>/python38
		Process	<Tanium Client>/python38/bin/pybin
		Process	<Tanium Client>/TaniumClient
		Process	<Tanium Client>/TaniumCX
Zone Server		Process	<Tanium Installation Directory>\Tanium Direct Connect Zone Proxy\node.exe
Zone Server		Process	<Tanium Installation Directory>\Tanium Direct Connect Zone Proxy\twsm.exe

Feed

Feed security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\feed-service\TaniumFeedService.exe

No additional process exclusions are required.

Health Check

Health Check security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\health-service\node.exe
Module Server		Process	<Module Server>\services\health-service\twsm.exe

Impact

Impact security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\impact-service\TaniumImpactService.exe
Module Server		Process	<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints		Process	<Tanium Client>\Python38\TPython.exe
		Folder	<Tanium Client>\Python38
		Process	<Tanium Client>\TaniumCX.exe
		Process	<Tanium Client>\TaniumClientExtensions.dll
		Process	<Tanium Client>\TaniumClientExtensions.dll.sig
	When Direct Connect is installed; satellite synch only	Process	<Tanium Client>\extensions\TaniumDEC.dll
	When Direct Connect is installed; satellite synch only	Process	<Tanium Client>\extensions\TaniumDEC.dll.sig

Impact security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Windows endpoints		Process	<Tanium Client>\Python38\TPython.exe
		Folder	<Tanium Client>\Python38
		Process	<Tanium Client>\TaniumCX.exe
		Process	<Tanium Client>\TaniumClientExtensions.dll
		Process	<Tanium Client>\TaniumClientExtensions.dll.sig
	When Direct Connect is installed; satellite synch only	Process	<Tanium Client>\extensions\TaniumDEC.dll
	When Direct Connect is installed; satellite synch only	Process	<Tanium Client>\extensions\TaniumDEC.dll.sig

Integrity Monitor

Integrity Monitor security exclusions
Target Device	Exclusion Type	Process
Tanium Module Server	Process	<Module Server>\services\integrity-monitor-service\node.exe
Tanium Module Server	Process	<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows x86 and x64 endpoints	File	<Tanium Client>\extensions\TaniumIndex.dll
	File	<Tanium Client>\extensions\TaniumIndex.dll.sig
	File	<Tanium Client>\extensions\TaniumIntegrityMonitor.dll
	File	<Tanium Client>\extensions\TaniumIntegrityMonitor.dll.sig
	File	<Tanium Client>\extensions\TaniumRecorder.dll
	File	<Tanium Client>\extensions\TaniumRecorder.dll.sig
	File	<Tanium Client>\extensions\recorder\proc.bin
	File	<Tanium Client>\extensions\recorder\recorder.db
	File	<Tanium Client>\extensions\recorder\recorder.db-shm
	File	<Tanium Client>\extensions\recorder\recorder.db-wal
	File	<Tanium Client>\TaniumClientExtensions.dll
	File	<Tanium Client>\TaniumClientExtensions.dll.sig
	Process	<Tanium Client>\TaniumCX.exe
	Folder	<Tanium Client>\extensions\index
	Folder	<Tanium Client>\extensions\integrity-monitor
Linux x86 and x64 endpoints	Process	<Tanium Client>/extensions/recorder/TaniumAuditPipe
	File	<Tanium Client>/libTaniumClientExtensions.so
	File	<Tanium Client>/libTaniumClientExtensions.so.sig
	File	<Tanium Client>/extensions/libTaniumIndex.so
	File	<Tanium Client>/extensions/libTaniumIndex.so.sig
	File	<Tanium Client>/extensions/libTaniumIntegrityMonitor.so
	File	<Tanium Client>/extensions/libTaniumIntegrityMonitor.so.sig
	File	<Tanium Client>/extensions/libTaniumRecorder.so
	File	<Tanium Client>/extensions/libTaniumRecorder.so.sig
	File	<Tanium Client>/extensions/recorder/proc.bin
	File	<Tanium Client>/extensions/recorder/recorder.db
	File	<Tanium Client>/extensions/recorder/recorder.db-shm
	File	<Tanium Client>/extensions/recorder/recorder.db-wal
	File	<Tanium Client>/extensions/recorder/recorder.auditpipe
	Process	<Tanium Client>/TaniumCX
	Folder	<Tanium Client>/extensions/index
	Folder	<Tanium Client>/extensions/integrity-monitor

Integrity Monitor security exclusions
Target Device	Exclusion Type	Process
Windows x86 and x64 endpoints	File	<Tanium Client>\extensions\TaniumIndex.dll
	File	<Tanium Client>\extensions\TaniumIndex.dll.sig
	File	<Tanium Client>\extensions\TaniumIntegrityMonitor.dll
	File	<Tanium Client>\extensions\TaniumIntegrityMonitor.dll.sig
	File	<Tanium Client>\extensions\TaniumRecorder.dll
	File	<Tanium Client>\extensions\TaniumRecorder.dll.sig
	File	<Tanium Client>\extensions\recorder\proc.bin
	File	<Tanium Client>\extensions\recorder\recorder.db
	File	<Tanium Client>\extensions\recorder\recorder.db-shm
	File	<Tanium Client>\extensions\recorder\recorder.db-wal
	File	<Tanium Client>\TaniumClientExtensions.dll
	File	<Tanium Client>\TaniumClientExtensions.dll.sig
	Process	<Tanium Client>\TaniumCX.exe
	Folder	<Tanium Client>\extensions\index
	Folder	<Tanium Client>\extensions\integrity-monitor
Linux x86 and x64 endpoints	Process	<Tanium Client>/extensions/recorder/TaniumAuditPipe
	File	<Tanium Client>/libTaniumClientExtensions.so
	File	<Tanium Client>/libTaniumClientExtensions.so.sig
	File	<Tanium Client>/extensions/libTaniumIndex.so
	File	<Tanium Client>/extensions/libTaniumIndex.so.sig
	File	<Tanium Client>/extensions/libTaniumIntegrityMonitor.so
	File	<Tanium Client>/extensions/libTaniumIntegrityMonitor.so.sig
	File	<Tanium Client>/extensions/libTaniumRecorder.so
	File	<Tanium Client>/extensions/libTaniumRecorder.so.sig
	File	<Tanium Client>/extensions/recorder/proc.bin
	File	<Tanium Client>/extensions/recorder/recorder.db
	File	<Tanium Client>/extensions/recorder/recorder.db-shm
	File	<Tanium Client>/extensions/recorder/recorder.db-wal
	File	<Tanium Client>/extensions/recorder/recorder.auditpipe
	Process	<Tanium Client>/TaniumCX
	Folder	<Tanium Client>/extensions/index
	Folder	<Tanium Client>/extensions/integrity-monitor

Map

Map security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\map-service\node.exe
		Process	<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
		Process	<Module Server>\services\map-service\node_modules\@tanium\postgresql\lib\win32\bin\postgres.exe
		Process	<Module Server>\services\map-service\node_modules\@tanium\postgresql\lib\win32\bin\pg_ctl.exe
Windows endpoints		File	<Tanium Client>\extensions\core\TaniumPythonCX.dll
		File	<Tanium Client>\extensions\core\TaniumPythonCX.dll.sig
		File	<Tanium Client>\extensions\mapcx\py\cx_entry.py
		File	<Tanium Client>\extensions\mapcx\data\map.db
		File	<Tanium Client>\extensions\TaniumRecorder.dll
		File	<Tanium Client>\extensions\TaniumRecorder.dll.sig
		File	<Tanium Client>\TaniumClientExtensions.dll
		File	<Tanium Client>\TaniumClientExtensions.dll.sig
		Process	<Tanium Client>\TaniumCX.exe
	7.2.x clients	Process	<Tanium Client>\Python27\TPython.exe
	7.2.x clients	Folder	<Tanium Client>\Python27
	7.4.x clients	Process	<Tanium Client>\Python38\TPython.exe
	7.4.x clients	Folder	<Tanium Client>\Python38
Linux endpoints		File	<Tanium Client>/extensions/core/TaniumPythonCX.so
		File	<Tanium Client>/extensions/core/TaniumPythonCX.so.sig
		File	<Tanium Client>/extensions/mapcx/py/cx_entry.py
		File	<Tanium Client>/extensions/mapcx/data/map.db
		File	<Tanium Client>/extensions/libTaniumRecorder.so
		File	<Tanium Client>/extensions/libTaniumRecorder.so.sig
		File	<Tanium Client>/TaniumClientExtensions.so
		File	<Tanium Client>/TaniumClientExtensions.so.sig
		Process	<Tanium Client>/TaniumCX
	7.2.x clients	Process	<Tanium Client>/python27/bin/pybin
	7.2.x clients	Folder	<Tanium Client>/python27
	7.4.x clients	Process	<Tanium Client>/python38/python
	7.4.x clients	Folder	<Tanium Client>/python38
macOS endpoints		File	<Tanium Client>/extensions/core/TaniumPythonCX.dylib
		File	<Tanium Client>/extensions/core/TaniumPythonCX.dylib.sig
		File	<Tanium Client>/extensions/mapcx/py/cx_entry.py
		File	<Tanium Client>/extensions/mapcx/data/map.db
		File	<Tanium Client>/extensions/libTaniumRecorder.dylib
		File	<Tanium Client>/extensions/libTaniumRecorder.dylib.sig
		File	<Tanium Client>/TaniumClientExtensions.dylib
		File	<Tanium Client>/TaniumClientExtensions.dylib.sig
		Process	<Tanium Client>/TaniumCX
	7.2.x clients	Process	<Tanium Client>/python27/python
	7.2.x clients	Folder	<Tanium Client>/python27
	7.4.x clients	Process	<Tanium Client>/python38/python
	7.4.x clients	Folder	<Tanium Client>/python38

Map security exclusions
Target Device	Notes	Exclusion Type	Process
Windows endpoints		File	<Tanium Client>\extensions\core\TaniumPythonCX.dll
		File	<Tanium Client>\extensions\core\TaniumPythonCX.dll.sig
		File	<Tanium Client>\extensions\mapcx\py\cx_entry.py
		File	<Tanium Client>\extensions\mapcx\data\map.db
		File	<Tanium Client>\extensions\TaniumRecorder.dll
		File	<Tanium Client>\extensions\TaniumRecorder.dll.sig
		File	<Tanium Client>\TaniumClientExtensions.dll
		File	<Tanium Client>\TaniumClientExtensions.dll.sig
		Process	<Tanium Client>\TaniumCX.exe
	7.2.x clients	Process	<Tanium Client>\Python27\TPython.exe
	7.2.x clients	Folder	<Tanium Client>\Python27
	7.4.x clients	Process	<Tanium Client>\Python38\TPython.exe
	7.4.x clients	Folder	<Tanium Client>\Python38
Linux endpoints		File	<Tanium Client>/extensions/core/TaniumPythonCX.so
		File	<Tanium Client>/extensions/core/TaniumPythonCX.so.sig
		File	<Tanium Client>/extensions/mapcx/py/cx_entry.py
		File	<Tanium Client>/extensions/mapcx/data/map.db
		File	<Tanium Client>/extensions/libTaniumRecorder.so
		File	<Tanium Client>/extensions/libTaniumRecorder.so.sig
		File	<Tanium Client>/TaniumClientExtensions.so
		File	<Tanium Client>/TaniumClientExtensions.so.sig
		Process	<Tanium Client>/TaniumCX
	7.2.x clients	Process	<Tanium Client>/python27/bin/pybin
	7.2.x clients	Folder	<Tanium Client>/python27
	7.4.x clients	Process	<Tanium Client>/python38/python
	7.4.x clients	Folder	<Tanium Client>/python38
macOS endpoints		File	<Tanium Client>/extensions/core/TaniumPythonCX.dylib
		File	<Tanium Client>/extensions/core/TaniumPythonCX.dylib.sig
		File	<Tanium Client>/extensions/mapcx/py/cx_entry.py
		File	<Tanium Client>/extensions/mapcx/data/map.db
		File	<Tanium Client>/extensions/libTaniumRecorder.dylib
		File	<Tanium Client>/extensions/libTaniumRecorder.dylib.sig
		File	<Tanium Client>/TaniumClientExtensions.dylib
		File	<Tanium Client>/TaniumClientExtensions.dylib.sig
		Process	<Tanium Client>/TaniumCX
	7.2.x clients	Process	<Tanium Client>/python27/python
	7.2.x clients	Folder	<Tanium Client>/python27
	7.4.x clients	Process	<Tanium Client>/python38/python
	7.4.x clients	Folder	<Tanium Client>/python38

Patch

Patch security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\patch-service\node.exe
Module Server	required when Endpoint Configuration is installed	Process	<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints		Process	<Tanium Client>\TaniumCX.exe
		FIle	<Tanium Client>\TaniumClientExtensions.dll
		File	<Tanium Client>\TaniumClientExtensions.dll.sig
		File	<Tanium Client>\Patch\tanium-patch.min.vbs
		File	<Tanium Client>\Patch\scans\Wsusscn2.cab
		Process	<Tanium Client>\Patch\tools\active-user-sessions.exe
		File	<Tanium Client>\Patch\tools\run-patch-manager.min.vbs
		Process	<Tanium Client>\Patch\tools\TaniumExecWrapper.exe
		Process	<Tanium Client>\Patch\tools\TaniumFileInfo.exe
		Process	<Tanium Client>\Patch\tools\TaniumUpdateSearcher.exe
	7.2.x clients	Process	<Tanium Client>\Python27\TPython.exe
	7.2.x clients	Folder	<Tanium Client>\Python27
	7.4.x clients	Process	<Tanium Client>\Python38\TPython.exe
	7.4.x clients	Folder	<Tanium Client>\Python38
		Process	<Tanium Client>\Tools\Patch\7za.exe
		Process	<Tanium Client>\Patch\tools\TaniumExecWrapper.exe
		File	<Tanium Client>\extensions\TaniumSoftwareManager.dll
		File	<Tanium Client>\extensions\TaniumSoftwareManager.dll.sig
	exclude from on-access or real-time scans	Folder	<Tanium Client>
Linux endpoints		File	<Tanium Client>/libTaniumClientExtensions.so
		File	<Tanium Client>/libTaniumClientExtensions.so.sig
	7.2.x clients	Process	<Tanium Client>/python27/bin/pybin
		Process	<Tanium Client>/python27/python
		Folder	<Tanium Client>/python27
	7.4.x clients	Process	<Tanium Client>/python38/bin/pybin
		Process	<Tanium Client>/python38/python
		Folder	<Tanium Client>/python38
		File	<Tanium Client>/extensions/libTaniumSoftwareManager.so
		File	<Tanium Client>/extensions/libTaniumSoftwareManager.so.sig
macOS endpoints		File	<Tanium Client>/libTaniumClientExtensions.so
		File	<Tanium Client>/libTaniumClientExtensions.so.sig
	7.2.x clients	Process	<Tanium Client>/python27/bin/pybin
		Process	<Tanium Client>/python27/python
		Folder	<Tanium Client>/python27
	7.4.x clients	Process	<Tanium Client>/python38/bin/pybin
		Process	<Tanium Client>/python38/python
		Folder	<Tanium Client>/python38
		File	<Tanium Client>/extensions/libTaniumSoftwareManager.dylib
		File	<Tanium Client>/extensions/libTaniumSoftwareManager.dylib.sig

Patch security exclusions
Target device	Notes	Exclusion Type	Exclusion
Windows endpoints		Process	<Tanium Client>\TaniumCX.exe
		File	<Tanium Client>\TaniumClientExtensions.dll
		File	<Tanium Client>\TaniumClientExtensions.dll.sig
		File	<Tanium Client>\Patch\tanium-patch.min.vbs
		File	<Tanium Client>\Patch\scans\Wsusscn2.cab
		Process	<Tanium Client>\Patch\tools\active-user-sessions.exe
		FIle	<Tanium Client>\Patch\tools\run-patch-manager.min.vbs
		Process	<Tanium Client>\Patch\tools\TaniumExecWrapper.exe
		Process	<Tanium Client>\Patch\tools\TaniumFileInfo.exe
		Process	<Tanium Client>\Patch\tools\TaniumUpdateSearcher.exe
	7.4.x clients	Process	<Tanium Client>\Python38\TPython.exe
	7.4.x clients	Folder	<Tanium Client>\Python38
		Process	<Tanium Client>\Tools\Patch\7za.exe
		Process	<Tanium Client>\Patch\tools\TaniumExecWrapper.exe
		File	<Tanium Client>\extensions\TaniumSoftwareManager.dll
		File	<Tanium Client>\extensions\TaniumSoftwareManager.dll.sig
	exclude from on-access or real-time scans	Folder	<Tanium Client>
Linux endpoints		File	<Tanium Client>/libTaniumClientExtensions.so
		File	<Tanium Client>/libTaniumClientExtensions.so.sig
	7.4.x clients	Process	<Tanium Client>/python38/bin/pybin
		Process	<Tanium Client>/python38/python
		Folder	<Tanium Client>/python38
		FIle	<Tanium Client>/extensions/libTaniumSoftwareManager.so
		File	<Tanium Client>/extensions/libTaniumSoftwareManager.so.sig
macOS endpoints		File	<Tanium Client>/libTaniumClientExtensions.so
		File	<Tanium Client>/libTaniumClientExtensions.so.sig
	7.4.x clients	Process	<Tanium Client>/python38/bin/pybin
		Process	<Tanium Client>/python38/python
		Folder	<Tanium Client>/python38
		File	<Tanium Client>/extensions/libTaniumSoftwareManager.dylib
		File	<Tanium Client>/extensions/libTaniumSoftwareManager.dylib.sig

Performance

Performance security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\performance-service\node.exe
		Process	<Module Server>\services\event-service\twsm.exe
		Process	<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows (x86 and x64) endpoints		File	<Tanium Client>\TaniumClientExtensions.dll
		File	<Tanium Client>\TaniumClientExtensions.dll.sig
		File	<Tanium Client>\extensions\TaniumDEC.dll
		File	<Tanium Client>\extensions\TaniumDEC.dll.sig
		File	<Tanium Client>\extensions\TaniumPerformance.dll
		File	<Tanium Client>\extensions\TaniumPerformance.dll.sig
		Process	<Tanium Client>\Tools\Performance\TaniumTSDB.exe
		File	<Tanium Client>\extensions\TaniumTSDB.dll
		File	<Tanium Client>\extensions\TaniumTSDB.dll.sig
		File	<Tanium Client>\extensions\SupportCX.dll
		File	<Tanium Client>\extensions\SupportCX.dll.sig
		File	<Tanium Client>\extensions\TaniumConfig.dll
		File	<Tanium Client>\extensions\TaniumConfig.dll.sig
		File	<Tanium Client>\extensions\performance\performance.db
		File	<Tanium Client>\extensions\performance\performance.db-shm
		File	<Tanium Client>\extensions\performance\performance.db-wal
	7.4.x clients	Folder	<Tanium Client>\Python38
	7.4.x clients¹	Process	<Tanium Client>\Python38\TPython.exe
		Process	<Tanium Client>\TaniumCX.exe
Linux (x86 and x64) endpoints		File	<Tanium Client>/libTaniumClientExtensions.so
		File	<Tanium Client>/libTaniumClientExtensions.so.sig
		File	<Tanium Client>/extensions/libTaniumDEC.so
		File	<Tanium Client>/extensions/libTaniumDEC.so.sig
		File	<Tanium Client>/extensions/libTaniumPerformance.so
		File	<Tanium Client>/extensions/libTaniumPerformance.so.sig
		Process	<Tanium Client>/Tools/Performance/TaniumTSDB
		File	<Tanium Client>/extensions/libTaniumTSDB.so
		File	<Tanium Client>/extensions/libTaniumTSDB.so.sig
		File	<Tanium Client>/extensions/libSupportCX.so
		File	<Tanium Client>/extensions/libSupportCX.so.sig
		File	<Tanium Client>/extensions/libTaniumConfig.so
		File	<Tanium Client>/extensions/libTaniumConfig.so.sig
		File	<Tanium Client>/extensions/performance/performance.db
		File	<Tanium Client>/extensions/performance/performance.db-shm
		File	<Tanium Client>/extensions/performance/performance.db-wal
	7.4.x clients	Folder	<Tanium Client>/python38
	7.4.x clients	Process	<Tanium Client>/python38/bin/pybin
		Process	<Tanium Client>/TaniumCX
macOS endpoints		File	<Tanium Client>/libTaniumClientExtensions.dylib
		File	<Tanium Client>/libTaniumClientExtensions.dylib.sig
		File	<Tanium Client>/extensions/libTaniumDEC.dylib
		File	<Tanium Client>/extensions/libTaniumDEC.dylib.so
		File	<Tanium Client>/extensions/libTaniumPerformance.dylib
		File	<Tanium Client>/extensions/libTaniumPerformance.dylib.sig
		Process	<Tanium Client>/Tools/Performance/TaniumTSDB
		File	<Tanium Client>/extensions/libTaniumTSDB.dylib
		File	<Tanium Client>/extensions/libTaniumTSDB.dylib.sig
		File	<Tanium Client>/extensions/libSupportCX.dylib
		File	<Tanium Client>/extensions/libSupportCX.dylib.sig
		File	<Tanium Client>/extensions/libTaniumConfig.dylib
		File	<Tanium Client>/extensions/libTaniumConfig.dylib.sig
		File	<Tanium Client>/extensions/performance/performance.db
		File	<Tanium Client>/extensions/performance/performance.db-shm
		File	<Tanium Client>/extensions/performance/performance.db-wal
	7.4.x clients	Folder	<Tanium Client>/python38
	7.4.x client	Process	<Tanium Client>/python38/bin/pybin
		Process	<Tanium Client>/TaniumCX
¹ = TPython requires SHA2 support to allow installation.

Performance security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Windows (x86 and x64) endpoints		File	<Tanium Client>\TaniumClientExtensions.dll
		File	<Tanium Client>\TaniumClientExtensions.dll.sig
		File	<Tanium Client>\extensions\TaniumDEC.dll
		File	<Tanium Client>\extensions\TaniumDEC.dll.sig
		File	<Tanium Client>\extensions\TaniumPerformance.dll
		File	<Tanium Client>\extensions\TaniumPerformance.dll.sig
		Process	<Tanium Client>\Tools\Performance\TaniumTSDB.exe
		File	<Tanium Client>\extensions\TaniumTSDB.dll
		File	<Tanium Client>\extensions\TaniumTSDB.dll.sig
		File	<Tanium Client>\extensions\SupportCX.dll
		File	<Tanium Client>\extensions\SupportCX.dll.sig
		File	<Tanium Client>\extensions\TaniumConfig.dll
		File	<Tanium Client>\extensions\TaniumConfig.dll.sig
		File	<Tanium Client>\extensions\performance\performance.db
		File	<Tanium Client>\extensions\performance\performance.db-shm
		File	<Tanium Client>\extensions\performance\performance.db-wal
	7.4.x clients	Folder	<Tanium Client>\Python38
	7.4.x clients¹	Process	<Tanium Client>\Python38\TPython.exe
		Process	<Tanium Client>\TaniumCX.exe
Linux (x86 and x64) endpoints		File	<Tanium Client>/libTaniumClientExtensions.so
		File	<Tanium Client>/libTaniumClientExtensions.so.sig
		File	<Tanium Client>/extensions/libTaniumDEC.so
		File	<Tanium Client>/extensions/libTaniumDEC.so.sig
		File	<Tanium Client>/extensions/libTaniumPerformance.so
		File	<Tanium Client>/extensions/libTaniumPerformance.so.sig
		Process	<Tanium Client>/Tools/Performance/TaniumTSDB
		File	<Tanium Client>/extensions/libTaniumTSDB.so
		File	<Tanium Client>/extensions/libTaniumTSDB.so.sig
		File	<Tanium Client>/extensions/libSupportCX.so
		File	<Tanium Client>/extensions/libSupportCX.so.sig
		File	<Tanium Client>/extensions/libTaniumConfig.so
		File	<Tanium Client>/extensions/libTaniumConfig.so.sig
		File	<Tanium Client>/extensions/performance/performance.db
		File	<Tanium Client>/extensions/performance/performance.db-shm
		File	<Tanium Client>/extensions/performance/performance.db-wal
	7.4.x clients	Folder	<Tanium Client>/python38
	7.4.x clients	Process	<Tanium Client>/python38/bin/pybin
		Process	<Tanium Client>/TaniumCX
macOS endpoints		File	<Tanium Client>/libTaniumClientExtensions.dylib
		File	<Tanium Client>/libTaniumClientExtensions.dylib.sig
		File	<Tanium Client>/extensions/libTaniumDEC.dylib
		File	<Tanium Client>/extensions/libTaniumDEC.dylib.so
		File	<Tanium Client>/extensions/libTaniumPerformance.dylib
		File	<Tanium Client>/extensions/libTaniumPerformance.dylib.sig
		Process	<Tanium Client>/Tools/Performance/TaniumTSDB
		File	<Tanium Client>/extensions/libTaniumTSDB.dylib
		File	<Tanium Client>/extensions/libTaniumTSDB.dylib.sig
		File	<Tanium Client>/extensions/libSupportCX.dylib
		File	<Tanium Client>/extensions/libSupportCX.dylib.sig
		File	<Tanium Client>/extensions/libTaniumConfig.dylib
		File	<Tanium Client>/extensions/libTaniumConfig.dylib.sig
		File	<Tanium Client>/extensions/performance/performance.db
		File	<Tanium Client>/extensions/performance/performance.db-shm
		File	<Tanium Client>/extensions/performance/performance.db-wal
	7.4.x clients	Folder	<Tanium Client>/python38
	7.4.x clients	Process	<Tanium Client>/python38/bin/pybin
		Process	<Tanium Client>/TaniumCX
¹ = TPython requires SHA2 support to allow installation.

Provision

Provision security exclusions
Target Device	Exclusion Type	Exclusion
Module Server	Process	<Module Server>\services\provision-service\TaniumProvisionService.exe
Module Server	Process	<Module Server>\services\twsm-v1\twsm.exe
Windows endpoints	Process	<Tanium Client>\Python38\TPython.exe
	Folder	<Tanium Client>\Python38
	Process	<Tanium Client>\Tools\Provision\TaniumODJ.exe
	Process	<Tanium Client>\Tools\Provision\TaniumODJ_x86.exe
	Process	<Tanium Client>\Tools\Provision\TaniumPXE.exe
	Folder	<Tanium Client>\Tools\Provision
Linux endpoints	Process	<Tanium Client>/python38/python
	Folder	<Tanium Client>/python38
	Folder	<Tanium Client>/Tools/Provision
macOS endpoints	Process	<Tanium Client>/python38/python
	Folder	<Tanium Client>/python38
	Folder	<Tanium Client>/Tools/Provision

RDB Service

RDB service security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\rdb-service\TaniumRdbService.exe

No additional process exclusions are recommended.

Reporting

Reporting security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\reporting-service\TaniumReportingService.exe

No additional process exclusions are recommended.

Reputation

Reputation security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\reputation-service\node.exe

No additional process exclusions are required.

Reveal

Reveal security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\reveal-service\node.exe
Module Server		Process	<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints		Process	<Tanium Client>\TaniumCX.exe
		File	<Tanium Client>\TaniumClientExtensions.dll
		File	<Tanium Client>\TaniumClientExtensions.dll.sig
		File	<Tanium Client>\extensions\TaniumReveal.dll
		File	<Tanium Client>\extensions\TaniumReveal.dll.sig
		File	<Tanium Client>\extensions\TaniumDEC.dll
		File	<Tanium Client>\extensions\TaniumDEC.dll.sig
		File	<Tanium Client>\extensions\TaniumIndex.dll
		File	<Tanium Client>\extensions\TaniumIndex.dll.sig
		File	<Tanium Client>\extensions\core\TaniumPythonCx.dll
		File	<Tanium Client>\extensions\core\TaniumPythonCx.dll.sig
	7.2.x clients, ¹	Process	<Tanium Client>\python27\TPython.exe
	7.2.x clients, ¹	Folder	<Tanium Client>\python27
	7.4.x clients, ¹	Process	<Tanium Client>\python38\TPython.exe
	7.4.x clients	Folder	<Tanium Client>\python38
Linux endpoints		Process	<Tanium Client>/TaniumCX
		File	<Tanium Client>/libTaniumClientExtensions.so
		File	<Tanium Client>/libTaniumClientExtensions.so.sig
		File	<Tanium Client>/extensions/libTaniumReveal.so
		File	<Tanium Client>/extensions/libTaniumReveal.so.sig
		File	<Tanium Client>/extensions/libTaniumDEC.so
		File	<Tanium Client>/extensions/libTaniumDEC.so.sig
		File	<Tanium Client>/extensions/libTaniumIndex.so
		File	<Tanium Client>/extensions/libTaniumIndex.so.sig
		File	<Tanium Client>/extensions/core/libTaniumPythonCx.so
		File	<Tanium Client>/extensions/core/libTaniumPythonCx.so.sig
	7.2.x clients	Process	<Tanium Client>/python27/python
	7.2.x clients	Folder	<Tanium Client>/python27
	7.4.x clients	Process	<Tanium Client>/python38/python
	7.4.x clients	Folder	<Tanium Client>/python38
macOS endpoints		Process	<Tanium Client>/TaniumCX
		File	<Tanium Client>/libTaniumClientExtensions.dylib
		File	<Tanium Client>/libTaniumClientExtensions.dylib.sig
		File	<Tanium Client>/extensions/libTaniumReveal.dylib
		File	<Tanium Client>/extensions/libTaniumReveal.dylib.sig
		File	<Tanium Client>/extensions/libTaniumDEC.dylib
		File	<Tanium Client>/extensions/libTaniumDEC.dylib.sig
		File	<Tanium Client>/extensions/libTaniumIndex.dylib
		File	<Tanium Client>/extensions/libTaniumIndex.dylib.sig
		File	<Tanium Client>/extensions/core/libTaniumPythonCx.dylib
		File	<Tanium Client>/extensions/core/libTaniumPythonCx.dylib.sig
	7.2.x clients	Process	<Tanium Client>/python27/python
	7.2.x clients	Folder	<Tanium Client>/python27
	7.4.x clients	Process	<Tanium Client>/python38/python
	7.4.x clients	Folder	<Tanium Client>/python38
¹ = TPython requires SHA2 support to allow installation.

Reveal security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Windows endpoints		Process	<Tanium Client>\TaniumCX.exe
		File	<Tanium Client>\TaniumClientExtensions.dll
		File	<Tanium Client>\TaniumClientExtensions.dll.sig
		File	<Tanium Client>\extensions\TaniumReveal.dll
		File	<Tanium Client>\extensions\TaniumReveal.dll.sig
		File	<Tanium Client>\extensions\TaniumDEC.dll
		File	<Tanium Client>\extensions\TaniumDEC.dll.sig
		File	<Tanium Client>\extensions\TaniumIndex.dll
		File	<Tanium Client>\extensions\TaniumIndex.dll.sig
		File	<Tanium Client>\extensions\core\TaniumPythonCx.dll
		File	<Tanium Client>\extensions\core\TaniumPythonCx.dll.sig
	7.2.x clients, ¹	Process	<Tanium Client>\python27\TPython.exe
	7.2.x clients, ¹	Folder	<Tanium Client>\python27
	7.4.x clients, ¹	Process	<Tanium Client>\python38\TPython.exe
	7.4.x clients	Folder	<Tanium Client>\python38
Linux endpoints		Process	<Tanium Client>/TaniumCX
		File	<Tanium Client>/libTaniumClientExtensions.so
		File	<Tanium Client>/libTaniumClientExtensions.so.sig
		File	<Tanium Client>/extensions/libTaniumReveal.so
		File	<Tanium Client>/extensions/libTaniumReveal.so.sig
		File	<Tanium Client>/extensions/libTaniumDEC.so
		File	<Tanium Client>/extensions/libTaniumDEC.so.sig
		File	<Tanium Client>/extensions/libTaniumIndex.so
		File	<Tanium Client>/extensions/libTaniumIndex.so.sig
		File	<Tanium Client>/extensions/core/libTaniumPythonCx.so
		File	<Tanium Client>/extensions/core/libTaniumPythonCx.so.sig
	7.2.x clients	Process	<Tanium Client>/python27/python
	7.2.x clients	Folder	<Tanium Client>/python27
	7.4.x clients	Process	<Tanium Client>/python38/python
	7.4.x clients	Folder	<Tanium Client>/python38
macOS endpoints		Process	<Tanium Client>/TaniumCX
		File	<Tanium Client>/libTaniumClientExtensions.dylib
		File	<Tanium Client>/libTaniumClientExtensions.dylib.sig
		File	<Tanium Client>/extensions/libTaniumReveal.dylib
		File	<Tanium Client>/extensions/libTaniumReveal.dylib.sig
		File	<Tanium Client>/extensions/libTaniumDEC.dylib
		File	<Tanium Client>/extensions/libTaniumDEC.dylib.sig
		File	<Tanium Client>/extensions/libTaniumIndex.dylib
		File	<Tanium Client>/extensions/libTaniumIndex.dylib.sig
		File	<Tanium Client>/extensions/core/libTaniumPythonCx.dylib
		File	<Tanium Client>/extensions/core/libTaniumPythonCx.dylib.sig
	7.2.x clients	Process	<Tanium Client>/python27/python
	7.2.x clients	Folder	<Tanium Client>/python27
	7.4.x clients	Process	<Tanium Client>/python38/python
	7.4.x clients	Folder	<Tanium Client>/python38
¹ = TPython requires SHA2 support to allow installation.

Risk

Risk security exclusions
Target Device	Exclusion Type	Process
Windows endpoints	Process	<Tanium Client>\TaniumCX.exe
Windows endpoints	File	<Tanium Client>\extensions\TaniumRisk.dll
Linux endpoints	Process	<Tanium Client>/TaniumCX
Linux endpoints	File	<Tanium Client>/libTaniumRisk.so
macOS endpoints	Process	<Tanium Client>/TaniumCX
macOS endpoints	File	<Tanium Client>/libTaniumRisk.dylib

Risk security exclusions
Target Device	Exclusion Type	Process
Windows endpoints	Process	<Tanium Client>\TaniumCX.exe
Windows endpoints	File	<Tanium Client>\extensions\TaniumRisk.dll
Linux endpoints	Process	<Tanium Client>/TaniumCX
Linux endpoints	File	<Tanium Client>/libTaniumRisk.so
macOS endpoints	Process	<Tanium Client>/TaniumCX
macOS endpoints	File	<Tanium Client>/libTaniumRisk.dylib

Secrets Service

Secrets service security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\secrets-service\TaniumSecretsService.exe

No additional process exclusions are recommended.

System User Service

System User service security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\system-user-service\TaniumSystemUserService.exe

No additional process exclusions are recommended.

Threat Response

Threat Response security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Tanium Module Server		Process	<Module Server>\services\detect3-service\node.exe
		Process	<Module Server>\services\detect3-service\twsm.exe
		Process	<Module Server>\services\event-service\node.exe
		Process	<Module Server>\services\event-service\twsm.exe
		Process	<Module Server>\services\threat-response-service\node.exe
		Process	<Module Server>\services\twsm-v1\twsm.exe
		Process	<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Tanium Zone Server		Process	<Tanium Installation Directory>\Tanium Direct Connect Zone Proxy\node.exe
Tanium Zone Server		Process	<Tanium Installation Directory>\Tanium Direct Connect Zone Proxy\twsm.exe
Windows x86 and x64 endpoints		Process	<Tanium Client>\Tools\IR\TaniumExecWrapper.exe
		Process	<Tanium Client>\Tools\IR\TanFileInfo.exe
		Process	<Tanium Client>\Tools\IR\TaniumFileInfo.exe
		Process	<Tanium Client>\Tools\IR\TaniumHandle.exe
		Process	<Tanium Client>\Tools\IR\TaniumListModules.exe
		File	<Tanium Client>\extensions\TaniumIndex.dll
		File	<Tanium Client>\extensions\TaniumIndex.dll.sig
		Process	<Tanium Client>\Tools\recorder\TaniumRecorderCtl.exe
		File	<Tanium Client>\extensions\TaniumRecorder.dll
		File	<Tanium Client>\extensions\TaniumRecorder.dll.sig
		File	<Tanium Client>\extensions\SupportCX.dll
		File	<Tanium Client>\extensions\SupportCX.dll.sig
		File	<Tanium Client>\extensions\recorder\proc.bin
		File	<Tanium Client>\extensions\recorder\recorder.db
		File	<Tanium Client>\extensions\recorder\recorder.db-shm
		File	<Tanium Client>\extensions\recorder\recorder.db-wal
		Process	<Tanium Client>\tools\driver\TaniumDriverCtl.exe
		Process	<Tanium Client>\tools\driver\TaniumDriverCtl64.exe
		Process	<Tanium Client>\tools\driver\TaniumDriverSvc.exe
		Process	<Tanium Client>\tools\driver\TaniumDriverSvc64.exe
		Process	<Tanium Client>\tools\driver\service\TaniumDriverSvc.exe
		Process	<Tanium Client>\tools\driver\service\TaniumDriverSvc64.exe
		File	<Tanium Client>\tools\driver\TaniumProcessMonitor.dll
		File	<Tanium Client>\tools\driver\TaniumProcessMonitor64.dll
		File	<Tanium Client>\extensions\TaniumThreatResponse.dll
		File	<Tanium Client>\extensions\TaniumThreatResponse.dll.sig
		File	<Tanium Client>\extensions\core\TaniumPythonCx.dll
		File	<Tanium Client>\extensions\core\TaniumPythonCx.dll.sig
		Folder	<Tanium Client>\extensions\stream
		File	<Tanium Client>\TaniumClientExtensions.dll
		File	<Tanium Client>\TaniumClientExtensions.dll.sig
	¹	Process	<Tanium Client>\Downloads\Action_*\TaniumFileTransfer.exe
	¹	Process	<Tanium Client>\Downloads\Action_*\Winpmem.gb414603.exe
		Process	<Tanium Client>\Tools\IR\TaniumPersistenceAnalyzer.exe
		File	<Tanium Client>\Tools\IR\PowerForensics\PowerForensics.dll
	7.2.x clients, ³	Process	<Tanium Client>\Python27\TPython.exe
	7.4.x clients, ³	Process	<Tanium Client>\Python38\TPython.exe
	7.2.x clients	Folder	<Tanium Client>\Python27
	7.4.x clients	Folder	<Tanium Client>\Python38
		Process	<Tanium Client>\TaniumCX.exe
		File	<Tanium Client>\extensions\TaniumDEC.dll
		File	<Tanium Client>\extensions\TaniumDEC.dll.sig
		File	C:\Windows\System32\drivers\TaniumRecorderDrv.sys
		File	C:\Windows\SysWOW64\TaniumProcessMonitor.dll
		File	C:\Windows\system32\drivers\TaniumProcessMonitor.dll
Linux x86 and x64 endpoints		Process	<Tanium Client>/extensions/recorder/TaniumAuditPipe
		Process	<Tanium Client>/TaniumCX
		Process	<Tanium Client>/Tools/IR/TaniumExecWrapper
		File	<Tanium Client>/extensions/libTaniumIndex.so
		File	<Tanium Client>/extensions/libTaniumIndex.so.sig
	7.2.x clients	Folder	<Tanium Client>/python27
	7.2.x clients	Process	<Tanium Client>/python27/python
	7.2.x clients	Process	<Tanium Client>/python27/bin/pybin
	7.4.x clients	Folder	<Tanium Client>/python38
	7.4.x clients	Process	<Tanium Client>/python38/python
		File	<Tanium Client>/libTaniumClientExtensions.so
		File	<Tanium Client>/libTaniumClientExtensions.so.sig
		File	<Tanium Client>/libSupportCX.so
		File	<Tanium Client>/libSupportCX.so.sig
		File	<Tanium Client>/extensions/libTaniumThreatResponse.so
		File	<Tanium Client>/extensions/libTaniumThreatResponse.so.sig
		File	<Tanium Client>/extensions/libTaniumRecorder.so
		File	<Tanium Client>/extensions/libTaniumRecorder.so.sig
		File	<Tanium Client>/extensions/recorder/proc.bin
		File	<Tanium Client>/extensions/recorder/recorder.db
		File	<Tanium Client>/extensions/recorder/recorder.db-shm
		File	<Tanium Client>/extensions/recorder/recorder.db-wal
		File	<Tanium Client>/extensions/recorder/recorder.auditpipe
		File	<Tanium Client>/extensions/core/libTaniumPythonCx.so
		File	<Tanium Client>/extensions/core/libTaniumPythonCx.so.sig
		File	<Tanium Client>/extensions/libTaniumDEC.so
		File	<Tanium Client>/extensions/libTaniumDEC.so.sig
		Folder	<Tanium Client>/extensions/stream
	¹,²	Process	<Tanium Client>/Downloads/Action_*/surge-collect
	¹,²	File	<Tanium Client>/Downloads/Action_*/surge.dat
	¹	File	<Tanium Client>/Downloads/Action_/linpmem-.bin
	¹	Process	<Tanium Client>/Downloads/Action_*/taniumfiletransfer
macOS endpoints		Process	<Tanium Client>/TaniumCX
		Process	<Tanium Client>/Tools/IR/TaniumExecWrapper
		File	<Tanium Client>/extensions/libTaniumIndex.dylib
		File	<Tanium Client>/extensions/libTaniumIndex.dylib.sig
	7.2.x clients	Folder	<Tanium Client>/python27
	7.2.x clients	Process	<Tanium Client>/python27/python
	7.4.x clients	Folder	<Tanium Client>/python38
	7.4.x clients	Process	<Tanium Client>/python38/python
		File	<Tanium Client>/libTaniumClientExtensions.dylib
		File	<Tanium Client>/libTaniumClientExtensions.dylib.sig
		File	<Tanium Client>/extensions/libTaniumThreatResponse.dylib
		File	<Tanium Client>/extensions/libTaniumThreatResponse.dylib.sig
		File	<Tanium Client>/extensions/libTaniumRecorder.dylib
		File	<Tanium Client>/extensions/libTaniumRecorder.dylib.sig
		File	<Tanium Client>/extensions/recorder/proc.bin
		File	<Tanium Client>/extensions/recorder/recorder.db
		File	<Tanium Client>/extensions/recorder/recorder.db-shm
		File	<Tanium Client>/extensions/recorder/recorder.db-wal
		File	<Tanium Client>/extensions/recorder/recorder.auditpipe
		File	<Tanium Client>/extensions/core/libTaniumPythonCx.dylib
		File	<Tanium Client>/extensions/core/libTaniumPythonCx.dylib.sig
		Folder	<Tanium Client>/extensions/stream
		File	<Tanium Client>/extensions/libTaniumDEC.dylib
		File	<Tanium Client>/extensions/libTaniumDEC.dylib.sig
		File	<Tanium Client>/extensions/libSupportCX.dylib
		File	<Tanium Client>/extensions/libSupportCX.dylib.sig
	¹,²	Process	<Tanium Client>/Downloads/Action_*/surge-collect
	¹,²	File	<Tanium Client>/Downloads/Action_*/surge.dat
	¹	Process	<Tanium Client>/Downloads/Action_*/osxpmem.app/osxpmem
	¹	Process	<Tanium Client>/Downloads/Action_*/taniumfiletransfer
¹ = Where * corresponds to the action ID or the version of linpmem. ² = Exception is required if Volexity Surge is used for memory collection. ³ = TPython requires SHA2 support to allow installation.

Threat Response security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Tanium Zone Server		Process	<Tanium Installation Directory>\Tanium Direct Connect Zone Proxy\node.exe
Tanium Zone Server		Process	<Tanium Installation Directory>\Tanium Direct Connect Zone Proxy\twsm.exe
Windows x86 and x64 endpoints		Process	<Tanium Client>\Tools\IR\TaniumExecWrapper.exe
		Process	<Tanium Client>\Tools\IR\TanFileInfo.exe
		Process	<Tanium Client>\Tools\IR\TaniumFileInfo.exe
		Process	<Tanium Client>\Tools\IR\TaniumHandle.exe
		Process	<Tanium Client>\Tools\IR\TaniumListModules.exe
		File	<Tanium Client>\extensions\TaniumIndex.dll
		File	<Tanium Client>\extensions\TaniumIndex.dll.sig
		Process	<Tanium Client>\Tools\recorder\TaniumRecorderCtl.exe
		File	<Tanium Client>\extensions\TaniumRecorder.dll
		File	<Tanium Client>\extensions\TaniumRecorder.dll.sig
		File	<Tanium Client>\extensions\recorder\proc.bin
		File	<Tanium Client>\extensions\recorder\recorder.db
		File	<Tanium Client>\extensions\recorder\recorder.db-shm
		File	<Tanium Client>\extensions\recorder\recorder.db-wal
		File	<Tanium Client>\extensions\TaniumThreatResponse.dll
		File	<Tanium Client>\extensions\TaniumThreatResponse.dll.sig
		File	<Tanium Client>\extensions\core\TaniumPythonCx.dll
		File	<Tanium Client>\extensions\core\TaniumPythonCx.dll.sig
		File	<Tanium Client>\TaniumClientExtensions.dll
		File	<Tanium Client>\TaniumClientExtensions.dll.sig
	¹	Process	<Tanium Client>\Downloads\Action_*\TaniumFileTransfer.exe
	¹	Process	<Tanium Client>\Downloads\Action_*\Winpmem.gb414603.exe
		Process	<Tanium Client>\Tools\IR\TaniumPersistenceAnalyzer.exe
		File	<Tanium Client>\Tools\IR\PowerForensics\PowerForensics.dll
	7.4.x clients	Process	<Tanium Client>\Python38\TPython.exe
	7.4.x clients	Folder	<Tanium Client>\Python38
		Process	<Tanium Client>\TaniumCX.exe
		File	<Tanium Client>\extensions\TaniumDEC.dll
		File	<Tanium Client>\extensions\TaniumDEC.dll.sig
		File	C:\Windows\System32\drivers\TaniumRecorderDrv.sys
		File	C:\Windows\SysWOW64\TaniumProcessMonitor.dll
		File	C:\Windows\system32\drivers\TaniumProcessMonitor.dll
		Process	<Tanium Client>\tools\driver\TaniumDriverCtl.exe
		Process	<Tanium Client>\tools\driver\TaniumDriverCtl64.exe
		Process	<Tanium Client>\tools\driver\TaniumDriverSvc.exe
		Process	<Tanium Client>\tools\driver\TaniumDriverSvc64.exe
		Process	<Tanium Client>\tools\driver\service\TaniumDriverSvc.exe
		Process	<Tanium Client>\tools\driver\service\TaniumDriverSvc64.exe
Linux x86 and x64 endpoints		Process	<Tanium Client>/extensions/recorder/TaniumAuditPipe
		Process	<Tanium Client>/TaniumCX
		Process	<Tanium Client>/Tools/IR/TaniumExecWrapper
	7.4.x clients	Folder	<Tanium Client>/python38
	7.4.x clients	Process	<Tanium Client>/python38/python
		File	<Tanium Client>/libTaniumClientExtensions.so
		File	<Tanium Client>/libTaniumClientExtensions.so.sig
		File	<Tanium Client>/extensions/libTaniumThreatResponse.so
		File	<Tanium Client>/extensions/libTaniumThreatResponse.so.sig
		File	<Tanium Client>/extensions/libTaniumRecorder.so
		File	<Tanium Client>/extensions/libTaniumRecorder.so.sig
		File	<Tanium Client>/extensions/recorder/proc.bin
		File	<Tanium Client>/extensions/recorder/recorder.db
		File	<Tanium Client>/extensions/recorder/recorder.db-shm
		File	<Tanium Client>/extensions/recorder/recorder.db-wal
		File	<Tanium Client>/extensions/recorder/recorder.auditpipe
		File	<Tanium Client>/extensions/core/libTaniumPythonCx.so
		File	<Tanium Client>/extensions/core/libTaniumPythonCx.so.sig
		File	<Tanium Client>/extensions/libTaniumDEC.so
		File	<Tanium Client>/extensions/libTaniumDEC.so.sig
		File	<Tanium Client>/extensions/libTaniumIndex.so
		File	<Tanium Client>/extensions/libTaniumIndex.so.sig
	¹,²	Process	<Tanium Client>/Downloads/Action_*/surge-collect
	¹,²	File	<Tanium Client>/Downloads/Action_*/surge.dat
	¹	File	<Tanium Client>/Downloads/Action_/linpmem-.bin
	¹	Process	<Tanium Client>/Downloads/Action_*/taniumfiletransfer
macOS endpoints		Process	<Tanium Client>/TaniumCX
		Process	<Tanium Client>/Tools/IR/TaniumExecWrapper
		File	<Tanium Client>/extensions/libTaniumIndex.dylib
		File	<Tanium Client>/extensions/libTaniumIndex.dylib.sig
	7.4.x clients	Folder	<Tanium Client>/python38
	7.4.x clients	Process	<Tanium Client>/python38/python
		File	<Tanium Client>/libTaniumClientExtensions.dylib
		File	<Tanium Client>/libTaniumClientExtensions.dylib.sig
		File	<Tanium Client>/extensions/libTaniumThreatResponse.dylib
		File	<Tanium Client>/extensions/libTaniumThreatResponse.dylib.sig
		File	<Tanium Client>/extensions/libTaniumRecorder.dylib
		File	<Tanium Client>/extensions/libTaniumRecorder.dylib.sig
		File	<Tanium Client>/extensions/recorder/proc.bin
		File	<Tanium Client>/extensions/recorder/recorder.db
		File	<Tanium Client>/extensions/recorder/recorder.db-shm
		File	<Tanium Client>/extensions/recorder/recorder.db-wal
		File	<Tanium Client>/extensions/recorder/recorder.auditpipe
		File	<Tanium Client>/extensions/core/libTaniumPythonCx.dylib
		File	<Tanium Client>/extensions/core/libTaniumPythonCx.dylib.sig
		File	<Tanium Client>/extensions/libTaniumDEC.dylib
		File	<Tanium Client>/extensions/libTaniumDEC.dylib.sig
	¹,²	Process	<Tanium Client>/Downloads/Action_*/surge-collect
	¹,²	File	<Tanium Client>/Downloads/Action_*/surge.dat
	¹	Process	<Tanium Client>/Downloads/Action_*/osxpmem.app/osxpmem
	¹	Process	<Tanium Client>/Downloads/Action_*/taniumfiletransfer
¹ = Where * corresponds to the action ID or the version of linpmem. ² = Exception is required if Volexity Surge is used for memory collection. ³ = TPython requires SHA2 support to allow installation.

Trends

Trends security exclusions
Target Device	Exclusion Type	Exclusion
Module Server	Process	<Module Server>\services\twsm-v1\twsm.exe
	Process	<Module Server>\services\trends\node_modules\@tanium \postgresql\lib\win32\bin\postgres.exe
	Process	<Module Server>\services\trends\node_modules\@tanium \postgresql\lib\win32\bin\pg_ctl.exe

No additional process exclusions are required.