Host system security exclusions

To monitor and block unknown host system processes, many organizations use security software, such as host-based firewalls and antivirus detection. To ensure that such software does not interfere with Tanium operations, work with your network and security team to allow Tanium Client folders and processes, so that the software treats them as trusted exclusions. Typically, this means configuring the security software to exclude the installation directories of the Tanium Client and (for Windows deployments) Tanium Core Platform servers from real-time inspection. Configuring trusted exclusions also typically involves setting a policy to ignore input and output from Tanium binaries.

Tanium Core Platform servers do not require host system security exclusions in a Tanium Appliance deployment. Tanium Clients on all operating systems (OSs) require host system security exclusions.

Tanium Client Core Platform folders

The following table lists Tanium Client Core Platform folders that antivirus and other host-based security applications must exclude from real-time scans. Include subfolders of these locations when you create the exception rules. The listed folder paths are the defaults. If you changed the folder locations to non-default paths, create rules based on the actual locations.

Table 2:   Security exclusions for Tanium Core Platform folders

Target Device	OS	Installation folder
¹ Tanium Server	Windows 64-bit	\Program Files\Tanium\Tanium Server
Tanium Module Server	Windows 64-bit	\Program Files\Tanium\Tanium Module Server \Program Files\Tanium\Tanium Module Postgres
Tanium Zone Server, Zone Server Hub	Windows 64-bit	\Program Files (x86)\Tanium\Tanium ZoneServer
² Tanium Client endpoints	Windows 32-bit	\Program Files\Tanium\Tanium Client
	Windows 64-bit	\Program Files (x86)\Tanium\Tanium Client
	macOS	/Library/Tanium/TaniumClient
	Linux, Solaris, AIX	/opt/Tanium/TaniumClient
1 You might also have to exclude the Tanium Server Downloads directory if it was moved out of the installation directory using the instructions in the KB article Relocate Downloads Directory. 2 For additional folder exclusions that are required during Tanium Client installation, see Client Management.

Tanium Client Core Platform system processes

The following table lists Tanium Client Core Platform system processes that must be allowed (not blocked, quarantined, or otherwise processed). The <Tanium Client> variable indicates the client installation folder. The variables such as <Module Server> indicate the installation folder of the platform servers and Tanium Client.

Table 3:   Security exclusions for Tanium Client processes

Endpoint OS	Process
Windows, macOS, Linux	<Tanium Client>/Tools/StdUtils folder or all the files that it contains, including: 7za.exe (Windows) or 7za (macOS, Linux) runasuser.exe (Windows only) runasuser64.exe (Windows only) TaniumExecWrapper.exe (Windows) or TaniumExecWrapper (macOS, Linux) TaniumFileInfo.exe (Windows only) TPowerShell.exe (Windows only) distribute-tools.sh (macOS, Linux only)
Windows	<Tanium Client>\TaniumClient.exe
	<Tanium Client>\TaniumCX.exe
	<Tanium Client>\Python27\TPython.exe
	<Tanium Client>\Python38\TPython.exe
	<Tanium Client>\Python27\*.dll
	<Tanium Client>\Python38\*.dll
macOS, Linux, Solaris, AIX	<Tanium Client>/TaniumClient
	<Tanium Client>/taniumclient
	<Tanium Client>/TaniumCX
macOS, Linux	<Tanium Client>/Python27/python
	<Tanium Client>/Python38/python

Table 4:   Security exclusions for Tanium Core Platform processes

Target Device	OS	Process
Tanium Server	Windows	<Tanium Server>\TaniumReceiver.exe
Tanium Module Server	Windows	<Module Server>\7za.exe <Module Server>\TaniumModuleServer.exe <Module Server>\ContentManagement.exe <Module Server>\services\tanium-data-service\TaniumDataService.exe
Tanium Zone Server, Zone Server Hub	Windows	<Zone Server>\TaniumZoneServer.exe <Zone Server Hub>\TaniumZoneServer.exe
Tanium Client endpoints	Windows, macOS, Linux	<Tanium Client>/Tools/StdUtils folder or all the files that it contains, including: 7za.exe (Windows) or 7za (macOS, Linux) runasuser.exe (Windows only) runasuser64.exe (Windows only) TaniumExecWrapper.exe (Windows) or TaniumExecWrapper (macOS, Linux) TaniumFileInfo.exe (Windows only) TPowerShell.exe (Windows only) distribute-tools.sh (macOS, Linux only)
	Windows	<Tanium Client>\TaniumClient.exe
		<Tanium Client>\TaniumCX.exe
		<Tanium Client>\Python27\TPython.exe
		<Tanium Client>\Python38\TPython.exe
		<Tanium Client>\Python27\*.dll
		<Tanium Client>\Python38\*.dll
	macOS, Linux, Solaris, AIX	<Tanium Client>/TaniumClient
		<Tanium Client>/taniumclient
		<Tanium Client>/TaniumCX
	macOS, Linux	<Tanium Client>/Python27/python
		<Tanium Client>/Python38/python

Tanium binary file signer

Some security products base exclusion rules on file signers. Tanium uses an extended validation (EV) code-signing certificate with the following signer for the Tanium-generated binary files of Tanium Core Platform servers, Tanium Clients, and Tanium modules. Tanium also uses this certificate to sign VBS and PS1 files within action packages:

Subject: jurisdictionC=US/jurisdictionST=Delaware/businessCategory=Private Organization/serialNumber=4332270, C=US, ST=CA, L=Emeryville, O=Tanium Inc., CN=Tanium Inc.

Solution module folders

As a rule, Tanium solution modules are installed in subdirectories of the Tanium Module Server installation directory. This facilitates any exclusion rules you must create: simply exclude the Module Server installation directory and its subdirectories. This requirement applies only to a Module Server installed on Windows infrastructure.

Solution module processes

The following sections list additional processes on the Module Server (Windows infrastructure only) and Tanium Client (all OSs) that you must configure as exclusions in security software to enable Tanium modules and shared services to work.

The following sections use variables (such as <Module Server>) to indicate the installation folder of a Tanium Core Platform server or the Tanium Client. The following sections use the <Tanium Client> variable to indicate the client installation folder.

• Asset
• Client Management
• Comply
• Connect
• Deploy
• Direct Connect
• Discover
• Endpoint Configuration
• End-User Notifications
• Enforce
• Health Check
• Impact
• Incident Response
• Integrity Monitor
• Map
• Network Quarantine
• Patch
• Performance
• Protect
• Reputation
• Reveal
• Threat Response
• Trends

Asset

Table 5:   Asset security exclusions

Target Device	Notes	Process
Module Server		<Module Server>\services\asset-service\node.exe
		<Module Server>\services\asset-service\[email protected]\postgresql\lib\win32\bin\postgres.exe
		<Module Server>\services\asset-service\[email protected]\postgresql\lib\win32\bin\pg_ctl.exe
		<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints	For integration with Flexera	<Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe
macOS and Linux endpoints	For integration with Flexera	<Tanium Client>/Tools/EPI/TaniumEndpointIndex

Client Management

Comply

Table 8:   Comply security exclusions

Target Device	Notes	Process
Module Server		<Module Server>\services\comply-service\node.exe
		<Module Server>\services\comply-service\node_modules\ovalindex\build\bin\ovalindex.exe
Windows endpoints		<Tanium Client>\Tools\Comply\TaniumExecWrapper.exe
		<Tanium Client>\Tools\Comply\jre\bin\java.exe
		<Tanium Client>\Tools\Comply\7za.exe
Linux/macOS/AIX endpoints		<Tanium Client>/Tools/Comply/TaniumExecWrapper
		<Tanium Client>/Tools/Comply/jre/bin/java
		<Tanium Client>/Tools/Comply/7za
		<Tanium Client>/Tools/Comply/xsltproc
Tanium Scan Engine		<Tanium Client>/Tools/Comply/joval/Joval4Tanium.jar
		<Tanium Client>/Tools/Comply/joval/Joval-Utilities.jar
CIS-CAT engine		<Tanium Client>/Tools/Comply/cis-cat/CIS-CAT.jar
	Linux only	<Tanium Client>/Tools/Comply/cis-cat/CIS-CAT.sh
	Windows only	<Tanium Client>/Tools/Comply/cis-cat/CIS-CAT.BAT
SCC engine - Windows endpoints		<Tanium Client>\Tools\Comply\scc\cscc.exe
		<Tanium Client>\Tools\Comply\scc\cscc32.exe
		<Tanium Client>\Tools\Comply\scc\cscc64.exe
		<Tanium Client>\Tools\Comply\scc\scc.exe
		<Tanium Client>\Tools\Comply\scc\scc32.exe
		<Tanium Client>\Tools\Comply\scc\scc64.exe
SCC engine - Linux/macOS endpoints		<Tanium Client>/Tools/Comply/scc/cscc
		<Tanium Client>/Tools/Comply/scc/cscc.bin
		<Tanium Client>/Tools/Comply/scc/scc
		<Tanium Client>/Tools/Comply/scc/scc.bin

Table 9:   Comply security exclusions

Target Device	Notes	Process
Windows endpoints		<Tanium Client>\Tools\Comply\TaniumExecWrapper.exe
		<Tanium Client>\Tools\Comply\jre\bin\java.exe
		<Tanium Client>\Tools\Comply\7za.exe
Linux/macOS endpoints		<Tanium Client>/Tools/Comply/TaniumExecWrapper
		<Tanium Client>/Tools/Comply/jre/bin/java
		<Tanium Client>/Tools/Comply/7za
		<Tanium Client>/Tools/Comply/xsltproc
Tanium Scan Engine		<Tanium Client>/Tools/Comply/joval/Joval4Tanium.jar
		<Tanium Client>/Tools/Comply/joval/Joval-Utilities.jar
CIS-CAT engine		<Tanium Client>/Tools/Comply/cis-cat/CIS-CAT.jar
	Linux only	<Tanium Client>/Tools/Comply/cis-cat/CIS-CAT.sh
	Windows only	<Tanium Client>/Tools/Comply/cis-cat/CIS-CAT.BAT
SCC engine - Windows endpoints		<Tanium Client>\Tools\Comply\scc\cscc.exe
		<Tanium Client>\Tools\Comply\scc\cscc32.exe
		<Tanium Client>\Tools\Comply\scc\cscc64.exe
		<Tanium Client>\Tools\Comply\scc\scc.exe
		<Tanium Client>\Tools\Comply\scc\scc32.exe
		<Tanium Client>\Tools\Comply\scc\scc64.exe
SCC engine - Linux/macOS endpoints		<Tanium Client>/Tools/Comply/scc/cscc
		<Tanium Client>/Tools/Comply/scc/cscc.bin
		<Tanium Client>/Tools/Comply/scc/scc
		<Tanium Client>/Tools/Comply/scc/scc.bin

Connect

Table 10:   Connect security exclusions

Target device	Notes	Process
Module Server		<Module Server>\services\connect-service\node.exe

No additional process exclusions are required.

Deploy

Table 11:   Deploy security exclusions

Target device	Notes	Process
Module Server		<Module Server>\services\deploy-service\node.exe
	Required when Endpoint Configuration is installed	<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints	Required only for the Microsoft Windows 10 Upgrade packages	C:\Deploy\Tanium\*
		<Tanium Client>\Python27\TPython.exe
	7.4.x clients	<Tanium Client>\Python38\TPython.exe
	7.4.x clients	<Tanium Client>\Python38\*.dll
		<Tanium Client>\Tools\Deploy\7za.exe
		<Tanium Client>\Tools\SoftwareManagement\7za.exe
		<Tanium Client>\TaniumCX.exe
Linux endpoints		<Tanium Client>/python27/bin/pybin
	7.2.x clients	<Tanium Client>/python27/pybin
	7.4.x clients	<Tanium Client>/python38/python
		<Tanium Client>/TaniumCX
macOS endpoints		<Tanium Client>/python27/bin/pybin
	7.2.x clients	<Tanium Client>/python27/pybin
	7.4.x clients	<Tanium Client>/python38/python
		<Tanium Client>/TaniumCX

Table 12:   Deploy security exclusions

Target device	Notes	Process
Windows endpoints	Required only for the Microsoft Windows 10 Upgrade packages	C:\Deploy\Tanium\*
		<Tanium Client>\Python27\TPython.exe
	7.4.x clients	<Tanium Client>\Python38\TPython.exe
	7.4.x clients	<Tanium Client>\Python38\*.dll
		<Tanium Client>\Tools\Deploy\7za.exe
		<Tanium Client>\Tools\SoftwareManagement\7za.exe
		<Tanium Client>\TaniumCX.exe
Linux endpoints		<Tanium Client>/python27/bin/pybin
	7.4.x clients	<Tanium Client>/python38/python
		<Tanium Client>/TaniumCX
macOS endpoints		<Tanium Client>/python27/bin/pybin
	7.4.x clients	<Tanium Client>/python38/python
		<Tanium Client>/TaniumCX

Direct Connect

Table 13:   Direct Connect security exclusions

Target Device	Notes	Process
Module Server		<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints		<Tanium Client>\TaniumClientExtensions.dll
		<Tanium Client>\TaniumClientExtensions.dll.sig
		<Tanium Client>\extensions\TaniumDEC.dll
		<Tanium Client>\extensions\TaniumDEC.dll.sig
	7.2.x clients1	<Tanium Client>\Python27\TPython.exe
	7.4.x clients1	<Tanium Client>\Python38\TPython.exe
	7.4.x clients	<Tanium Client>\Python38\*.dll
		<Tanium Client>\TaniumCX.exe
macOS endpoints		<Tanium Client>/libTaniumClientExtensions.dylib
		<Tanium Client>/libTaniumClientExtensions.dylib.sig
		<Tanium Client>/extensions/libTaniumDEC.dylib
		<Tanium Client>/extensions/libTaniumDEC.dylib.sig
	7.2.x clients	<Tanium Client>/python27/bin/pybin
	7.4.x clients	<Tanium Client>/python38/bin/pybin
		<Tanium Client>/TaniumCX
Linux endpoints		<Tanium Client>/libTaniumClientExtensions.so
		<Tanium Client>/libTaniumClientExtensions.so.sig
		<Tanium Client>/extensions/libTaniumDEC.so
		<Tanium Client>/extensions/libTaniumDEC.so.sig
	7.2.x clients	<Tanium Client>/python27/bin/pybin
	7.4.x clients	<Tanium Client>/python38/bin/pybin
		<Tanium Client>/TaniumCX
1 = TPython requires SHA2 support to allow installation.

Table 14:   Direct Connect security exclusions

Target Device	Notes	Process
Windows endpoints		<Tanium Client>\TaniumClientExtensions.dll
		<Tanium Client>\TaniumClientExtensions.dll.sig
		<Tanium Client>\extensions\TaniumDEC.dll
		<Tanium Client>\extensions\TaniumDEC.dll.sig
	1	<Tanium Client>\Python38\TPython.exe
		<Tanium Client>\Python38\*.dll
		<Tanium Client>\TaniumCX.exe
macOS endpoints		<Tanium Client>/libTaniumClientExtensions.dylib
		<Tanium Client>/libTaniumClientExtensions.dylib.sig
		<Tanium Client>/extensions/libTaniumDEC.dylib
		<Tanium Client>/extensions/libTaniumDEC.dylib.sig
		<Tanium Client>/python38/bin/pybin
		<Tanium Client>/TaniumCX
Linux endpoints		<Tanium Client>/libTaniumClientExtensions.so
		<Tanium Client>/libTaniumClientExtensions.so.sig
		<Tanium Client>/extensions/libTaniumDEC.so
		<Tanium Client>/extensions/libTaniumDEC.so.sig
		<Tanium Client>/python38/bin/pybin
		<Tanium Client>/TaniumCX
1 = TPython requires SHA2 support to allow installation.

Discover

Table 15:   Discover security exclusions

Target Device	Notes	Process
Module Server		<Module Server>\services\discover-service\node.exe
		<Module Server>\plugins\content\discover-proxy\proxyplugin.exe
		<Module Server>\services\twsm-v1\twsm.exe
		<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints	(Level 3 and 4 profiles only)	C:\Program Files\Npcap
	(Level 3 and 4 profiles only)	<Tanium Client>\Tools\Discover\nmap\nmap.exe
Linux endpoints	(Level 3 and 4 profiles only)	<Tanium Client>/Tools/Discover/nmap/nmap
macOS endpoints	(Level 3 and 4 profiles only)	<Tanium Client>/Tools/Discover/nmap/nmap

Endpoint Configuration

No additional process exclusions are required.

Table 16:   Endpoint Configuration security exclusions

Target Device	Notes	Process
Module Server		<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe

End-User Notifications

Table 17:   End-User Notifications security exclusions

Target Device	Notes	Process
Module Server		<Module Server>\services\end-user-notifications-service\node.exe
		<Module Server>\services\twsm-v1\twsm.exe
Windows endpoints	7.2.x clients	<Tanium Client>\Python27\TPython.exe
	7.4.x clients	<Tanium Client>\Python38\TPython.exe
		<Tanium>\Tanium End User Notification Tools\UserSessionProxy.exe
		<Tanium>\Tanium End User Notification Tools\bin\end-user-notifications.exe
	exclude from on-access or real-time scans	<Tanium>\Tanium End User Notification Tools\
macOS endpoints	7.2.x clients	<Tanium Client>/python27/bin/pybin
	7.4.x clients	<Tanium Client>/python38/bin/pybin
		/Library/Tanium/EndUserNotifications/bin/end-user-notifications.app
		/Library/Tanium/EndUserNotifications

Table 18:   End-User Notifications security exclusions

Target Device	Notes	Process
Windows endpoints	7.4.x clients	<Tanium Client>\Python38\TPython.exe
		<Tanium>\Tanium End User Notification Tools\UserSessionProxy.exe
		<Tanium>\Tanium End User Notification Tools\bin\end-user-notifications.exe
	exclude from on-access or real-time scans	<Tanium>\Tanium End User Notification Tools\
macOS endpoints	7.4.x clients	<Tanium Client>/python38/bin/pybin
		/Library/Tanium/EndUserNotifications/bin/end-user-notifications.app
		/Library/Tanium/EndUserNotifications

Enforce

Table 19:   Enforce security exclusions

Target Device	Process	Notes
Module Server	<Module Server>\services\enforce-service\7za.exe
	<Module Server>\services\enforce-service\node.exe
Windows x86 endpoints	<Tanium Client>\Tools\StdUtils\7za.exe
	<Tanium Client>\Tools\Enforce\devcon32.exe
	<Tanium Client>\Python27\TPython.exe	(7.2.x clients)
	<Tanium Client>\Python38\TPython.exe	(7.4.x clients)
	<Tanium Client>\Python38\*.dll	(7.4.x clients)
	<Tanium Client>\TaniumCX.exe
Windows x64 endpoints	<Tanium Client>\Tools\StdUtils\7za.exe
	<Tanium Client>\Tools\Enforce\devcon64.exe
	<Tanium Client>\Python27\TPython.exe	(7.2.x clients)
	<Tanium Client>\Python38\TPython.exe	(7.4.x clients)
	<Tanium Client>\Python38\*.dll	(7.4.x clients)
	<Tanium Client>\TaniumCX.exe
Linux x86 and x64 endpoints	<Tanium Client>/python27/python	(7.2.x clients)
	<Tanium Client>/python27/bin/pybin
	<Tanium Client>/python38/python	(7.4.x clients)
	<Tanium Client>/python38/bin/pybin
	<Tanium Client>/TaniumCX

Impact

Table 21:   Impact security exclusions

Target Device	Notes	Process
Module Server		<Module Server>\services\impact-service\TaniumImpactService.exe
		<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints		<Tanium Client>\Python38\TPython.exe
		<Tanium Client>\Python38\*.dll

Table 22:   Impact security exclusions

Target Device	Notes	Process
Windows endpoints		<Tanium Client>\Python38\TPython.exe
		<Tanium Client>\Python38\*.dll

Integrity Monitor

Map

Table 26:   Map security exclusions

Target Device	Notes	Process
Module Server		<Module Server>\services\map-service\node.exe
		<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints	7.2.x clients	<Tanium Client>\Python27\TPython.exe
	7.4.x clients	<Tanium Client>\Python38\TPython.exe
	7.4.x clients	<Tanium Client>\Python38\*.dll
		<Tanium Client>\TaniumCX.exe
Linux endpoints	7.2.x clients	<Tanium Client>/python27/bin/pybin
	7.4.x clients	<Tanium Client>/python38/python
		<Tanium Client>/TaniumCX
macOS endpoints		<Tanium Client>/TaniumCX

 

Table 27:   Map security exclusions

Target Device	Notes	Process
Windows endpoints	7.4.x clients	<Tanium Client>\Python38\TPython.exe
	7.4.x clients	<Tanium Client>\Python38\*.dll
		<Tanium Client>\TaniumCX.exe
Linux endpoints	7.4.x clients	<Tanium Client>/python38/python
		<Tanium Client>/TaniumCX
macOS endpoints		<Tanium Client>/TaniumCX

Patch

Table 28:   Patch security exclusions

Target device	Notes	Process
Module Server		<Module Server>\services\patch-service\node.exe
	required when Endpoint Configuration is installed	<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints		<Tanium Client>\Patch\tanium-patch.min.vbs
		<Tanium Client>\Patch\scans\Wsusscn2.cab
		<Tanium Client>\Patch\tools\active-user-sessions.exe
		<Tanium Client>\Patch\tools\run-patch-manager.min.vbs
		<Tanium Client>\Patch\tools\TaniumExecWrapper.exe
		<Tanium Client>\Patch\tools\TaniumFileInfo.exe
		<Tanium Client>\Patch\tools\TaniumUpdateSearcher.exe
	7.2.x clients	<Tanium Client>\Python27\TPython.exe
	7.2.x clients	<Tanium Client>\Python27\*.dll
	7.4.x clients	<Tanium Client>\Python38\TPython.exe
	7.4.x clients	<Tanium Client>\Python38\*.dll
		<Tanium Client>\TaniumCX.exe
		<Tanium Client>\Tools\Patch\7za.exe
		<Tanium Client>\Tools\Patch\TaniumExecWrapper.exe
	exclude from on-access or real-time scans	<Tanium Client>
Linux endpoints	7.2.x clients	<Tanium Client>/python27/bin/pybin
	7.2.x clients	<Tanium Client>/python27/python
	7.4.x clients	<Tanium Client>/python38/bin/pybin
	7.4.x clients	<Tanium Client>/python38/python
		<Tanium Client>/Tools/Patch/TaniumExecWrapper

Table 29:   Patch security exclusions

Target device	Notes	Process
Windows endpoints		<Tanium Client>\Patch\tanium-patch.min.vbs
		<Tanium Client>\Patch\scans\Wsusscn2.cab
		<Tanium Client>\Patch\tools\active-user-sessions.exe
		<Tanium Client>\Patch\tools\run-patch-manager.min.vbs
		<Tanium Client>\Patch\tools\TaniumExecWrapper.exe
		<Tanium Client>\Patch\tools\TaniumFileInfo.exe
		<Tanium Client>\Patch\tools\TaniumUpdateSearcher.exe
	7.4.x clients	<Tanium Client>\Python38\TPython.exe
	7.4.x clients	<Tanium Client>\Python38\*.dll
		<Tanium Client>\TaniumCX.exe
		<Tanium Client>\Tools\Patch\7za.exe
		<Tanium Client>\Tools\Patch\TaniumExecWrapper.exe
	exclude from on-access or real-time scans	<Tanium Client>
Linux endpoints	7.4.x clients	<Tanium Client>/python38/bin/pybin
	7.4.x clients	<Tanium Client>/python38/python
		<Tanium Client>/Tools/Patch/TaniumExecWrapper

Performance

Table 30:   Performance security exclusions

Target Device	Notes	Process
Module Server		<Module Server>\services\performance\node.exe
		<Module Server>\services\event-service\twsm.exe
		<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows x86 and x64 endpoints		<Tanium Client>\Tools\Performance\TaniumTSDB.exe
	7.2.x clients1	<Tanium Client>\Python27\TPython.exe
	7.4.x clients1	<Tanium Client>\Python38\TPython.exe
	7.4.x clients	<Tanium Client>\Python38\*.dll
		<Tanium Client>\TaniumCX.exe
macOS and Linux (x86 and x64) endpoints		<Tanium Client>/Tools/Performance/TaniumTSDB
	7.2.x clients	<Tanium Client>/python27/bin/pybin
	7.4.x clients	<Tanium Client>/python38/bin/pybin
		<Tanium Client>/TaniumCX
1 = TPython requires SHA2 support to allow installation.

Table 31:   Performance security exclusions

Target Device	Notes	Process
Windows (x86 and x64) endpoints		<Tanium Client>\Tools\Performance\TaniumTSDB.exe
	1	<Tanium Client>\Python38\TPython.exe
		<Tanium Client>\Python38\*.dll
		<Tanium Client>\TaniumCX.exe
macOS and Linux (x86 and x64) endpoints		<Tanium Client>/Tools/Performance/TaniumTSDB
		<Tanium Client>/python38/bin/pybin
		<Tanium Client>/TaniumCX
1 = TPython requires SHA2 support to allow installation.

Reputation

Table 33:   Reputation security exclusions

Target device	Notes	Process
Module Server		<Module Server>\services\reputation-service\node.exe

No additional process exclusions are required.

Reveal

Table 34:   Reveal security exclusions

Target Device	Notes	Process
Module Server		<Module Server>\services\reveal-service\node.exe
		<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints		<Tanium Client>\TaniumCX.exe
		<Tanium Client>\Tools\EPI\TaniumExecWrapper.exe
		<Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe
		<Tanium Client>\TaniumClientExtensions.dll
		<Tanium Client>\TaniumClientExtensions.dll.sig
		<Tanium Client>\extensions\RevealCX.dll
		<Tanium Client>\extensions\RevealCX.dll.sig
		<Tanium Client>\extensions\TaniumDEC.dll
		<Tanium Client>\extensions\TaniumDEC.dll.sig
		<Tanium Client>\extensions\core\libTaniumPythonCx.dll
		<Tanium Client>\extensions\core\libTaniumPythonCx.dll.sig
	7.2.x clients, 1	<Tanium Client>\Python27\TPython.exe
	7.4.x clients, 1	<Tanium Client>\Python38\TPython.exe
	7.2.x clients	<Tanium Client>\Python38\*.dll
Linux endpoints		<Tanium Client>/TaniumCX
		<Tanium Client>/Tools/EPI/TaniumExecWrapper
		<Tanium Client>/Tools/EPI/TaniumEndpointIndex
		<Tanium Client>/libTaniumClientExtensions.so
		<Tanium Client>/libTaniumClientExtensions.so.sig
		<Tanium Client>/extensions/libRevealCX.so
		<Tanium Client>/extensions/libRevealCX.so.sig
		<Tanium Client>/extensions/libTaniumDEC.so
		<Tanium Client>/extensions/libTaniumDEC.so.sig
		<Tanium Client>/extensions/core/libTaniumPythonCx.so
		<Tanium Client>/extensions/core/libTaniumPythonCx.so.sig
	7.2.x clients	<Tanium Client>/python27/python
	7.4.x clients	<Tanium Client>/python38/python
macOS endpoints		<Tanium Client>/TaniumCX
		<Tanium Client>/Tools/EPI/TaniumExecWrapper
		<Tanium Client>/Tools/EPI/TaniumEndpointIndex
		<Tanium Client>/libTaniumClientExtensions.dylib
		<Tanium Client>/libTaniumClientExtensions.dylib.sig
		<Tanium Client>/extensions/libRevealCX.dylib
		<Tanium Client>/extensions/libRevealCX.dylib.sig
		<Tanium Client>/extensions/libTaniumDEC.dylib
		<Tanium Client>/extensions/libTaniumDEC.dylib.sig
		<Tanium Client>/extensions/core/libTaniumPythonCx.dylib
		<Tanium Client>/extensions/core/libTaniumPythonCx.dylib.sig
	7.2.x clients	<Tanium Client>/python27/python
	7.4.x clients	<Tanium Client>/python38/python
1 = TPython requires SHA2 support to allow installation.

Table 35:   Reveal security exclusions

Target Device	Notes	Process
Windows endpoints		<Tanium Client>\TaniumCX.exe
		<Tanium Client>\Tools\EPI\TaniumExecWrapper.exe
		<Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe
		<Tanium Client>\Tools\Reveal\TaniumReveal.exe
		<Tanium Client>\TaniumClientExtensions.dll
		<Tanium Client>\TaniumClientExtensions.dll.sig
		<Tanium Client>\extensions\RevealCX.dll
		<Tanium Client>\extensions\RevealCX.dll.sig
		<Tanium Client>\extensions\TaniumDEC.dll
		<Tanium Client>\extensions\TaniumDEC.dll.sig
		<Tanium Client>\extensions\core\libTaniumPythonCx.dll
		<Tanium Client>\extensions\core\libTaniumPythonCx.dll.sig
	7.4.x clients, 1	<Tanium Client>\Python38\TPython.exe
Linux endpoints		<Tanium Client>/TaniumCX
		<Tanium Client>/Tools/EPI/TaniumExecWrapper
		<Tanium Client>/Tools/EPI/TaniumEndpointIndex
		<Tanium Client>/Tools/Reveal/TaniumReveal
		<Tanium Client>/libTaniumClientExtensions.so
		<Tanium Client>/libTaniumClientExtensions.so.sig
		<Tanium Client>/extensions/libRevealCX.so
		<Tanium Client>/extensions/libRevealCX.so.sig
		<Tanium Client>/extensions/libTaniumDEC.so
		<Tanium Client>/extensions/libTaniumDEC.so.sig
		<Tanium Client>/extensions//core/libTaniumPythonCx.so
		<Tanium Client>/extensions/core/libTaniumPythonCx.so.sig
	7.4.x clients	<Tanium Client>/python38/python
macOS endpoints		<Tanium Client>/TaniumCX
		<Tanium Client>/Tools/EPI/TaniumExecWrapper
		<Tanium Client>/Tools/EPI/TaniumEndpointIndex
		<Tanium Client>/Tools/Reveal/TaniumReveal
		<Tanium Client>/libTaniumClientExtensions.dylib
		<Tanium Client>/libTaniumClientExtensions.dylib.sig
		<Tanium Client>/extensions/libRevealCX.dylib
		<Tanium Client>/extensions/libRevealCX.dylib.sig
		<Tanium Client>/extensions/libTaniumDEC.dylib
		<Tanium Client>/extensions/libTaniumDEC.dylib.sig
		<Tanium Client>/extensions/core/libTaniumPythonCx.dylib
		<Tanium Client>/extensions/core/libTaniumPythonCx.dylib.sig
	7.4.x clients	<Tanium Client>/python38/python
1= TPython requires SHA2 support to allow installation.

Threat Response

Table 36:   Threat Response security exclusions

Target Device	Notes	Process
Tanium Module Server		<Module Server>\services\trace-service\node.exe
		<Module Server>\services\detect3\node.exe
		<Module Server>\services\detect3\twsm.exe
		<Module Server>\services\event-service\node.exe
		<Module Server>\services\event-service\twsm.exe
		<Module Server>\services\threat-response-service\node.exe
		<Module Server>\services\twsm-v1\twsm.exe
		<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Tanium Zone Server		<Zone Server>\proxy\node.exe
Windows x86 and x64 endpoints		<Tanium Client>\Tools\EPI\TaniumExecWrapper.exe
		<Tanium Client>\Tools\IR\TaniumExecWrapper.exe
		<Tanium Client>\Tools\IR\TanFileInfo.exe
		<Tanium Client>\Tools\IR\TaniumFileInfo.exe
		<Tanium Client>\Tools\IR\TaniumHandle.exe
		<Tanium Client>\Tools\IR\TanListModules.exe
		<Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe
		<Tanium Client>\Tools\Trace\TaniumTraceWebsocketClient.exe
		<Tanium Client>\Tools\Trace\TaniumTraceWebsocketClient64.exe
		<Tanium Client>\Tools\Trace\TaniumExecWrapper.exe
		<Tanium Client>\Tools\recorder\TaniumRecorderCtl.exe
		<Tanium Client>\Tools\Detect3\TaniumDetectEngine.exe
		<Tanium Client>\extensions\TaniumRecorder.dll
		<Tanium Client>\extensions\TaniumRecorder.dll.sig
		<Tanium Client>\extensions\SupportCX.dll
		<Tanium Client>\extensions\SupportCX.dll.sig
		<Tanium Client>\extensions\recorder\proc.bin
		<Tanium Client>\extensions\recorder\recorder.db
		<Tanium Client>\extensions\recorder\recorder.db-shm
		<Tanium Client>\extensions\recorder\recorder.db-wal
		<Tanium Client>\extensions\TaniumThreatResponse.dll
		<Tanium Client>\extensions\TaniumThreatResponse.dll.sig
		<Tanium Client>\extensions\core\libTaniumPythonCx.dll
		<Tanium Client>\extensions\core\libTaniumPythonCx.dll.sig
		<Tanium Client>\extensions\stream\*.py
		<Tanium Client>\TaniumClientExtensions.dll
		<Tanium Client>\TaniumClientExtensions.dll.sig
		<Tanium Client>\Downloads\Action_nnn\TaniumFileTransfer.exe
		<Tanium Client>\Downloads\Action_nnn\Winpmem.gb414603.exe1
		<Tanium Client>\Tools\IR\TaniumPersistenceAnalyzer.exe
		<Tanium Client>\Tools\IR\PowerForensics\PowerForensics.dll
	7.2.x clients, 3	<Tanium Client>\Python27\TPython.exe
	7.4.x clients, 3	<Tanium Client>\Python38\TPython.exe
	7.4.x clients	<Tanium Client>\Python38\*.dll
		<Tanium Client>\TaniumSensorDebugger.exe
		<Tanium Client>\TaniumCX.exe
		<Tanium Client>\extensions\TaniumDEC.dll
		<Tanium Client>\extensions\TaniumDEC.dll.sig
Linux x86 and x64 endpoints		<Tanium Client>/TaniumAuditPipe
		<Tanium Client>/TaniumCX
		<Tanium Client>/TaniumSensorDebugger
		<Tanium Client>/Tools/EPI/TaniumExecWrapper
		<Tanium Client>/Tools/IR/TaniumExecWrapper
		<Tanium Client>/Tools/EPI/TaniumEndpointIndex
		<Tanium Client>/Tools/Trace/TaniumTraceWebsocketClient
		<Tanium Client>/Tools/Trace/TaniumExecWrapper
		<Tanium Client>/Tools/Detect3/TaniumDetectEngine
	7.2.x clients	<Tanium Client>/python27/python
	7.2.x clients	<Tanium Client>/python27/bin/pybin
	7.4.x clients	<Tanium Client>/python38/python
		<Tanium Client>/libTaniumClientExtensions.so
		<Tanium Client>/libTaniumClientExtensions.so.sig
		<Tanium Client>/libSupportCX.so
		<Tanium Client>/libSupportCX.so.sig
		<Tanium Client>/extensions/libTaniumThreatResponse.so
		<Tanium Client>/extensions/libTaniumThreatResponse.so.sig
		<Tanium Client>/extensions/libTaniumRecorder.so
		<Tanium Client>/extensions/libTaniumRecorder.dylib.sig
		<Tanium Client>/extensions/recorder/proc.bin
		<Tanium Client>/extensions/recorder/recorder.db
		<Tanium Client>/extensions/recorder/recorder.db-shm
		<Tanium Client>/extensions/recorder/recorder.db-wal
		<Tanium Client>/extensions/recorder/recorder.auditpipe
		<Tanium Client>/extensions/core/libTaniumPythonCx.so
		<Tanium Client>/extensions/core/libTaniumPythonCx.so.sig
		<Tanium Client>/extensions/libTaniumDEC.so
		<Tanium Client>/extensions/libTaniumDEC.so.sig
		<Tanium Client>/extensions/stream/*.py
		<Tanium Client>/Downloads/Action_nnn/surge-collect1,2
	1,2	<Tanium Client>/Downloads/Action_nnn/surge.dat
	1	<Tanium Client>/Downloads/Action_nnn/linpmem-<version>.bin
	1	<Tanium Client>/Downloads/Action_nnn/taniumfiletransfer
macOS endpoints		<Tanium Client>/TaniumCX
		<Tanium Client>/TaniumSensorDebugger
		<Tanium Client>/Tools/EPI/TaniumExecWrapper
		<Tanium Client>/Tools/IR/TaniumExecWrapper
		<Tanium Client>/Tools/EPI/TaniumEndpointIndex
		<Tanium Client>/Tools/Trace/TaniumTraceWebsocketClient
		<Tanium Client>/Tools/Trace/TaniumExecWrapper
		<Tanium Client>/Tools/Detect3/TaniumDetectEngine
	7.2.x clients	<Tanium Client>/python27/python
	7.4.x clients	<Tanium Client>/python38/python
		<Tanium Client>/libTaniumClientExtensions.dylib
		<Tanium Client>/libTaniumClientExtensions.dylib.sig
		<Tanium Client>/extensions/libTaniumThreatResponse.dylib
		<Tanium Client>/extensions/libTaniumThreatResponse.dylib.sig
		<Tanium Client>/extensions/libTaniumRecorder.dylib
		<Tanium Client>/extensions/libTaniumRecorder.dylib.sig
		<Tanium Client>/extensions/recorder/proc.bin
		<Tanium Client>/extensions/recorder/recorder.db
		<Tanium Client>/extensions/recorder/recorder.db-shm
		<Tanium Client>/extensions/recorder/recorder.db-wal
		<Tanium Client>/extensions/recorder/recorder.auditpipe
		<Tanium Client>/extensions/core/libTaniumPythonCx.dylib
		<Tanium Client>/extensions/core/libTaniumPythonCx.dylib.sig
		<Tanium Client>/extensions/stream/*.py
		<Tanium Client>/extensions/libTaniumDEC.dylib
		<Tanium Client>/extensions/libTaniumDEC.dylib.sig
		<Tanium Client>/extensions/libSupportCX.dylib
		<Tanium Client>/extensions/libSupportCX.dylib.sig
	1,2	<Tanium Client>/Downloads/Action_nnn/surge-collect
	1,2	<Tanium Client>/Downloads/Action_nnn/surge.dat
	1	<Tanium Client>/Downloads/Action_nnn/osxpmem.app/osxpmem
	1	<Tanium Client>/Downloads/Action_nnn/taniumfiletransfer
1 = Where nnn corresponds to the action ID. 2 = Exception is required if Volexity Surge is used for memory collection. 3 = TPython requires SHA2 support to allow installation.

Table 37:   Threat Response security exclusions

Target Device	Notes	Process
Tanium Zone Server		<Zone Server>\proxy\node.exe
Windows x86 and x64 endpoints		<Tanium Client>\Tools\EPI\TaniumExecWrapper.exe
		<Tanium Client>\Tools\IR\TaniumExecWrapper.exe
		<Tanium Client>\Tools\IR\TanFileInfo.exe
		<Tanium Client>\Tools\IR\TaniumFileInfo.exe
		<Tanium Client>\Tools\IR\TaniumHandle.exe
		<Tanium Client>\Tools\IR\TanListModules.exe
		<Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe
		<Tanium Client>\Tools\Trace\TaniumTraceWebsocketClient.exe
		<Tanium Client>\Tools\Trace\TaniumTraceWebsocketClient64.exe
		<Tanium Client>\Tools\Trace\TaniumExecWrapper.exe
		<Tanium Client>\Tools\recorder\TaniumRecorderCtl.exe
		<Tanium Client>\Tools\Detect3\TaniumDetectEngine.exe
		<Tanium Client>\extensions\TaniumRecorder.dll
		<Tanium Client>\extensions\TaniumRecorder.dll.sig
		<Tanium Client>\extensions\recorder\proc.bin
		<Tanium Client>\extensions\recorder\recorder.db
		<Tanium Client>\extensions\recorder\recorder.db-shm
		<Tanium Client>\extensions\recorder\recorder.db-wal
		<Tanium Client>\extensions\TaniumThreatResponse.dll
		<Tanium Client>\extensions\TaniumThreatResponse.dll.sig
		<Tanium Client>\extensions\core\libTaniumPythonCx.dll
		<Tanium Client>\extensions\core\libTaniumPythonCx.dll.sig
		<Tanium Client>\TaniumClientExtensions.dll
		<Tanium Client>\TaniumClientExtensions.dll.sig
		<Tanium Client>\Downloads\Action_nnn\TaniumFileTransfer.exe
		<Tanium Client>\Downloads\Action_nnn\Winpmem.gb414603.exe1
		<Tanium Client>\Tools\IR\TaniumPersistenceAnalyzer.exe
		<Tanium Client>\Tools\IR\PowerForensics\PowerForensics.dll
	7.4.x clients	<Tanium Client>\Python38\TPython.exe
	7.4.x clients	<Tanium Client>\Python38\*.dll
		<Tanium Client>\TaniumSensorDebugger.exe
		<Tanium Client>\TaniumCX.exe
		<Tanium Client>\extensions\TaniumDEC.dll
		<Tanium Client>\extensions\TaniumDEC.dll.sig
Linux x86 and x64 endpoints		<Tanium Client>/TaniumAuditPipe
		<Tanium Client>/TaniumCX
		<Tanium Client>/TaniumSensorDebugger
		<Tanium Client>/Tools/EPI/TaniumExecWrapper
		<Tanium Client>/Tools/IR/TaniumExecWrapper
		<Tanium Client>/Tools/EPI/TaniumEndpointIndex
		<Tanium Client>/Tools/Trace/TaniumTraceWebsocketClient
		<Tanium Client>/Tools/Trace/TaniumExecWrapper
		<Tanium Client>/Tools/Detect3/TaniumDetectEngine
	7.4.x clients	<Tanium Client>/python38/python
		<Tanium Client>/libTaniumClientExtensions.so
		<Tanium Client>/libTaniumClientExtensions.so.sig
		<Tanium Client>/extensions/libTaniumThreatResponse.so
		<Tanium Client>/extensions/libTaniumThreatResponse.so.sig
		<Tanium Client>/extensions/libTaniumRecorder.so
		<Tanium Client>/extensions/libTaniumRecorder.dylib.sig
		<Tanium Client>/extensions/recorder/proc.bin
		<Tanium Client>/extensions/recorder/recorder.db
		<Tanium Client>/extensions/recorder/recorder.db-shm
		<Tanium Client>/extensions/recorder/recorder.db-wal
		<Tanium Client>/extensions/recorder/recorder.auditpipe
		<Tanium Client>/extensions/core/libTaniumPythonCx.so
		<Tanium Client>/extensions/core/libTaniumPythonCx.so.sig
		<Tanium Client>/extensions/libTaniumDEC.so
		<Tanium Client>/extensions/libTaniumDEC.so.sig
		<Tanium Client>/Downloads/Action_nnn/surge-collect1,2
	1,2	<Tanium Client>/Downloads/Action_nnn/surge.dat
	1	<Tanium Client>/Downloads/Action_nnn/linpmem-<version>.bin
	1	<Tanium Client>/Downloads/Action_nnn/taniumfiletransfer
macOS endpoints		<Tanium Client>/TaniumCX
		<Tanium Client>/TaniumSensorDebugger
		<Tanium Client>/Tools/EPI/TaniumExecWrapper
		<Tanium Client>/Tools/IR/TaniumExecWrapper
		<Tanium Client>/Tools/EPI/TaniumEndpointIndex
		<Tanium Client>/Tools/Trace/TaniumTraceWebsocketClient
		<Tanium Client>/Tools/Trace/TaniumExecWrapper
		<Tanium Client>/Tools/Detect3/TaniumDetectEngine
	7.4.x clients	<Tanium Client>/python38/python
		<Tanium Client>/libTaniumClientExtensions.dylib
		<Tanium Client>/libTaniumClientExtensions.dylib.sig
		<Tanium Client>/extensions/libTaniumThreatResponse.dylib
		<Tanium Client>/extensions/libTaniumThreatResponse.dylib.sig
		<Tanium Client>/extensions/libTaniumRecorder.dylib
		<Tanium Client>/extensions/libTaniumRecorder.dylib.sig
		<Tanium Client>/extensions/recorder/proc.bin
		<Tanium Client>/extensions/recorder/recorder.db
		<Tanium Client>/extensions/recorder/recorder.db-shm
		<Tanium Client>/extensions/recorder/recorder.db-wal
		<Tanium Client>/extensions/recorder/recorder.auditpipe
		<Tanium Client>/extensions/core/libTaniumPythonCx.dylib
		<Tanium Client>/extensions/core/libTaniumPythonCx.dylib.sig
		<Tanium Client>/extensions/libTaniumDEC.dylib
		<Tanium Client>/extensions/libTaniumDEC.dylib.sig
	1,2	<Tanium Client>/Downloads/Action_nnn/surge-collect
	1,2	<Tanium Client>/Downloads/Action_nnn/surge.dat
	1	<Tanium Client>/Downloads/Action_nnn/osxpmem.app/osxpmem
	1	<Tanium Client>/Downloads/Action_nnn/taniumfiletransfer
1 = Where nnn corresponds to the action ID. 2 = Exception is required if Volexity Surge is used for memory collection.

Trends

Table 38:   Trends security exclusions

Target Device	Notes	Process
Module Server		<Module Server>\services\twsm-v1\twsm.exe
		<Module Server>\services\trends\node_modules\@tanium \postgresql\lib\win32\bin\postgres.exe
		<Module Server>\services\trends\node_modules\@tanium \postgresql\lib\win32\bin\pg_ctl.exe

No additional process exclusions are required.