Host system security exclusions

If security software is implemented in your environment to monitor and block unknown host system processes, Tanium recommends that a security administrator create exclusions to allow Tanium Client processes to run without interference. Tanium also recommends implementing advanced antivirus (AV) software that permits customized and detailed exclusions that typically do not block known Tanium processes. Some AV software might require excluding the installation directories of the Tanium Client and (for Windows deployments) Tanium Core Platform servers from real-time inspection. Typically, configuring trusted exclusions also involves setting a policy to ignore the input and output of Tanium binaries. The configuration of these exclusions varies based on the AV software.

In certain implementations, creating the security exclusions and optimizations described in the following sections might increase the attack vulnerability of a system and might expose devices to various security threats. Using advanced AV software that permits detailed exclusions potentially reduces risk while limiting Tanium performance impacts. Tanium recommends rigorously testing any exclusions or optimizations in a lab environment to thoroughly understand any impact on security and performance before implementation. Tanium also strongly recommends that you involve your AV vendor and security teams in reviewing these guidelines before applying them.

Tanium Core Platform servers do not require host system security exclusions in a Tanium Appliance deployment. Tanium recommends implementing host system security exclusions for Tanium Clients on all operating systems (OSs).

Tanium Client Core Platform folders

If you plan to implement exclusions on a folder-by-folder basis, the following table lists Tanium Client Core Platform folders that Tanium recommends AV and other host-based security applications exclude from real-time scans. Include subfolders of these locations when you create the exception rules.

Whenever a new action runs on a managed endpoint, the Tanium Client adds a subfolder to contain the associated package files. The parent folder is <Tanium Client installation folder>/Downloads and the subfolder is named Action_<ID>, where <ID> is the action identifier. Include the Action_<ID> subfolders when you create exception rules for Tanium Clients.

The listed folder paths are the defaults. If you changed the folder locations to non-default paths, create rules based on the actual locations.

 Table 1: Security exclusions for Tanium Client folders
Endpoint OS Installation folder
Windows 32-bit \Program Files\Tanium\Tanium Client
Windows 64-bit \Program Files (x86)\Tanium\Tanium Client
macOS /Library/Tanium/TaniumClient
Linux, Solaris /opt/Tanium/TaniumClient
 Table 1: Security exclusions for Tanium Core Platform folders
Target Device OS Installation folder
¹ Tanium Server Windows 64-bit \Program Files\Tanium\Tanium Server
Tanium Module Server Windows 64-bit \Program Files\Tanium\Tanium Module Server
  \Program Files\Tanium\Tanium Module Postgres
Tanium Zone Server,

Zone Server Hub

Windows 64-bit \Program Files (x86)\Tanium\Tanium ZoneServer
² Tanium Client endpoints Windows 32-bit \Program Files\Tanium\Tanium Client
Windows 64-bit \Program Files (x86)\Tanium\Tanium Client
macOS /Library/Tanium/TaniumClient
Linux, Solaris, AIX /opt/Tanium/TaniumClient
1 You might also choose to exclude the <Tanium Server installation folder>/Downloads subfolder if it was moved out of the installation folder. See Tanium Core Platform Deployment Guide for Windows: Relocate the package file repository.

2 For additional folder exclusions that Tanium recommends during Tanium Client installation, see Tanium Client Management User Guide: Security exclusions for Client Management.

Tanium Client Core Platform system processes

The following table lists Tanium Client Core Platform system processes that Tanium recommends allowing (not blocking, quarantining, or otherwise processing). The <Tanium Client> variable indicates the client installation folder. The variables such as <Module Server> indicate the installation folder of the platform servers and Tanium Client.

 Table 2: Security exclusions for Tanium Client processes
Endpoint OS Process
Windows, macOS, Linux <Tanium Client>/Tools/StdUtils folder or all the files that it contains, including:
  • 7za.exe (Windows only)
  • runasuser.exe (Windows only)
  • runasuser64.exe (Windows only)
  • TaniumExecWrapper.exe (Windows) or TaniumExecWrapper (macOS, Linux)
  • TaniumFileInfo.exe (Windows only)
  • TPowerShell.exe (Windows only)
  • distribute-tools.sh (macOS, Linux only)
Windows <Tanium Client>\TaniumClient.exe
<Tanium Client>\TaniumCX.exe
macOS, Linux, Solaris, AIX <Tanium Client>/TaniumClient
<Tanium Client>/taniumclient
<Tanium Client>/TaniumCX
 Table 2: Security exclusions for Tanium Core Platform processes
Target Device OS Process
Tanium Server Windows <Tanium Server>\TaniumReceiver.exe
Tanium Module Server Windows <Module Server>\services\comply-service\_new_\src\utils\7z\7za.exe

<Module Server>\plugins\console\lib\7za.exe

<Module Server>\TaniumModuleServer.exe
<Module Server>\temp\content-management\ContentManagement.exe
<Module Server>\services\tanium-data-service\TaniumDataService.exe
Tanium Zone Server,

Zone Server Hub

Windows <Zone Server>\TaniumZoneServer.exe
<Zone Server Hub>\TaniumZoneServer.exe
Tanium Client endpoints Windows, macOS, Linux <Tanium Client>/Tools/StdUtils folder or all the files that it contains, including:
  • 7za.exe (Windows only)
  • runasuser.exe (Windows only)
  • runasuser64.exe (Windows only)
  • TaniumExecWrapper.exe (Windows) or TaniumExecWrapper (macOS, Linux)
  • TaniumFileInfo.exe (Windows only)
  • TPowerShell.exe (Windows only)
  • distribute-tools.sh (macOS, Linux only)
Windows <Tanium Client>\TaniumClient.exe
<Tanium Client>\TaniumCX.exe
macOS, Linux, Solaris, AIX <Tanium Client>/TaniumClient
<Tanium Client>/taniumclient
<Tanium Client>/TaniumCX

The following tools and files have specific requirements for the Tanium Client:

  • Microsoft Group Policy Objects (GPO) or other central management tools for managing host firewalls: Tanium recommends creating rules to allow inbound and outbound TCP traffic across the port that the client uses for Tanium traffic (default 17472) and port 17486 on any managed endpoints. See Tanium Client Management User Guide: Network connectivity, ports, and firewalls.

  • Windows Update offline scan file (Wsusscn2.cab): The Tanium Client uses Wsusscn2.cab to assess endpoints for installed or missing operating system and application security patches. If your endpoint security solutions scan archive files, see the Microsoft KB for information on configuring those tools to interact appropriately with the Wsusscn2.cab file.

  • McAfee Host Intrusion Detection (in older versions of McAfee security software): Tanium recommends marking the Tanium Client as both Trusted for Firewall and Trusted for IPS.

Tanium binary file signers

Some security products base exclusion rules on file signers. Tanium uses an extended validation (EV) code-signing certificate with the following signers for the Tanium-generated binary files of Tanium Core Platform servers, Tanium Clients, and Tanium solutions (modules and shared services). Tanium also uses this certificate to sign VBS and PS1 files within action packages:

 Table 3: Tanium binary file signers
Operating system Signer
Windows Files are signed by:

Subject: jurisdictionC=US/jurisdictionST=Delaware/businessCategory=Private Organization/serialNumber=4332270, C=US, ST=CA, L=Emeryville, O=Tanium Inc., CN=Tanium Inc.

macOS The following Apple developer ID is used to sign and notarize files:

Tanium Inc. (TZTPM3VTUU)

Module Server solution folders

Tanium solutions are installed in subfolders of the Tanium Module Server installation folder. This facilitates any exclusion rules that you create: simply exclude the Module Server installation folder and its subfolders. This applies only to a Module Server installed on Windows infrastructure.

Solution-specific exclusions

The following sections list additional processes, folders, and files on the Module Server (Windows infrastructure only) and Tanium Client (all OSs) that Tanium recommends you configure as exclusions in security software to enable the latest versions of Tanium modules and shared services to work. To view version-specific exclusions for any Tanium solution, see the PDF Archive.

The following sections use variables (such as <Module Server>) to indicate the installation folder of a Tanium Core Platform server or the Tanium Client.The following sections use the <Tanium Client> variable to indicate the client installation folder.

API Gateway

API Gateway security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\graphql-platform-service\TaniumGraphqlPlatformService.exe
  Process <Module Server>\services\twsm-v1\twsm.exe

No additional process exclusions are required.

Asset

Asset security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\asset-service\node.exe
Required only during upgrade from Asset 1.18 and earlier Process <Module Server>\services\asset-service\node_modules\@tanium\postgresql\lib\win32\bin\postgres.exe
Required only during upgrade from Asset 1.18 and earlier Process <Module Server>\services\asset-service\node_modules\@tanium\postgresql\lib\win32\bin\pg_ctl.exe
  Process <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints For integration with Flexera Process <Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe
Process <Tanium Client>\Tools\Asset\TaniumFileEvidence.exe
  File <Tanium Client>\extensions\TaniumSoftwareManager.dll
  File <Tanium Client>\extensions\TaniumSoftwareManager.dll.sig
  File <Tanium Client>\TaniumClientExtensions.dll
  File <Tanium Client>\TaniumClientExtensions.dll.sig
  File <Tanium Client>\extensions\SupportCX.dll
  File <Tanium Client>\extensions\SupportCX.dll.sig
  File <Tanium Client>\extensions\TaniumConfig.dll
  File <Tanium Client>\extensions\TaniumConfig.dll.sig
macOS endpoints For integration with Flexera Process

<Tanium Client>/Tools/EPI/TaniumEndpointIndex

Process

<Tanium Client>/Tools/Asset/TaniumFileEvidence

  File <Tanium Client>/extensions/libTaniumSoftwareManager.dylib
  File <Tanium Client>/extensions/libTaniumSoftwareManager.dylib.sig
  File <Tanium Client>/libTaniumClientExtensions.dylib
  File <Tanium Client>/libTaniumClientExtensions.dylib.sig
  File <Tanium Client>/extensions/libSupportCX.dylib
  File <Tanium Client>/extensions/libSupportCX.dylib.sig
  File <Tanium Client>/extensions/libTaniumConfig.dylib
  File <Tanium Client>/extensions/libTaniumConfig.dylib.sig
Linux endpoints For integration with Flexera Process

<Tanium Client>/Tools/EPI/TaniumEndpointIndex

Process

<Tanium Client>/Tools/Asset/TaniumFileEvidence

  File <Tanium Client>/extensions/libTaniumSoftwareManager.so
  File <Tanium Client>/extensions/libTaniumSoftwareManager.so.sig
  File <Tanium Client>/libTaniumClientExtensions.so
  File <Tanium Client>/libTaniumClientExtensions.so.sig
  File <Tanium Client>/extensions/libSupportCX.so
  File <Tanium Client>/extensions/libSupportCX.so.sig
  File <Tanium Client>/extensions/libTaniumConfig.so
  File <Tanium Client>/extensions/libTaniumConfig.so.sig
Asset security exclusions
Target Device Notes Exclusion Type Exclusion
Windows endpoints   File <Tanium Client>\extensions\TaniumSoftwareManager.dll
  File <Tanium Client>\extensions\TaniumSoftwareManager.dll.sig
  File <Tanium Client>\TaniumClientExtensions.dll
  File <Tanium Client>\TaniumClientExtensions.dll.sig
  File <Tanium Client>\extensions\SupportCX.dll
  File <Tanium Client>\extensions\SupportCX.dll.sig
  File <Tanium Client>\extensions\TaniumConfig.dll
  File <Tanium Client>\extensions\TaniumConfig.dll.sig
macOS endpoints   File <Tanium Client>/extensions/libTaniumSoftwareManager.dylib
  File <Tanium Client>/extensions/libTaniumSoftwareManager.dylib.sig
  File <Tanium Client>/libTaniumClientExtensions.dylib
  File <Tanium Client>/libTaniumClientExtensions.dylib.sig
  File <Tanium Client>/extensions/libSupportCX.dylib
  File <Tanium Client>/extensions/libSupportCX.dylib.sig
  File <Tanium Client>/extensions/libTaniumConfig.dylib
  File <Tanium Client>/extensions/libTaniumConfig.dylib.sig
Linux endpoints   File <Tanium Client>/extensions/libTaniumSoftwareManager.so
  File <Tanium Client>/extensions/libTaniumSoftwareManager.so.sig
  File <Tanium Client>/libTaniumClientExtensions.so
  File <Tanium Client>/libTaniumClientExtensions.so.sig
  File <Tanium Client>/extensions/libSupportCX.so
  File <Tanium Client>/extensions/libSupportCX.so.sig
  File <Tanium Client>/extensions/libTaniumConfig.so
  File <Tanium Client>/extensions/libTaniumConfig.so.sig

Benchmark

Benchmark security exclusions
Target Device Notes Exclusion Type Process
Tanium Module Server   Process <Module Server>\services\benchmark-service\TaniumBenchmarkService.exe
Windows endpoints   Process <Tanium Client>\TaniumCX.exe
  File <Tanium Client>\extensions\TaniumRisk.dll
Linux endpoints   Process <Tanium Client>/TaniumCX
  File <Tanium Client>/libTaniumRisk.so
macOS endpoints   Process <Tanium Client>/TaniumCX
  File <Tanium Client>/libTaniumRisk.dylib
Benchmark security exclusions
Target Device Notes Exclusion Type Process
Windows endpoints   Process <Tanium Client>\TaniumCX.exe
  File <Tanium Client>\extensions\TaniumRisk.dll
Linux endpoints   Process <Tanium Client>/TaniumCX
  File <Tanium Client>/libTaniumRisk.so
macOS endpoints   Process <Tanium Client>/TaniumCX
  File <Tanium Client>/libTaniumRisk.dylib

Blob Service

Blob Service security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\blob-service\TaniumBlobService.exe

No additional process exclusions are recommended.

Certificate Manager

Certificate Manager security exclusions
Target Device Notes Exclusion Type Exclusion
Windows endpoints   Process <Tanium Client>\Python38\TPython.exe
  Folder <Tanium Client>\Python38
  Process <Tanium Client>\TaniumCX.exe
  Process <Tanium Client>\Tools\StdUtils\TaniumExecWrapper.exe
  Folder <Tanium Client>\Tools\CertificateManager
Linux endpoints   Process

<Tanium Client>/python38/python

  Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/Tools/StdUtils/TaniumExecWrapper
  Folder <Tanium Client>/Tools/CertificateManager
macOS endpoints   Process <Tanium Client>/python38/python
  Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/Tools/StdUtils/TaniumExecWrapper
  Folder <Tanium Client>/Tools/CertificateManager
Certificate Manager security exclusions
Target Device Notes Exclusion Type Exclusion
Windows endpoints   Process <Tanium Client>\Python38\TPython.exe
  Folder <Tanium Client>\Python38
  Process <Tanium Client>\TaniumCX.exe
  Process <Tanium Client>\Tools\StdUtils\TaniumExecWrapper.exe
  Folder <Tanium Client>\Tools\CertificateManager
Linux endpoints   Process

<Tanium Client>/python38/python

  Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/Tools/StdUtils/TaniumExecWrapper
  Folder <Tanium Client>/Tools/CertificateManager
macOS endpoints   Process <Tanium Client>/python38/python
  Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/Tools/StdUtils/TaniumExecWrapper
  Folder <Tanium Client>/Tools/CertificateManager

Client Management

 Table 4: Client Management security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\client-management-service\node.exe
  Process <Module Server>\services\client-profile-service\TaniumClientProfileService.exe
When Direct Connect is installed Process <Module Server>\services\direct-connect-service\TaniumDirectConnectService.exe
When Discover is installed Process <Module Server>\services\discover-service\node.exe
When Discover is installed Process <Module Server>\plugins\content\discover-proxy\proxyplugin.exe
  Process <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
  Process <Module Server>\services\twsm-v1\twsm.exe
Zone Server When Direct Connect is installed Process <Tanium Installation Directory>\Tanium Direct Connect Zone Proxy\node.exe
When Direct Connect is installed Process <Tanium Installation Directory>\Tanium Direct Connect Zone Proxy\twsm.exe
Windows x86 endpoints During client installation Process \Program Files\Tanium\TaniumClientBootstrap.exe
During client installation Process \Program Files\Tanium\SetupClient.exe
During client installation Process <Tanium Client>\SetupClient.exe
  File <Tanium Client>\TaniumClientExtensions.dll
  File <Tanium Client>\TaniumClientExtensions.dll.sig
  Process <Tanium Client>\TaniumCX.exe
When Direct Connect is installed File <Tanium Client>\extensions\TaniumDEC.dll
When Direct Connect is installed File <Tanium Client>\extensions\TaniumDEC.dll.sig
When Discover is installed; satellite profiles only File <Tanium Client>\extensions\TaniumDiscover.dll
When Discover is installed; satellite profiles only File <Tanium Client>\extensions\TaniumDiscover.dll.sig
When Discover is installed; satellite profiles only File <Tanium Client>\extensions\TaniumExtras.dll
When Discover is installed; satellite profiles only File <Tanium Client>\extensions\TaniumExtras.dll.sig
  File <Tanium Client>\extensions\TaniumTSDB.dll
  File <Tanium Client>\extensions\TaniumTSDB.dll.sig
When Discover is installed; (Distributed level 3, distributed level 4, and satellite profiles only) Folder C:\Program Files\Npcap
When Discover is installed; (Distributed level 3, distributed level 4, and satellite profiles only) Process <Tanium Client>\Tools\Discover\nmap\nmap.exe
Windows x64 endpoints During client installation Process \Program Files (x86)\Tanium\TaniumClientBootstrap.exe
During client installation Process \Program Files (x86)\Tanium\SetupClient.exe
During client installation Process <Tanium Client>\SetupClient.exe
  File <Tanium Client>\TaniumClientExtensions.dll
  File <Tanium Client>\TaniumClientExtensions.dll.sig
  Process <Tanium Client>\TaniumCX.exe
When Direct Connect is installed File <Tanium Client>\extensions\TaniumDEC.dll
When Direct Connect is installed File <Tanium Client>\extensions\TaniumDEC.dll.sig
When Discover is installed (Satellite profiles only) File <Tanium Client>\extensions\TaniumDiscover.dll
When Discover is installed (Satellite profiles only) File <Tanium Client>\extensions\TaniumDiscover.dll.sig
When Discover is installed (Satellite profiles only) File <Tanium Client>\extensions\TaniumExtras.dll
When Discover is installed (Satellite profiles only) File <Tanium Client>\extensions\TaniumExtras.dll.sig
  File <Tanium Client>\extensions\TaniumTSDB.dll
  File <Tanium Client>\extensions\TaniumTSDB.dll.sig
When Discover is installed (Distributed level 3, distributed level 4, and satellite profiles only) Folder C:\Program Files\Npcap
When Discover is installed (Distributed level 3, distributed level 4, and satellite profiles only) Process <Tanium Client>\Tools\Discover\nmap\nmap.exe
macOS endpoints During client installation Process /Library/Tanium/TaniumClientBootstrap
During client installation Process /Library/Tanium/SetupClient
During client installation Process <Tanium Client>/SetupClient
  File <Tanium Client>/libTaniumClientExtensions.dylib
  File <Tanium Client>/libTaniumClientExtensions.dylib.sig
  Process <Tanium Client>/TaniumCX
When Direct Connect is installed File <Tanium Client>/extensions/libTaniumDEC.dylib
When Direct Connect is installed File <Tanium Client>/extensions/libTaniumDEC.dylib.sig
When Discover is installed (Distributed level 3, distributed level 4, and satellite profiles only) Process <Tanium Client>/Tools/Discover/nmap/nmap
When Discover is installed (Satellite profiles only) File

<Tanium Client>/extensions/libTaniumDEC.dylib

When Discover is installed (Satellite profiles only) File <Tanium Client>/extensions/libTaniumDEC.dylib.sig
When Discover is installed (Satellite profiles only) File <Tanium Client>/extensions/libTaniumDiscover.dylib
When Discover is installed (Satellite profiles only) File <Tanium Client>/extensions/libTaniumDiscover.dylib.sig
When Discover is installed (Satellite profiles only) File <Tanium Client>/extensions/libTaniumExtras.dylib
When Discover is installed (Satellite profiles only) File <Tanium Client>/extensions/libTaniumExtras.dylib.sig
  File <Tanium Client>/extensions/libTaniumTSDB.dylib
  File <Tanium Client>/extensions/libTaniumTSDB.dylib.sig
Linux endpoints During client installation Process /opt/Tanium/TaniumClientBootstrap
During client installation Process /opt/Tanium/SetupClient
During client installation Process <Tanium Client>/SetupClient
  File <Tanium Client>/libTaniumClientExtensions.so
  File <Tanium Client>/libTaniumClientExtensions.so.sig
  Process <Tanium Client>/TaniumCX
When Direct Connect is installed File <Tanium Client>/extensions/libTaniumDEC.so
When Direct Connect is installed File <Tanium Client>/extensions/libTaniumDEC.so.sig
When Discover is installed; (Distributed level 3, distributed level 4, and satellite profiles only) Folder <Tanium Client>/Tools/Discover/nmap/nmap
When Discover is installed (Satellite profiles only) File <Tanium Client>/extensions/libTaniumDiscover.so
When Discover is installed (Satellite profiles only) File <Tanium Client>/extensions/libTaniumDiscover.so.sig
When Discover is installed (Satellite profiles only) File <Tanium Client>/extensions/libTaniumExtras.so
When Discover is installed (Satellite profiles only) File <Tanium Client>/extensions/libTaniumExtras.so.sig
  File <Tanium Client>/extensions/libTaniumTSDB.so
  File <Tanium Client>/extensions/libTaniumTSDB.so.sig
Solaris and AIX endpoints During client installation Process /opt/Tanium/TaniumClientBootstrap
During client installation Process /opt/Tanium/SetupClient
During client installation Process <Tanium Client>/SetupClient
 Table 4: Client Management security exclusions
Target Device Notes Exclusion Type Exclusion
Windows x86 endpoints During client installation Process \Program Files\Tanium\TaniumClientBootstrap.exe
During client installation Process \Program Files\Tanium\SetupClient.exe
During client installation Process <Tanium Client>\SetupClient.exe
  File <Tanium Client>\TaniumClientExtensions.dll
  File <Tanium Client>\TaniumClientExtensions.dll.sig
  Process <Tanium Client>\TaniumCX.exe
When Direct Connect is installed File <Tanium Client>\extensions\TaniumDEC.dll
When Direct Connect is installed File <Tanium Client>\extensions\TaniumDEC.dll.sig
When Discover is installed; satellite profiles only File <Tanium Client>\extensions\TaniumDiscover.dll
When Discover is installed; satellite profiles only File <Tanium Client>\extensions\TaniumDiscover.dll.sig
When Discover is installed; satellite profiles only File <Tanium Client>\extensions\TaniumExtras.dll
When Discover is installed; satellite profiles only File <Tanium Client>\extensions\TaniumExtras.dll.sig
  File <Tanium Client>\extensions\TaniumTSDB.dll
  File <Tanium Client>\extensions\TaniumTSDB.dll.sig
When Discover is installed; (Distributed level 3, distributed level 4, and satellite profiles only) Folder C:\Program Files\Npcap
When Discover is installed; (Distributed level 3, distributed level 4, and satellite profiles only) Process <Tanium Client>\Tools\Discover\nmap\nmap.exe
Windows x64 endpoints During client installation Process \Program Files (x86)\Tanium\TaniumClientBootstrap.exe
During client installation Process \Program Files (x86)\Tanium\SetupClient.exe
During client installation Process <Tanium Client>\SetupClient.exe
  File <Tanium Client>\TaniumClientExtensions.dll
  File <Tanium Client>\TaniumClientExtensions.dll.sig
  Process <Tanium Client>\TaniumCX.exe
When Direct Connect is installed File <Tanium Client>\extensions\TaniumDEC.dll
When Direct Connect is installed File <Tanium Client>\extensions\TaniumDEC.dll.sig
When Discover is installed (Satellite profiles only) File <Tanium Client>\extensions\TaniumDiscover.dll
When Discover is installed (Satellite profiles only) File <Tanium Client>\extensions\TaniumDiscover.dll.sig
When Discover is installed (Satellite profiles only) File <Tanium Client>\extensions\TaniumExtras.dll
When Discover is installed (Satellite profiles only) File <Tanium Client>\extensions\TaniumExtras.dll.sig
  File <Tanium Client>\extensions\TaniumTSDB.dll
  File <Tanium Client>\extensions\TaniumTSDB.dll.sig
When Discover is installed (Distributed level 3, distributed level 4, and satellite profiles only) Folder C:\Program Files\Npcap
When Discover is installed (Distributed level 3, distributed level 4, and satellite profiles only) Process <Tanium Client>\Tools\Discover\nmap\nmap.exe
macOS endpoints During client installation Process /Library/Tanium/TaniumClientBootstrap
During client installation Process /Library/Tanium/SetupClient
During client installation Process <Tanium Client>/SetupClient
  File <Tanium Client>/libTaniumClientExtensions.dylib
  File <Tanium Client>/libTaniumClientExtensions.dylib.sig
  Process <Tanium Client>/TaniumCX
When Direct Connect is installed File <Tanium Client>/extensions/libTaniumDEC.dylib
When Direct Connect is installed File <Tanium Client>/extensions/libTaniumDEC.dylib.sig
When Discover is installed (Distributed level 3, distributed level 4, and satellite profiles only) Process <Tanium Client>/Tools/Discover/nmap/nmap
When Discover is installed (Satellite profiles only) File

<Tanium Client>/extensions/libTaniumDEC.dylib

When Discover is installed (Satellite profiles only) File <Tanium Client>/extensions/libTaniumDEC.dylib.sig
When Discover is installed (Satellite profiles only) File <Tanium Client>/extensions/libTaniumDiscover.dylib
When Discover is installed (Satellite profiles only) File <Tanium Client>/extensions/libTaniumDiscover.dylib.sig
When Discover is installed (Satellite profiles only) File <Tanium Client>/extensions/libTaniumExtras.dylib
When Discover is installed (Satellite profiles only) File <Tanium Client>/extensions/libTaniumExtras.dylib.sig
  File <Tanium Client>/extensions/libTaniumTSDB.dylib
  File <Tanium Client>/extensions/libTaniumTSDB.dylib.sig
Linux endpoints During client installation Process /opt/Tanium/TaniumClientBootstrap
During client installation Process /opt/Tanium/SetupClient
During client installation Process <Tanium Client>/SetupClient
  File <Tanium Client>/libTaniumClientExtensions.so
  File <Tanium Client>/libTaniumClientExtensions.so.sig
  Process <Tanium Client>/TaniumCX
When Direct Connect is installed File <Tanium Client>/extensions/libTaniumDEC.so
When Direct Connect is installed File <Tanium Client>/extensions/libTaniumDEC.so.sig
When Discover is installed; (Distributed level 3, distributed level 4, and satellite profiles only) Folder <Tanium Client>/Tools/Discover/nmap/nmap
When Discover is installed (Satellite profiles only) File <Tanium Client>/extensions/libTaniumDiscover.so
When Discover is installed (Satellite profiles only) File <Tanium Client>/extensions/libTaniumDiscover.so.sig
When Discover is installed (Satellite profiles only) File <Tanium Client>/extensions/libTaniumExtras.so
When Discover is installed (Satellite profiles only) File <Tanium Client>/extensions/libTaniumExtras.so.sig
  File <Tanium Client>/extensions/libTaniumTSDB.so
  File <Tanium Client>/extensions/libTaniumTSDB.so.sig
Solaris and AIX endpoints During client installation Process /opt/Tanium/TaniumClientBootstrap
During client installation Process /opt/Tanium/SetupClient
During client installation Process <Tanium Client>/SetupClient

Comply

Comply security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\comply-service\node.exe
  Process <Module Server>\services\comply-service\node_modules\ovalindex\build\bin\ovalindex.exe
  Process <Module Server>\services\comply-service\__new__\src\util\7z\7za.exe
  Process <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
 Windows endpoints   Process <Tanium Client>\TaniumCX.exe
  File <Tanium Client>\TaniumClientExtensions.dll
  File <Tanium Client>\TaniumClientExtensions.dll.sig
  File <Tanium Client>\extensions\TaniumComply.dll
  File <Tanium Client>\extensions\TaniumComply.dll.sig
  File <Tanium Client>\extensions\comply\data\comply.db
  File <Tanium Client>\extensions\comply\data\current-ciscat-config.json
  File <Tanium Client>\extensions\comply\data\current-intel-config.json
  File <Tanium Client>\extensions\comply\data\current-java-config.json
  File <Tanium Client>\extensions\comply\data\current-joval-config.json
  File <Tanium Client>\extensions\comply\data\current-scan-config.json
  File

<Tanium Client>\extensions\comply\downloads\download.db

  Process <Tanium Client>\extensions\comply\jre\bin\java.exe
  File <Tanium Client>\Tools\Comply\run-assessment.vbs
  File <Tanium Client>\Tools\Comply\delete-assessment.vbs
Linux/macOS/AIX endpoints   Process <Tanium Client>/TaniumCX
  File <Tanium Client>/libTaniumClientExtensions.so
  File <Tanium Client>/libTaniumClientExtensions.so.sig
  File <Tanium Client>/extensions/libTaniumComply.so
  File <Tanium Client>/extensions/libTaniumComply.so.sig
  File <Tanium Client>/extensions/comply/data/comply.db
  File <Tanium Client>/extensions/comply/data/current-ciscat-config.json
  File <Tanium Client>/extensions/comply/data/current-intel-config.json
  File <Tanium Client>/extensions/comply/data/current-java-config.json
  File <Tanium Client>/extensions/comply/data/current-joval-config.json
  File <Tanium Client>/extensions/comply/data/current-scan-config.json
  File <Tanium Client>/extensions/comply/downloads/download.db
  Process <Tanium Client>/extensions/comply/jre/bin/java
  File <Tanium Client>/Tools/Comply/run-assessment.sh
  File <Tanium Client>/Tools/Comply/delete-assessment.sh
Tanium scan engine
- all supported endpoints
  File

<Tanium Client>/extensions/comply/engines/joval/Joval-Utilities.jar

CIS-CAT engine
-all supported endpoints
  File <Tanium Client>/extensions/comply/engines/ciscat/CISCAT.jar
CIS-CAT engine
- Linux endpoints only
  File <Tanium Client>/extensions/comply/engines/ciscat/CIS-CAT.sh
CIS-CAT engine
-Windows endpoints only
  File <Tanium Client>\extensions\comply\engines\ciscat\CIS-CAT.BAT
SCC engine
- Windows endpoints
  Process <Tanium Client>\extensions\comply\engines\scc\cscc.exe
Process <Tanium Client>\extensions\comply\engines\scc\cscc32.exe
Process <Tanium Client>\extensions\comply\engines\scc\cscc64.exe
Process <Tanium Client>\extensions\comply\engines\scc\scc.exe
Process <Tanium Client>\extensions\comply\engines\scc\scc32.exe
Process <Tanium Client>\extensions\comply\engines\scc\scc64.exe
SCC engine - Linux/macOS endpoints   Process <Tanium Client>\extensions/comply/engines/scc/cscc
File <Tanium Client>\extensions/comply/engines/scc/cscc.bin
Process <Tanium Client>\extensions/comply/engines/scc/scc
File <Tanium Client>\extensions/comply/engines/scc/scc.bin
Comply security exclusions
Target Device Notes Exclusion Type Exclusion
 Windows endpoints   Process <Tanium Client>\TaniumCX.exe
  File <Tanium Client>\TaniumClientExtensions.dll
  File <Tanium Client>\TaniumClientExtensions.dll.sig
  File <Tanium Client>\extensions\TaniumComply.dll
  File <Tanium Client>\extensions\TaniumComply.dll.sig
  File <Tanium Client>\extensions\comply\data\comply.db
  File <Tanium Client>\extensions\comply\data\current-ciscat-config.json
  File <Tanium Client>\extensions\comply\data\current-intel-config.json
  File <Tanium Client>\extensions\comply\data\current-java-config.json
  File <Tanium Client>\extensions\comply\data\current-joval-config.json
  File <Tanium Client>\extensions\comply\data\current-scan-config.json
  File

<Tanium Client>\extensions\comply\downloads\download.db

  Process <Tanium Client>\extensions\comply\jre\bin\java.exe
  File <Tanium Client>\Tools\Comply\run-assessment.vbs
  File <Tanium Client>\Tools\Comply\delete-assessment.vbs
Linux/macOS/AIX endpoints   Process <Tanium Client>/TaniumCX
  File <Tanium Client>/libTaniumClientExtensions.so
  File <Tanium Client>/libTaniumClientExtensions.so.sig
  File <Tanium Client>/extensions/libTaniumComply.so
  File <Tanium Client>/extensions/libTaniumComply.so.sig
  File <Tanium Client>/extensions/comply/data/comply.db
  File <Tanium Client>/extensions/comply/data/current-ciscat-config.json
  File <Tanium Client>/extensions/comply/data/current-intel-config.json
  File <Tanium Client>/extensions/comply/data/current-java-config.json
  File <Tanium Client>/extensions/comply/data/current-joval-config.json
  File <Tanium Client>/extensions/comply/data/current-scan-config.json
  File <Tanium Client>/extensions/comply/downloads/download.db
  Process <Tanium Client>/extensions/comply/jre/bin/java
  File <Tanium Client>/Tools/Comply/run-assessment.sh
  File <Tanium Client>/Tools/Comply/delete-assessment.sh
Tanium scan engine
- all supported endpoints
  File

<Tanium Client>/extensions/comply/engines/joval/Joval-Utilities.jar

CIS-CAT engine
-all supported endpoints
  File <Tanium Client>/extensions/comply/engines/ciscat/CISCAT.jar
CIS-CAT engine
- Linux endpoints only
  File <Tanium Client>/extensions/comply/engines/ciscat/CIS-CAT.sh
CIS-CAT engine
-Windows endpoints only
  File <Tanium Client>\extensions\comply\engines\ciscat\CIS-CAT.BAT
SCC engine
- Windows endpoints
  Process <Tanium Client>\extensions\comply\engines\scc\cscc.exe
Process <Tanium Client>\extensions\comply\engines\scc\cscc32.exe
Process <Tanium Client>\extensions\comply\engines\scc\cscc64.exe
Process <Tanium Client>\extensions\comply\engines\scc\scc.exe
Process <Tanium Client>\extensions\comply\engines\scc\scc32.exe
Process <Tanium Client>\extensions\comply\engines\scc\scc64.exe
SCC engine - Linux/macOS endpoints   Process <Tanium Client>/extensions/comply/engines/scc/cscc
File <Tanium Client>/extensions/comply/engines/scc/cscc.bin
Process <Tanium Client>/extensions/comply/engines/scc/scc
File <Tanium Client>/extensions/comply/engines/scc/scc.bin

Connect

Connect security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\connect-service\node.exe
  Process <Module Server>\services\email-service\TaniumEmailService.exe
  Process <Module Server>\extensions\TaniumSoftwareManager.dll
  Process <Module Server>\extensions\TaniumSoftwareManager.dll.sig

No additional process exclusions are required.

Criticality

Platform Deployment Reference security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\criticality-service\TaniumCriticalityService.exe

No additional process exclusions are required.

Deploy

For Windows endpoints, review and follow the Microsoft antivirus security exclusion recommendations for enterprise computers. For more information, see Microsoft Support: Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows (KB822158).

Deploy security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\deploy-service\node.exe
Required when Endpoint Configuration is installed Process <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints Required only for the Microsoft InPlace Upgrade packages Folder C:\Deploy\Tanium
  Process <Tanium Client>\Python38\TPython.exe
  Folder <Tanium Client>\Python38
  Process <Tanium Client>\Tools\SoftwareManagement\7za.exe
  Process <Tanium Client>\TaniumCX.exe
  File <Tanium Client>\extensions\TaniumSoftwareManager.dll
  File <Tanium Client>\extensions\TaniumSoftwareManager.dll.sig
Linux endpoints   Process <Tanium Client>/python38/python
  Folder <Tanium Client>/python38
  Process <Tanium Client>/TaniumCX
  File <Tanium Client>/Tools/SoftwareManagement/data/software-management.db
  File <Tanium Client>/Tools/SoftwareManagement/data/software-management.db-wal
  File <Tanium Client>/Tools/SoftwareManagement/data/software-management.db-shm
  File <Tanium Client>/extensions/libTaniumSoftwareManager.so
  File <Tanium Client>/extensions/libTaniumSoftwareManager.so.sig
macOS endpoints   Process <Tanium Client>/python38/python
  Folder <Tanium Client>/python38
  Process <Tanium Client>/TaniumCX
  File <Tanium Client>/extensions/libTaniumSoftwareManager.dylib
  File <Tanium Client>/extensions/libTaniumSoftwareManager.dylib.sig
Deploy security exclusions
Target Device Notes Exclusion Type Exclusion
Windows endpoints Required only for the Microsoft Windows 10 Upgrade packages Folder C:\Deploy\Tanium
  Process <Tanium Client>\Python38\TPython.exe
  Folder <Tanium Client>\Python38
  Process <Tanium Client>\Tools\SoftwareManagement\7za.exe
  Process <Tanium Client>\TaniumCX.exe
  File <Tanium Client>\extensions\TaniumSoftwareManager.dll
  File <Tanium Client>\extensions\TaniumSoftwareManager.dll.sig
Linux endpoints   Process <Tanium Client>/python38/python
  Folder <Tanium Client>/python38
  Process <Tanium Client>/TaniumCX
  File <Tanium Client>/Tools/SoftwareManagement/data/software-management.db
  File <Tanium Client>/Tools/SoftwareManagement/data/software-management.db-wal
  File <Tanium Client>/Tools/SoftwareManagement/data/software-management.db-shm
  File <Tanium Client>/extensions/libTaniumSoftwareManager.so
  File <Tanium Client>/extensions/libTaniumSoftwareManager.so.sig
macOS endpoints   Process <Tanium Client>/python38/python
  Folder <Tanium Client>/python38
  Process <Tanium Client>/TaniumCX
  File <Tanium Client>/extensions/libTaniumSoftwareManager.dylib
  File <Tanium Client>/extensions/libTaniumSoftwareManager.dylib.sig

Direct Connect

Direct Connect security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\direct-connect-service\TaniumDirectConnectService.exe
  Process <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Zone Server   Process <Tanium Installation Directory>\Tanium Direct Connect Zone Proxy\node.exe
  Process <Tanium Installation Directory>\Tanium Direct Connect Zone Proxy\twsm.exe
Windows endpoints   File <Tanium Client>\TaniumClientExtensions.dll
  File <Tanium Client>\TaniumClientExtensions.dll.sig
  File <Tanium Client>\extensions\TaniumDEC.dll
  File <Tanium Client>\extensions\TaniumDEC.dll.sig
  Process <Tanium Client>\TaniumCX.exe
macOS endpoints   File <Tanium Client>/libTaniumClientExtensions.dylib
  File <Tanium Client>/libTaniumClientExtensions.dylib.sig
  File <Tanium Client>/extensions/libTaniumDEC.dylib
  File <Tanium Client>/extensions/libTaniumDEC.dylib.sig
  Process <Tanium Client>/TaniumCX
Linux endpoints   File <Tanium Client>/libTaniumClientExtensions.so
  File <Tanium Client>/libTaniumClientExtensions.so.sig
  File <Tanium Client>/extensions/libTaniumDEC.so
  File <Tanium Client>/extensions/libTaniumDEC.so.sig
  Process <Tanium Client>/TaniumCX
Direct Connect security exclusions
Target Device Notes Exclusion Type Exclusion
Windows endpoints   File <Tanium Client>\TaniumClientExtensions.dll
  File <Tanium Client>\TaniumClientExtensions.dll.sig
  File <Tanium Client>\extensions\TaniumDEC.dll
  File <Tanium Client>\extensions\TaniumDEC.dll.sig
  Process <Tanium Client>\TaniumCX.exe
macOS endpoints   File <Tanium Client>/libTaniumClientExtensions.dylib
  File <Tanium Client>/libTaniumClientExtensions.dylib.sig
  File <Tanium Client>/extensions/libTaniumDEC.dylib
  File <Tanium Client>/extensions/libTaniumDEC.dylib.sig
  Process <Tanium Client>/TaniumCX
Linux endpoints   File <Tanium Client>/libTaniumClientExtensions.so
  File <Tanium Client>/libTaniumClientExtensions.so.sig
  File <Tanium Client>/extensions/libTaniumDEC.so
  File <Tanium Client>/extensions/libTaniumDEC.so.sig
  Process <Tanium Client>/TaniumCX

Directory Query

Directory query security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\directory-query-service\TaniumDirectoryQueryService.exe

No additional process exclusions are required.

Discover

Discover security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\discover-service\node.exe
  Process <Module Server>\plugins\content\discover-proxy\proxyplugin.exe
  Process <Module Server>\services\twsm-v1\twsm.exe
  Process <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints   Process <Tanium Client>\TaniumCX.exe
  Process <Tanium Client>\Tools\Discover\nmap\vcredist_x86.exe
  File <Tanium Client>\TaniumClientExtensions.dll
  File <Tanium Client>\TaniumClientExtensions.dll.sig
  File <Tanium Client>\extensions\SupportCX.dll
  File <Tanium Client>\extensions\SupportCX.dll.sig
  File <Tanium Client>\extensions\TaniumConfig.dll
  File <Tanium Client>\extensions\TaniumConfig.dll.sig
  File <Tanium Client>\extensions\discover\data\discover.db
  File <Tanium Client>\extensions\discover\data\discover.db-wal
  File <Tanium Client>\extensions\discover\data\discover.db-shm
(Distributed level 3, distributed level 4, and satellite profiles only) Folder C:\Program Files\Npcap
(Distributed level 3, distributed level 4, and satellite profiles only) Process <Tanium Client>\Tools\Discover\nmap\nmap.exe
(When Direct Connect is installed; satellite profiles only) File <Tanium Client>\extensions\TaniumDEC.dll
(When Direct Connect is installed; satellite profiles only) File <Tanium Client>\extensions\TaniumDEC.dll.sig
(Satellite profiles only) File <Tanium Client>\extensions\TaniumDiscover.dll
(Satellite profiles only) File <Tanium Client>\extensions\TaniumDiscover.dll.sig
(Satellite profiles only) File <Tanium Client>\extensions\TaniumExtras.dll
(Satellite profiles only) File <Tanium Client>\extensions\TaniumExtras.dll.sig
Linux endpoints   Process <Tanium Client>/TaniumCX
  File <Tanium Client>/libTaniumClientExtensions.so
  File <Tanium Client>/libTaniumClientExtensions.so.sig
  File <Tanium Client>/extensions/libSupportCX.so
  File <Tanium Client>/extensions/libSupportCX.so.sig
  File <Tanium Client>/extensions/libTaniumConfig.so
  File <Tanium Client>/extensions/libTaniumConfig.so.sig
  File <Tanium Client>/extensions/discover/data/discover.db
  File <Tanium Client>/extensions/discover/data/discover.db-wal
  File <Tanium Client>/extensions/discover/data/discover.db-shm
(Distributed level 3, distributed level 4, and satellite profiles only) Process <Tanium Client>/Tools/Discover/nmap/nmap
(When Direct Connect is installed; satellite profiles only) File <Tanium Client>/extensions/libTaniumDEC.so
(When Direct Connect is installed; satellite profiles only) File <Tanium Client>/extensions/libTaniumDEC.so.sig
(Satellite profiles only) File <Tanium Client>/extensions/libTaniumDiscover.so
(Satellite profiles only) File <Tanium Client>/extensions/libTaniumDiscover.so.sig
(Satellite profiles only) File <Tanium Client>/extensions/libTaniumExtras.so
(Satellite profiles only) File <Tanium Client>/extensions/libTaniumExtras.so.sig
macOS endpoints   Process <Tanium Client>/TaniumCX
  File <Tanium Client>/libTaniumClientExtensions.dylib
  File <Tanium Client>/libTaniumClientExtensions.dylib.sig
  File <Tanium Client>/extensions/libSupportCX.dylib
  File <Tanium Client>/extensions/libSupportCX.dylib.sig
  File <Tanium Client>/extensions/libTaniumConfig.dylib
  File <Tanium Client>/extensions/libTaniumConfig.dylib.sig
  File <Tanium Client>/extensions/discover/data/discover.db
  File <Tanium Client>/extensions/discover/data/discover.db-wal
  File <Tanium Client>/extensions/discover/data/discover.db-shm
(Distributed level 3, distributed level 4, and satellite profiles only) Process <Tanium Client>/Tools/Discover/nmap/nmap
(When Direct Connect is installed; satellite profiles only) File <Tanium Client>/extensions/libTaniumDEC.dylib
(When Direct Connect is installed; satellite profiles only) File <Tanium Client>/extensions/libTaniumDEC.dylib.sig
(Satellite profiles only) File <Tanium Client>/extensions/libTaniumDiscover.dylib
(Satellite profiles only) File <Tanium Client>/extensions/libTaniumDiscover.dylib.sig
(Satellite profiles only) File <Tanium Client>/extensions/libTaniumExtras.dylib
(Satellite profiles only) File <Tanium Client>/extensions/libTaniumExtras.dylib.sig
Discover security exclusions
Target Device Notes Exclusion Type Exclusion
Windows endpoints   Process <Tanium Client>\TaniumCX.exe
  Process <Tanium Client>\Tools\Discover\nmap\vcredist_x86.exe
  File <Tanium Client>\TaniumClientExtensions.dll
  File <Tanium Client>\TaniumClientExtensions.dll.sig
  File <Tanium Client>\extensions\SupportCX.dll
  File <Tanium Client>\extensions\SupportCX.dll.sig
  File <Tanium Client>\extensions\TaniumConfig.dll
  File <Tanium Client>\extensions\TaniumConfig.dll.sig
  File <Tanium Client>\extensions\discover\data\discover.db
  File <Tanium Client>\extensions\discover\data\discover.db-wal
  File <Tanium Client>\extensions\discover\data\discover.db-shm
(Distributed level 3, distributed level 4, and satellite profiles only) Folder C:\Program Files\Npcap
(Distributed level 3, distributed level 4, and satellite profiles only) Process <Tanium Client>\Tools\Discover\nmap\nmap.exe
(When Direct Connect is installed; satellite profiles only) File <Tanium Client>\extensions\TaniumDEC.dll
(When Direct Connect is installed; satellite profiles only) File <Tanium Client>\extensions\TaniumDEC.dll.sig
(Satellite profiles only) File <Tanium Client>\extensions\TaniumDiscover.dll
(Satellite profiles only) File <Tanium Client>\extensions\TaniumDiscover.dll.sig
(Satellite profiles only) File <Tanium Client>\extensions\TaniumExtras.dll
(Satellite profiles only) File <Tanium Client>\extensions\TaniumExtras.dll.sig
Linux endpoints   Process <Tanium Client>/TaniumCX
  File <Tanium Client>/libTaniumClientExtensions.so
  File <Tanium Client>/libTaniumClientExtensions.so.sig
  File <Tanium Client>/extensions/libSupportCX.so
  File <Tanium Client>/extensions/libSupportCX.so.sig
  File <Tanium Client>/extensions/libTaniumConfig.so
  File <Tanium Client>/extensions/libTaniumConfig.so.sig
  File <Tanium Client>/extensions/discover/data/discover.db
  File <Tanium Client>/extensions/discover/data/discover.db-wal
  File <Tanium Client>/extensions/discover/data/discover.db-shm
(Distributed level 3, distributed level 4, and satellite profiles only) Process <Tanium Client>/Tools/Discover/nmap/nmap
(When Direct Connect is installed; satellite profiles only) File <Tanium Client>/extensions/libTaniumDEC.so
(When Direct Connect is installed; satellite profiles only) File <Tanium Client>/extensions/libTaniumDEC.so.sig
(Satellite profiles only) File <Tanium Client>/extensions/libTaniumDiscover.so
(Satellite profiles only) File <Tanium Client>/extensions/libTaniumDiscover.so.sig
(Satellite profiles only) File <Tanium Client>/extensions/libTaniumExtras.so
(Satellite profiles only) File <Tanium Client>/extensions/libTaniumExtras.so.sig
macOS endpoints   Process <Tanium Client>/TaniumCX
  File <Tanium Client>/libTaniumClientExtensions.dylib
  File <Tanium Client>/libTaniumClientExtensions.dylib.sig
  File <Tanium Client>/extensions/libSupportCX.dylib
  File <Tanium Client>/extensions/libSupportCX.dylib.sig
  File <Tanium Client>/extensions/libTaniumConfig.dylib
  File <Tanium Client>/extensions/libTaniumConfig.dylib.sig
  File <Tanium Client>/extensions/discover/data/discover.db
  File <Tanium Client>/extensions/discover/data/discover.db-wal
  File <Tanium Client>/extensions/discover/data/discover.db-shm
(Distributed level 3, distributed level 4, and satellite profiles only) Process <Tanium Client>/Tools/Discover/nmap/nmap
(When Direct Connect is installed; satellite profiles only) File <Tanium Client>/extensions/libTaniumDEC.dylib
(When Direct Connect is installed; satellite profiles only) File <Tanium Client>/extensions/libTaniumDEC.dylib.sig
(Satellite profiles only) File <Tanium Client>/extensions/libTaniumDiscover.dylib
(Satellite profiles only) File <Tanium Client>/extensions/libTaniumDiscover.dylib.sig
(Satellite profiles only) File <Tanium Client>/extensions/libTaniumExtras.dylib
(Satellite profiles only) File <Tanium Client>/extensions/libTaniumExtras.dylib.sig

Endpoint Configuration

No additional process exclusions are recommended.

Endpoint Configuration security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe

End-User Notifications

End-User Notifications security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server Required when Endpoint Configuration is installed Process <Module Server>\temp\endpoint-configuration-service\TaniumEndpointConfigService.exe
  Process <Module Server>\services\end-user-notifications-service\node.exe
  Process <Module Server>\services\twsm-v1\twsm.exe
Windows endpoints 7.2.x clients Process <Tanium Client>\Python27\TPython.exe
7.4.x clients Process <Tanium Client>\Python38\TPython.exe
64-bit OS versions Process %programfiles(x86)%\Tanium\Tanium End User Notification Tools\UserSessionProxy.exe
32-bit OS versions Process %programfiles%\Tanium\Tanium End User Notification Tools\UserSessionProxy.exe
64-bit OS versions Process %programfiles(x86)%\Tanium\Tanium End User Notification Tools\bin\end-user-notifications.exe
32-bit OS versions Process %programfiles%\Tanium\Tanium End User Notification Tools\bin\end-user-notifications.exe
exclude from on-access or real-time scans (64-bit OS versions) Folder %programfiles(x86)%\Tanium\Tanium End User Notification Tools
exclude from on-access or real-time scans (32-bit OS versions) Folder %programfiles%\Tanium\Tanium End User Notification Tools
  Folder %programdata%\Tanium
macOS endpoints 7.2.x clients Process <Tanium Client>/python27/bin/pybin
7.4.x clients Process <Tanium Client>/python38/bin/pybin
  Process /Library/Tanium/EndUserNotifications/bin/end-user-notifications.app
  Folder /Library/Tanium/EndUserNotifications
End-User Notifications security exclusions
Target Device Notes Exclusion Type Exclusion
Windows endpoints 7.4.x clients Process <Tanium Client>\Python38\TPython.exe
64-bit OS versions Process %programfiles(x86)%\Tanium\Tanium End User Notification Tools\UserSessionProxy.exe
32-bit OS versions Process %programfiles%\Tanium\Tanium End User Notification Tools\UserSessionProxy.exe
64-bit OS versions Process %programfiles(x86)%\Tanium\Tanium End User Notification Tools\bin\end-user-notifications.exe
32-bit OS versions Process %programfiles%\Tanium\Tanium End User Notification Tools\bin\end-user-notifications.exe
exclude from on-access or real-time scans (64-bit OS versions) Folder %programfiles(x86)%\Tanium\Tanium End User Notification Tools
exclude from on-access or real-time scans (32-bit OS versions) Folder %programfiles%\Tanium\Tanium End User Notification Tools
  Folder %programdata%\Tanium
macOS endpoints 7.4.x clients Process <Tanium Client>/python38/bin/pybin
  Process /Library/Tanium/EndUserNotifications/bin/end-user-notifications.app
  Folder /Library/Tanium/EndUserNotifications

Enforce

Enforce security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\enforce-service\node.exe
Windows x86 endpoints   Process <Tanium Client>\Tools\StdUtils\7za.exe
  Process <Tanium Client>\Tools\Enforce\devcon32.exe
  Process <Tanium Client>\Tools\Enforce\LocalPolicyTool.exe

7.4.x clients

7.2.x clients

Process <Tanium Client>\Python38\TPython.exe

7.4.x clients

7.2.x clients

Folder <Tanium Client>\Python38
  Process <Tanium Client>\TaniumClient.exe
  Process <Tanium Client>\TaniumCX.exe
  Process <Tanium Client>\Tools\recorder\TaniumRecorderCtl.exe
  File <Tanium Client>\extensions\TaniumRecorder.dll
  File <Tanium Client>\extensions\TaniumRecorder.dll.sig
  File <Tanium Client>\extensions\recorder\proc.bin
  File <Tanium Client>\extensions\recorder\recorder.db
  File <Tanium Client>\extensions\recorder\recorder.db-shm
  File <Tanium Client>\extensions\recorder\recorder.db-wal
  Process <Tanium Client>\tools\driver\TaniumDriverCtl.exe
  File C:\Windows\System32\drivers\TaniumRecorderDrv.sys
  Process <Tanium Client>\tools\driver\TaniumDriverSvc.exe
  Process <Tanium Client>\tools\driver\service\TaniumDriverSvc.exe
  File <Tanium Client>\tools\driver\TaniumProcessMonitor.dll
  Folder <Tanium Client>\extensions\stream
Windows x64 endpoints   Process <Tanium Client>\Tools\StdUtils\7za.exe
  Process <Tanium Client>\Tools\Enforce\devcon64.exe
  Process <Tanium Client>\Tools\Enforce\LocalPolicyTool.exe

7.4.x clients

7.2.x clients

Process <Tanium Client>\Python38\TPython.exe

7.4.x clients

7.2.x clients

Folder <Tanium Client>\Python38
  Process <Tanium Client>\TaniumClient.exe
  Process <Tanium Client>\TaniumCX.exe
  Process <Tanium Client>\Tools\recorder\TaniumRecorderCtl.exe
  File <Tanium Client>\extensions\TaniumRecorder.dll
  File <Tanium Client>\extensions\TaniumRecorder.dll.sig
  File <Tanium Client>\extensions\recorder\proc.bin
  File <Tanium Client>\extensions\recorder\recorder.db
  File <Tanium Client>\extensions\recorder\recorder.db-shm
  File <Tanium Client>\extensions\recorder\recorder.db-wal
  File C:\Windows\System32\drivers\TaniumRecorderDrv.sys
  Process <Tanium Client>\tools\driver\TaniumDriverCtl64.exe
  Process <Tanium Client>\tools\driver\TaniumDriverSvc64.exe
  Process <Tanium Client>\tools\driver\service\TaniumDriverSvc64.exe
  File <Tanium Client>\tools\driver\TaniumProcessMonitor64.dll
  Folder <Tanium Client>\extensions\stream
macOS and Linux x86 and x64 endpoints

7.4.x clients

7.2.x clients

Process <Tanium Client>/python38/python

7.4.x clients

7.2.x clients

Folder <Tanium Client>/python38
  Process <Tanium Client>/python38/bin/pybin
  Process <Tanium Client>/TaniumClient
  Process <Tanium Client>/TaniumCX
Zone Server   Process <Tanium Installation Directory>\Tanium Direct Connect Zone Proxy\node.exe
  Process <Tanium Installation Directory>\Tanium Direct Connect Zone Proxy\twsm.exe
Enforce security exclusions
Target Device Notes Exclusion Type Exclusion
Windows x86 endpoints   Process <Tanium Client>\Tools\StdUtils\7za.exe
  Process <Tanium Client>\Tools\Enforce\devcon32.exe
  Process <Tanium Client>\Tools\Enforce\LocalPolicyTool.exe

7.4.x clients

7.2.x clients

Process <Tanium Client>\Python38\TPython.exe

7.4.x clients

7.2.x clients

Folder <Tanium Client>\Python38
  Process <Tanium Client>\TaniumClient.exe
  Process <Tanium Client>\TaniumCX.exe
  Process <Tanium Client>\Tools\recorder\TaniumRecorderCtl.exe
  File <Tanium Client>\extensions\TaniumRecorder.dll
  File <Tanium Client>\extensions\TaniumRecorder.dll.sig
  File <Tanium Client>\extensions\recorder\proc.bin
  File <Tanium Client>\extensions\recorder\recorder.db
  File <Tanium Client>\extensions\recorder\recorder.db-shm
  File <Tanium Client>\extensions\recorder\recorder.db-wal
  Process <Tanium Client>\tools\driver\TaniumDriverCtl.exe
  File C:\Windows\System32\drivers\TaniumRecorderDrv.sys
  Process <Tanium Client>\tools\driver\TaniumDriverSvc.exe
  Process <Tanium Client>\tools\driver\service\TaniumDriverSvc.exe
  File <Tanium Client>\tools\driver\TaniumProcessMonitor.dll
  Folder <Tanium Client>\extensions\stream
Windows x64 endpoints   Process <Tanium Client>\Tools\StdUtils\7za.exe
  Process <Tanium Client>\Tools\Enforce\devcon64.exe
  Process <Tanium Client>\Tools\Enforce\LocalPolicyTool.exe

7.4.x clients

7.2.x clients

Process <Tanium Client>\Python38\TPython.exe

7.4.x clients

7.2.x clients

Folder <Tanium Client>\Python38
  Process <Tanium Client>\TaniumClient.exe
  Process <Tanium Client>\TaniumCX.exe
  Process <Tanium Client>\Tools\recorder\TaniumRecorderCtl.exe
  File <Tanium Client>\extensions\TaniumRecorder.dll
  File <Tanium Client>\extensions\TaniumRecorder.dll.sig
  File <Tanium Client>\extensions\recorder\proc.bin
  File <Tanium Client>\extensions\recorder\recorder.db
  File <Tanium Client>\extensions\recorder\recorder.db-shm
  File <Tanium Client>\extensions\recorder\recorder.db-wal
  File C:\Windows\System32\drivers\TaniumRecorderDrv.sys
  Process <Tanium Client>\tools\driver\TaniumDriverCtl64.exe
  Process <Tanium Client>\tools\driver\TaniumDriverSvc64.exe
  Process <Tanium Client>\tools\driver\service\TaniumDriverSvc64.exe
  File <Tanium Client>\tools\driver\TaniumProcessMonitor64.dll
  Folder <Tanium Client>\extensions\stream
macOS and Linux x86 and x64 endpoints

7.4.x clients

7.2.x clients

Process <Tanium Client>/python38/python

7.4.x clients

7.2.x clients

Folder <Tanium Client>/python38
  Process <Tanium Client>/python38/bin/pybin
  Process <Tanium Client>/TaniumClient
  Process <Tanium Client>/TaniumCX

Engage

Engage security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server Process <Module Server>\services\engage-service\TaniumEngageService.exe
Windows endpoints Process <Tanium Client>\extensions\TaniumEndUser.dll
7.4.x clients Process <Tanium Client>\Python38\TPython.exe
7.4.x clients Folder <Tanium Client>\Python38
Folder /Library/Tanium/EndUserNotifications
Engage security exclusions
Target Device Notes Exclusion Type Exclusion
Windows endpoints Process <Tanium Client>\extensions\TaniumEndUser.dll
7.4.x clients Process <Tanium Client>\Python38\TPython.exe
7.4.x clients Folder <Tanium Client>\Python38
Process <Tanium Client>\TaniumCX.exe

Feed

Feed security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\feed-service\TaniumFeedService.exe

No additional process exclusions are required.

Health Check

Health Check security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\health-service\node.exe
  Process <Module Server>\services\health-service\twsm.exe

Impact

Impact security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\impact-service\TaniumImpactService.exe
  Process <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
  Windows endpoints   Process <Tanium Client>\Python38\TPython.exe
  Folder <Tanium Client>\Python38
  Process <Tanium Client>\TaniumCX.exe
  Process <Tanium Client>\TaniumClientExtensions.dll
  Process <Tanium Client>\TaniumClientExtensions.dll.sig
When Direct Connect is installed; satellite sync only Process <Tanium Client>\extensions\TaniumDEC.dll
When Direct Connect is installed; satellite sync only Process <Tanium Client>\extensions\TaniumDEC.dll.sig
Impact security exclusions
Target Device Notes Exclusion Type Exclusion
Windows endpoints   Process <Tanium Client>\Python38\TPython.exe
  Folder <Tanium Client>\Python38
  Process <Tanium Client>\TaniumCX.exe
  Process <Tanium Client>\TaniumClientExtensions.dll
  Process <Tanium Client>\TaniumClientExtensions.dll.sig
When Direct Connect is installed; satellite sync only Process <Tanium Client>\extensions\TaniumDEC.dll
When Direct Connect is installed; satellite sync only Process <Tanium Client>\extensions\TaniumDEC.dll.sig

Integrity Monitor

Integrity Monitor security exclusions
Target Device Notes Exclusion Type Process
Tanium Module Server   Process <Module Server>\services\integrity-monitor-service\node.exe
  Process <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows x86 and x64 endpoints   File <Tanium Client>\extensions\TaniumIndex.dll
  File <Tanium Client>\extensions\TaniumIndex.dll.sig
  File <Tanium Client>\extensions\TaniumIntegrityMonitor.dll
  File <Tanium Client>\extensions\TaniumIntegrityMonitor.dll.sig
  File <Tanium Client>\extensions\TaniumRecorder.dll
  File <Tanium Client>\extensions\TaniumRecorder.dll.sig
  File <Tanium Client>\extensions\recorder\proc.bin
  File <Tanium Client>\extensions\recorder\recorder.db
  File <Tanium Client>\extensions\recorder\recorder.db-shm
  File <Tanium Client>\extensions\recorder\recorder.db-wal
  File <Tanium Client>\extensions\index\index.db
  File <Tanium Client>\extensions\index\index.db-shm
  File <Tanium Client>\extensions\index\index.db-wal
  File <Tanium Client>\TaniumClientExtensions.dll
  File <Tanium Client>\TaniumClientExtensions.dll.sig
  Process <Tanium Client>\TaniumCX.exe
  Folder <Tanium Client>\extensions\index
  Folder <Tanium Client>\extensions\integrity-monitor
Linux x86 and x64 endpoints   Process <Tanium Client>/extensions/recorder/TaniumAuditPipe
  File <Tanium Client>/libTaniumClientExtensions.so
  File <Tanium Client>/libTaniumClientExtensions.so.sig
  File <Tanium Client>/extensions/libTaniumIndex.so
  File <Tanium Client>/extensions/libTaniumIndex.so.sig
  File <Tanium Client>/extensions/libTaniumIntegrityMonitor.so
  File <Tanium Client>/extensions/libTaniumIntegrityMonitor.so.sig
  File <Tanium Client>/extensions/libTaniumRecorder.so
  File <Tanium Client>/extensions/libTaniumRecorder.so.sig
  File <Tanium Client>/extensions/recorder/proc.bin
  File <Tanium Client>/extensions/recorder/recorder.db
  File <Tanium Client>/extensions/recorder/recorder.db-shm
  File <Tanium Client>/extensions/recorder/recorder.db-wal
  File <Tanium Client>/extensions/recorder/recorder.auditpipe
  File <Tanium Client>/extensions/index/index.db
  File <Tanium Client>/extensions/index/index.db-shm
  File <Tanium Client>/extensions/index/index.db-wal
  Process <Tanium Client>/TaniumCX
  Folder <Tanium Client>/extensions/index
  Folder <Tanium Client>/extensions/integrity-monitor
Integrity Monitor security exclusions
Target Device Notes Exclusion Type Process
Windows x86 and x64 endpoints   File <Tanium Client>\extensions\TaniumIndex.dll
  File <Tanium Client>\extensions\TaniumIndex.dll.sig
  File <Tanium Client>\extensions\TaniumIntegrityMonitor.dll
  File <Tanium Client>\extensions\TaniumIntegrityMonitor.dll.sig
  File <Tanium Client>\extensions\TaniumRecorder.dll
  File <Tanium Client>\extensions\TaniumRecorder.dll.sig
  File <Tanium Client>\extensions\recorder\proc.bin
  File <Tanium Client>\extensions\recorder\recorder.db
  File <Tanium Client>\extensions\recorder\recorder.db-shm
  File <Tanium Client>\extensions\recorder\recorder.db-wal
  File <Tanium Client>\extensions\index\index.db
  File <Tanium Client>\extensions\index\index.db-shm
  File <Tanium Client>\extensions\index\index.db-wal
  File <Tanium Client>\TaniumClientExtensions.dll
  File <Tanium Client>\TaniumClientExtensions.dll.sig
  Process <Tanium Client>\TaniumCX.exe
  Folder <Tanium Client>\extensions\index
  Folder <Tanium Client>\extensions\integrity-monitor
Linux x86 and x64 endpoints   Process <Tanium Client>/extensions/recorder/TaniumAuditPipe
  File <Tanium Client>/libTaniumClientExtensions.so
  File <Tanium Client>/libTaniumClientExtensions.so.sig
  File <Tanium Client>/extensions/libTaniumIndex.so
  File <Tanium Client>/extensions/libTaniumIndex.so.sig
  File <Tanium Client>/extensions/libTaniumIntegrityMonitor.so
  File <Tanium Client>/extensions/libTaniumIntegrityMonitor.so.sig
  File <Tanium Client>/extensions/libTaniumRecorder.so
  File <Tanium Client>/extensions/libTaniumRecorder.so.sig
  File <Tanium Client>/extensions/recorder/proc.bin
  File <Tanium Client>/extensions/recorder/recorder.db
  File <Tanium Client>/extensions/recorder/recorder.db-shm
  File <Tanium Client>/extensions/recorder/recorder.db-wal
  File <Tanium Client>/extensions/recorder/recorder.auditpipe
  File <Tanium Client>/extensions/index/index.db
  File <Tanium Client>/extensions/index/index.db-shm
  File <Tanium Client>/extensions/index/index.db-wal
  Process <Tanium Client>/TaniumCX
  Folder <Tanium Client>/extensions/index
  Folder <Tanium Client>/extensions/integrity-monitor

Map

Map security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\map-service\node.exe
  Process <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
  Process <Module Server>\services\map-service\node_modules\@tanium\postgresql\lib\win32\bin\postgres.exe
  Process <Module Server>\services\map-service\node_modules\@tanium\postgresql\lib\win32\bin\pg_ctl.exe
Windows endpoints   File <Tanium Client>\extensions\core\TaniumPythonCX.dll
  File <Tanium Client>\extensions\core\TaniumPythonCX.dll.sig
  File <Tanium Client>\extensions\mapcx\py\cx_entry.py
  File <Tanium Client>\extensions\mapcx\data\map.db
  File <Tanium Client>\extensions\TaniumRecorder.dll
  File <Tanium Client>\extensions\TaniumRecorder.dll.sig
  File <Tanium Client>\TaniumClientExtensions.dll
  File <Tanium Client>\TaniumClientExtensions.dll.sig
  Process <Tanium Client>\TaniumCX.exe
7.2.x clients Process <Tanium Client>\Python27\TPython.exe
7.2.x clients Folder <Tanium Client>\Python27
7.4.x clients Process <Tanium Client>\Python38\TPython.exe
7.4.x clients Folder <Tanium Client>\Python38
Linux endpoints   File  <Tanium Client>/extensions/core/TaniumPythonCX.so
  File <Tanium Client>/extensions/core/TaniumPythonCX.so.sig
  File <Tanium Client>/extensions/mapcx/py/cx_entry.py
  File <Tanium Client>/extensions/mapcx/data/map.db
  File <Tanium Client>/extensions/libTaniumRecorder.so
  File <Tanium Client>/extensions/libTaniumRecorder.so.sig
  File <Tanium Client>/TaniumClientExtensions.so
  File <Tanium Client>/TaniumClientExtensions.so.sig
  Process <Tanium Client>/TaniumCX
7.2.x clients Process <Tanium Client>/python27/bin/pybin
7.2.x clients Folder <Tanium Client>/python27
7.4.x clients Process <Tanium Client>/python38/python
7.4.x clients Folder <Tanium Client>/python38
macOS endpoints   File  <Tanium Client>/extensions/core/TaniumPythonCX.dylib
  File  <Tanium Client>/extensions/core/TaniumPythonCX.dylib.sig
  File <Tanium Client>/extensions/mapcx/py/cx_entry.py
  File <Tanium Client>/extensions/mapcx/data/map.db
  File <Tanium Client>/extensions/libTaniumRecorder.dylib
  File <Tanium Client>/extensions/libTaniumRecorder.dylib.sig
  File <Tanium Client>/TaniumClientExtensions.dylib
  File <Tanium Client>/TaniumClientExtensions.dylib.sig
  Process <Tanium Client>/TaniumCX
7.2.x clients Process <Tanium Client>/python27/python
7.2.x clients Folder <Tanium Client>/python27
7.4.x clients Process <Tanium Client>/python38/python
7.4.x clients Folder <Tanium Client>/python38
 
Map security exclusions
Target DeviceNotesExclusion TypeProcess
Windows endpoints File<Tanium Client>\extensions\core\TaniumPythonCX.dll
 File<Tanium Client>\extensions\core\TaniumPythonCX.dll.sig
 File<Tanium Client>\extensions\mapcx\py\cx_entry.py
 File<Tanium Client>\extensions\mapcx\data\map.db
 File<Tanium Client>\extensions\TaniumRecorder.dll
 File<Tanium Client>\extensions\TaniumRecorder.dll.sig
 File<Tanium Client>\TaniumClientExtensions.dll
 File<Tanium Client>\TaniumClientExtensions.dll.sig
 Process<Tanium Client>\TaniumCX.exe
7.2.x clientsProcess<Tanium Client>\Python27\TPython.exe
7.2.x clientsFolder<Tanium Client>\Python27
7.4.x clientsProcess<Tanium Client>\Python38\TPython.exe
7.4.x clientsFolder<Tanium Client>\Python38
Linux endpoints File <Tanium Client>/extensions/core/TaniumPythonCX.so
 File<Tanium Client>/extensions/core/TaniumPythonCX.so.sig
 File<Tanium Client>/extensions/mapcx/py/cx_entry.py
 File<Tanium Client>/extensions/mapcx/data/map.db
 File<Tanium Client>/extensions/libTaniumRecorder.so
 File<Tanium Client>/extensions/libTaniumRecorder.so.sig
 File<Tanium Client>/TaniumClientExtensions.so
 File<Tanium Client>/TaniumClientExtensions.so.sig
 Process<Tanium Client>/TaniumCX
7.2.x clientsProcess<Tanium Client>/python27/bin/pybin
7.2.x clientsFolder<Tanium Client>/python27
7.4.x clientsProcess<Tanium Client>/python38/python
7.4.x clientsFolder<Tanium Client>/python38
macOS endpoints File <Tanium Client>/extensions/core/TaniumPythonCX.dylib
 File <Tanium Client>/extensions/core/TaniumPythonCX.dylib.sig
 File<Tanium Client>/extensions/mapcx/py/cx_entry.py
 File<Tanium Client>/extensions/mapcx/data/map.db
 File<Tanium Client>/extensions/libTaniumRecorder.dylib
 File<Tanium Client>/extensions/libTaniumRecorder.dylib.sig
 File<Tanium Client>/TaniumClientExtensions.dylib
 File<Tanium Client>/TaniumClientExtensions.dylib.sig
 Process<Tanium Client>/TaniumCX
7.2.x clientsProcess<Tanium Client>/python27/python
7.2.x clientsFolder<Tanium Client>/python27
7.4.x clientsProcess<Tanium Client>/python38/python
7.4.x clientsFolder<Tanium Client>/python38

Patch

For Windows endpoints, review and follow the Microsoft antivirus security exclusion recommendations for enterprise computers. For more information, see Microsoft Support: Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows (KB822158).

Patch security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\patch-service\node.exe
required when Endpoint Configuration is installed Process <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints   Process <Tanium Client>\TaniumCX.exe
  FIle <Tanium Client>\TaniumClientExtensions.dll
  File <Tanium Client>\TaniumClientExtensions.dll.sig
  File <Tanium Client>\Patch\tanium-patch.min.vbs
  File <Tanium Client>\Patch\scans\Wsusscn2.cab
  Process <Tanium Client>\Patch\tools\active-user-sessions.exe
  File <Tanium Client>\Patch\tools\run-patch-manager.min.vbs
  Process <Tanium Client>\Patch\tools\TaniumExecWrapper.exe
  Process <Tanium Client>\Patch\tools\TaniumFileInfo.exe
  Process <Tanium Client>\Patch\tools\TaniumUpdateSearcher.exe
7.2.x clients Process <Tanium Client>\Python27\TPython.exe
Folder <Tanium Client>\Python27
7.4.x clients Process <Tanium Client>\Python38\TPython.exe
Folder <Tanium Client>\Python38
  Process <Tanium Client>\Tools\Patch\7za.exe
  Process <Tanium Client>\Patch\tools\TaniumExecWrapper.exe
  File <Tanium Client>\extensions\TaniumSoftwareManager.dll
  File <Tanium Client>\extensions\TaniumSoftwareManager.dll.sig
exclude from on-access or real-time scans Folder <Tanium Client>
Linux endpoints   File <Tanium Client>/libTaniumClientExtensions.so
  File <Tanium Client>/libTaniumClientExtensions.so.sig
7.2.x clients Process <Tanium Client>/python27/bin/pybin
Process <Tanium Client>/python27/python
Folder <Tanium Client>/python27
7.4.x clients Process <Tanium Client>/python38/bin/pybin
Process <Tanium Client>/python38/python
Folder <Tanium Client>/python38
  File <Tanium Client>/extensions/libTaniumSoftwareManager.so
  File <Tanium Client>/extensions/libTaniumSoftwareManager.so.sig
macOS endpoints   File <Tanium Client>/libTaniumClientExtensions.so
  File <Tanium Client>/libTaniumClientExtensions.so.sig
7.2.x clients Process <Tanium Client>/python27/bin/pybin
Process <Tanium Client>/python27/python
Folder <Tanium Client>/python27
7.4.x clients Process <Tanium Client>/python38/bin/pybin
Process <Tanium Client>/python38/python
Folder <Tanium Client>/python38
  File <Tanium Client>/extensions/libTaniumSoftwareManager.dylib
  File <Tanium Client>/extensions/libTaniumSoftwareManager.dylib.sig
Patch security exclusions
Target device Notes Exclusion Type Exclusion
Windows endpoints   Process <Tanium Client>\TaniumCX.exe
  File <Tanium Client>\TaniumClientExtensions.dll
  File <Tanium Client>\TaniumClientExtensions.dll.sig
  File <Tanium Client>\Patch\tanium-patch.min.vbs
  File <Tanium Client>\Patch\scans\Wsusscn2.cab
  Process <Tanium Client>\Patch\tools\active-user-sessions.exe
  FIle <Tanium Client>\Patch\tools\run-patch-manager.min.vbs
  Process <Tanium Client>\Patch\tools\TaniumExecWrapper.exe
  Process <Tanium Client>\Patch\tools\TaniumFileInfo.exe
  Process <Tanium Client>\Patch\tools\TaniumUpdateSearcher.exe
7.4.x clients Process <Tanium Client>\Python38\TPython.exe
Folder <Tanium Client>\Python38
  Process <Tanium Client>\Tools\Patch\7za.exe
  Process <Tanium Client>\Patch\tools\TaniumExecWrapper.exe
  File <Tanium Client>\extensions\TaniumSoftwareManager.dll
  File <Tanium Client>\extensions\TaniumSoftwareManager.dll.sig
exclude from on-access or real-time scans Folder <Tanium Client>
Linux endpoints   File <Tanium Client>/libTaniumClientExtensions.so
  File <Tanium Client>/libTaniumClientExtensions.so.sig
7.4.x clients Process <Tanium Client>/python38/bin/pybin
Process <Tanium Client>/python38/python
Folder <Tanium Client>/python38
  FIle <Tanium Client>/extensions/libTaniumSoftwareManager.so
  File <Tanium Client>/extensions/libTaniumSoftwareManager.so.sig
macOS endpoints   File <Tanium Client>/libTaniumClientExtensions.so
  File <Tanium Client>/libTaniumClientExtensions.so.sig
7.4.x clients Process <Tanium Client>/python38/bin/pybin
Process <Tanium Client>/python38/python
Folder <Tanium Client>/python38
  File <Tanium Client>/extensions/libTaniumSoftwareManager.dylib
  File <Tanium Client>/extensions/libTaniumSoftwareManager.dylib.sig

Performance

Performance security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\performance-service\node.exe
  Process <Module Server>\services\event-service\twsm.exe
  Process <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows (x86 and x64) endpoints   File <Tanium Client>\TaniumClientExtensions.dll
  File <Tanium Client>\TaniumClientExtensions.dll.sig
  File <Tanium Client>\extensions\TaniumDEC.dll
  File <Tanium Client>\extensions\TaniumDEC.dll.sig
  File <Tanium Client>\extensions\TaniumPerformance.dll
  File <Tanium Client>\extensions\TaniumPerformance.dll.sig
  Process <Tanium Client>\Tools\PerformanceTSDB\TaniumTSDB.exe
  File <Tanium Client>\extensions\TaniumTSDB.dll
  File <Tanium Client>\extensions\TaniumTSDB.dll.sig
  File <Tanium Client>\extensions\SupportCX.dll
  File <Tanium Client>\extensions\SupportCX.dll.sig
  File <Tanium Client>\extensions\TaniumConfig.dll
  File <Tanium Client>\extensions\TaniumConfig.dll.sig
  File <Tanium Client>\extensions\performance\performance.db
  File <Tanium Client>\extensions\performance\performance.db-shm
  File <Tanium Client>\extensions\performance\performance.db-wal
7.4.x clients Folder <Tanium Client>\Python38
7.4.x clients1 Process <Tanium Client>\Python38\TPython.exe
  Process <Tanium Client>\TaniumCX.exe
Linux (x86 and x64) endpoints   File <Tanium Client>/libTaniumClientExtensions.so
  File <Tanium Client>/libTaniumClientExtensions.so.sig
  File <Tanium Client>/extensions/libTaniumDEC.so
  File <Tanium Client>/extensions/libTaniumDEC.so.sig
  File <Tanium Client>/extensions/libTaniumPerformance.so
  File <Tanium Client>/extensions/libTaniumPerformance.so.sig
  Process <Tanium Client>/Tools/PerformanceTSDB/TaniumTSDB
  File <Tanium Client>/extensions/libTaniumTSDB.so
  File <Tanium Client>/extensions/libTaniumTSDB.so.sig
  File <Tanium Client>/extensions/libSupportCX.so
  File <Tanium Client>/extensions/libSupportCX.so.sig
  File <Tanium Client>/extensions/libTaniumConfig.so
  File <Tanium Client>/extensions/libTaniumConfig.so.sig
  File <Tanium Client>/extensions/performance/performance.db
  File <Tanium Client>/extensions/performance/performance.db-shm
  File <Tanium Client>/extensions/performance/performance.db-wal
7.4.x clients Folder <Tanium Client>/python38
7.4.x clients Process <Tanium Client>/python38/bin/pybin
  Process <Tanium Client>/TaniumCX
macOS endpoints   File <Tanium Client>/libTaniumClientExtensions.dylib
  File <Tanium Client>/libTaniumClientExtensions.dylib.sig
  File <Tanium Client>/extensions/libTaniumDEC.dylib
  File <Tanium Client>/extensions/libTaniumDEC.dylib.so
  File <Tanium Client>/extensions/libTaniumPerformance.dylib
  File <Tanium Client>/extensions/libTaniumPerformance.dylib.sig
  Process <Tanium Client>/Tools/PerformanceTSDB/TaniumTSDB
  File <Tanium Client>/extensions/libTaniumTSDB.dylib
  File <Tanium Client>/extensions/libTaniumTSDB.dylib.sig
  File <Tanium Client>/extensions/libSupportCX.dylib
  File <Tanium Client>/extensions/libSupportCX.dylib.sig
  File <Tanium Client>/extensions/libTaniumConfig.dylib
  File <Tanium Client>/extensions/libTaniumConfig.dylib.sig
  File <Tanium Client>/extensions/performance/performance.db
  File <Tanium Client>/extensions/performance/performance.db-shm
  File <Tanium Client>/extensions/performance/performance.db-wal
7.4.x clients Folder <Tanium Client>/python38
7.4.x client Process <Tanium Client>/python38/bin/pybin
  Process <Tanium Client>/TaniumCX
1 = TPython requires SHA2 support to allow installation.
Performance security exclusions
Target Device Notes Exclusion Type Exclusion
Windows (x86 and x64) endpoints   File <Tanium Client>\TaniumClientExtensions.dll
  File <Tanium Client>\TaniumClientExtensions.dll.sig
  File <Tanium Client>\extensions\TaniumDEC.dll
  File <Tanium Client>\extensions\TaniumDEC.dll.sig
  File <Tanium Client>\extensions\TaniumPerformance.dll
  File <Tanium Client>\extensions\TaniumPerformance.dll.sig
  Process <Tanium Client>\Tools\PerformanceTSDB\TaniumTSDB.exe
  File <Tanium Client>\extensions\TaniumTSDB.dll
  File <Tanium Client>\extensions\TaniumTSDB.dll.sig
  File <Tanium Client>\extensions\SupportCX.dll
  File <Tanium Client>\extensions\SupportCX.dll.sig
  File <Tanium Client>\extensions\TaniumConfig.dll
  File <Tanium Client>\extensions\TaniumConfig.dll.sig
  File <Tanium Client>\extensions\performance\performance.db
  File <Tanium Client>\extensions\performance\performance.db-shm
  File <Tanium Client>\extensions\performance\performance.db-wal
7.4.x clients Folder <Tanium Client>\Python38
7.4.x clients1 Process <Tanium Client>\Python38\TPython.exe
  Process <Tanium Client>\TaniumCX.exe
Linux (x86 and x64) endpoints   File <Tanium Client>/libTaniumClientExtensions.so
  File <Tanium Client>/libTaniumClientExtensions.so.sig
  File <Tanium Client>/extensions/libTaniumDEC.so
  File <Tanium Client>/extensions/libTaniumDEC.so.sig
  File <Tanium Client>/extensions/libTaniumPerformance.so
  File <Tanium Client>/extensions/libTaniumPerformance.so.sig
  Process <Tanium Client>/Tools/PerformanceTSDB/TaniumTSDB
  File <Tanium Client>/extensions/libTaniumTSDB.so
  File <Tanium Client>/extensions/libTaniumTSDB.so.sig
  File <Tanium Client>/extensions/libSupportCX.so
  File <Tanium Client>/extensions/libSupportCX.so.sig
  File <Tanium Client>/extensions/libTaniumConfig.so
  File <Tanium Client>/extensions/libTaniumConfig.so.sig
  File <Tanium Client>/extensions/performance/performance.db
  File <Tanium Client>/extensions/performance/performance.db-shm
  File <Tanium Client>/extensions/performance/performance.db-wal
7.4.x clients Folder <Tanium Client>/python38
7.4.x clients Process <Tanium Client>/python38/bin/pybin
  Process <Tanium Client>/TaniumCX
macOS endpoints   File <Tanium Client>/libTaniumClientExtensions.dylib
  File <Tanium Client>/libTaniumClientExtensions.dylib.sig
  File <Tanium Client>/extensions/libTaniumDEC.dylib
  File <Tanium Client>/extensions/libTaniumDEC.dylib.so
  File <Tanium Client>/extensions/libTaniumPerformance.dylib
  File <Tanium Client>/extensions/libTaniumPerformance.dylib.sig
  Process <Tanium Client>/Tools/PerformanceTSDB/TaniumTSDB
  File <Tanium Client>/extensions/libTaniumTSDB.dylib
  File <Tanium Client>/extensions/libTaniumTSDB.dylib.sig
  File <Tanium Client>/extensions/libSupportCX.dylib
  File <Tanium Client>/extensions/libSupportCX.dylib.sig
  File <Tanium Client>/extensions/libTaniumConfig.dylib
  File <Tanium Client>/extensions/libTaniumConfig.dylib.sig
  File <Tanium Client>/extensions/performance/performance.db
  File <Tanium Client>/extensions/performance/performance.db-shm
  File <Tanium Client>/extensions/performance/performance.db-wal
7.4.x clients Folder <Tanium Client>/python38
7.4.x clients Process <Tanium Client>/python38/bin/pybin
  Process <Tanium Client>/TaniumCX
1 = TPython requires SHA2 support to allow installation.

Provision

Provision security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\provision-service\TaniumProvisionService.exe
  Process <Module Server>\services\twsm-v1\twsm.exe
Windows endpoints   Process <Tanium Client>\TaniumCX.exe
  File <Tanium Client>\TaniumClientExtensions.dll
  File <Tanium Client>\TaniumClientExtensions.dll.sig
  File <Tanium Client>\extensions\TaniumConfig.dll
  File <Tanium Client>\extensions\TaniumConfig.dll.sig
  File <Tanium Client>\extensions\TaniumDEC.dll
  File <Tanium Client>\extensions\TaniumDEC.dll.sig
  File <Tanium Client>\extensions\TaniumProvision.dll
  File <Tanium Client>\extensions\TaniumProvision.dll.sig
  Process <Tanium Client>\Tools\Provision\TaniumPXE.exe
  Folder <Tanium Client>\Tools\Provision
Linux endpoints   Process <Tanium Client>/TaniumCX
  File <Tanium Client>/libTaniumClientExtensions.so
  File <Tanium Client>/libTaniumClientExtensions.so.sig
  File <Tanium Client>/extensions/libTaniumConfig.so
  File <Tanium Client>/extensions/libTaniumConfig.so.sig
  File <Tanium Client>/extensions/libTaniumDEC.so
  File <Tanium Client>/extensions/libTaniumDEC.so.sig
  File <Tanium Client>/extensions/libTaniumProvision.so
  File <Tanium Client>/extensions/libTaniumProvision.so.sig
  Folder <Tanium Client>/Tools/Provision
macOS endpoints   Process <Tanium Client>/TaniumCX
  File <Tanium Client>/libTaniumClientExtensions.so
  File <Tanium Client>/libTaniumClientExtensions.so.sig
  File <Tanium Client>/extensions/libTaniumConfig.so
  File <Tanium Client>/extensions/libTaniumConfig.so.sig
  File <Tanium Client>/extensions/libTaniumDEC.so
  File <Tanium Client>/extensions/libTaniumDEC.so.sig
  File <Tanium Client>/extensions/libTaniumProvision.so
  File <Tanium Client>/extensions/libTaniumProvision.so.sig
  Folder <Tanium Client>/Tools/Provision

RDB Service

RDB service security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\rdb-service\TaniumRdbService.exe

No additional process exclusions are recommended.

Reporting

Reporting security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\reporting-service\TaniumReportingService.exe

No additional process exclusions are required.

Reputation

Reputation security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\reputation-service\node.exe

No additional process exclusions are required.

Reveal

Reveal security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\reveal-service\node.exe
  Process <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints   Process <Tanium Client>\TaniumCX.exe
  File <Tanium Client>\TaniumClientExtensions.dll
  File <Tanium Client>\TaniumClientExtensions.dll.sig
  File <Tanium Client>\extensions\TaniumDEC.dll
  File <Tanium Client>\extensions\TaniumDEC.dll.sig
  File <Tanium Client>\extensions\TaniumIndex.dll
  File <Tanium Client>\extensions\TaniumIndex.dll.sig
  File <Tanium Client>\extensions\index\index.db
  File <Tanium Client>\extensions\index\index.db-shm
  File <Tanium Client>\extensions\index\index.db-wal
Linux endpoints   Process <Tanium Client>/TaniumCX
  File <Tanium Client>/libTaniumClientExtensions.so
  File <Tanium Client>/libTaniumClientExtensions.so.sig
  File <Tanium Client>/extensions/libTaniumDEC.so
  File <Tanium Client>/extensions/libTaniumDEC.so.sig
  File <Tanium Client>/extensions/libTaniumIndex.so
  File <Tanium Client>/extensions/libTaniumIndex.so.sig
  File <Tanium Client>/extensions/index/index.db
  File <Tanium Client>/extensions/index/index.db-shm
  File <Tanium Client>/extensions/index/index.db-wal
 macOS endpoints   Process <Tanium Client>/TaniumCX
  File <Tanium Client>/libTaniumClientExtensions.dylib
  File <Tanium Client>/libTaniumClientExtensions.dylib.sig
  File <Tanium Client>/extensions/libTaniumDEC.dylib
  File <Tanium Client>/extensions/libTaniumDEC.dylib.sig
  File <Tanium Client>/extensions/libTaniumIndex.dylib
  File <Tanium Client>/extensions/libTaniumIndex.dylib.sig
  File <Tanium Client>/extensions/index/index.db
  File <Tanium Client>/extensions/index/index.db-shm
  File <Tanium Client>/extensions/index/index.db-wal
Reveal security exclusions
Target Device Notes Exclusion Type Exclusion
Windows endpoints   Process <Tanium Client>\TaniumCX.exe
  File <Tanium Client>\TaniumClientExtensions.dll
  File <Tanium Client>\TaniumClientExtensions.dll.sig
  File <Tanium Client>\extensions\TaniumDEC.dll
  File <Tanium Client>\extensions\TaniumDEC.dll.sig
  File <Tanium Client>\extensions\TaniumIndex.dll
  File <Tanium Client>\extensions\TaniumIndex.dll.sig
  File <Tanium Client>\extensions\index\index.db
  File <Tanium Client>\extensions\index\index.db-shm
  File <Tanium Client>\extensions\index\index.db-wal
Linux endpoints   Process <Tanium Client>/TaniumCX
  File <Tanium Client>/libTaniumClientExtensions.so
  File <Tanium Client>/libTaniumClientExtensions.so.sig
  File <Tanium Client>/extensions/libTaniumDEC.so
  File <Tanium Client>/extensions/libTaniumDEC.so.sig
  File <Tanium Client>/extensions/libTaniumIndex.so
  File <Tanium Client>/extensions/libTaniumIndex.so.sig
  File <Tanium Client>/extensions/index/index.db
  File <Tanium Client>/extensions/index/index.db-shm
  File <Tanium Client>/extensions/index/index.db-wal
 macOS endpoints   Process <Tanium Client>/TaniumCX
  File <Tanium Client>/libTaniumClientExtensions.dylib
  File <Tanium Client>/libTaniumClientExtensions.dylib.sig
  File <Tanium Client>/extensions/libTaniumDEC.dylib
  File <Tanium Client>/extensions/libTaniumDEC.dylib.sig
  File <Tanium Client>/extensions/libTaniumIndex.dylib
  File <Tanium Client>/extensions/libTaniumIndex.dylib.sig
  File <Tanium Client>/extensions/index/index.db
  File <Tanium Client>/extensions/index/index.db-shm
  File <Tanium Client>/extensions/index/index.db-wal

Screen Sharing

Screen Sharing security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\screen-sharing-service\TaniumScreenSharingService.exe

No additional process exclusions are required.

Secrets Service

Secrets service security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\secrets-service\TaniumSecretsService.exe

No additional process exclusions are recommended.

System User Service

System User service security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\system-user-service\TaniumSystemUserService.exe

No additional process exclusions are recommended.

Threat Response

Threat Response security exclusions
Target Device Notes Exclusion Type Exclusion
Tanium Module Server     Process  <Module Server>\services\threat-response-service\node.exe
  Process <Module Server>\services\twsm-v1\twsm.exe
  Process <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Tanium Zone Server   Process <Tanium Installation Directory>\Tanium Direct Connect Zone Proxy\node.exe
  Process <Tanium Installation Directory>\Tanium Direct Connect Zone Proxy\twsm.exe
Windows x86 and x64 endpoints   Process <Tanium Client>\Tools\IR\TaniumExecWrapper.exe
  Process <Tanium Client>\Tools\IR\TanFileInfo.exe
  Process <Tanium Client>\Tools\IR\TaniumFileInfo.exe
  Process <Tanium Client>\Tools\IR\TaniumHandle.exe
  Process <Tanium Client>\Tools\IR\TaniumListModules.exe
  File <Tanium Client>\extensions\TaniumIndex.dll
  File <Tanium Client>\extensions\TaniumIndex.dll.sig
  Process <Tanium Client>\Tools\recorder\TaniumRecorderCtl.exe
  File <Tanium Client>\extensions\TaniumRecorder.dll
  File <Tanium Client>\extensions\TaniumRecorder.dll.sig
  File <Tanium Client>\extensions\SupportCX.dll
  File <Tanium Client>\extensions\SupportCX.dll.sig
  File <Tanium Client>\extensions\recorder\proc.bin
  File <Tanium Client>\extensions\recorder\recorder.db
  File <Tanium Client>\extensions\recorder\recorder.db-shm
  File <Tanium Client>\extensions\recorder\recorder.db-wal
  File <Tanium Client>\extensions\index\index.db
  File <Tanium Client>\extensions\index\index.db-shm
  File <Tanium Client>\extensions\index\index.db-wal
  Process <Tanium Client>\tools\driver\TaniumDriverCtl.exe
  Process <Tanium Client>\tools\driver\TaniumDriverCtl64.exe
  Process <Tanium Client>\tools\driver\TaniumDriverSvc.exe
  Process <Tanium Client>\tools\driver\TaniumDriverSvc64.exe
  Process <Tanium Client>\tools\driver\service\TaniumDriverSvc.exe
  Process <Tanium Client>\tools\driver\service\TaniumDriverSvc64.exe
  File <Tanium Client>\tools\driver\TaniumProcessMonitor.dll
  File <Tanium Client>\tools\driver\TaniumProcessMonitor64.dll
  File <Tanium Client>\extensions\TaniumThreatResponse.dll
  File <Tanium Client>\extensions\TaniumThreatResponse.dll.sig
  File <Tanium Client>\extensions\core\TaniumPythonCx.dll
  File <Tanium Client>\extensions\core\TaniumPythonCx.dll.sig
  Folder <Tanium Client>\extensions\stream
  File <Tanium Client>\TaniumClientExtensions.dll
  File <Tanium Client>\TaniumClientExtensions.dll.sig
1 Process <Tanium Client>\Downloads\Action_*\TaniumFileTransfer.exe
1 Process <Tanium Client>\Downloads\Action_*\Winpmem.gb414603.exe
  Process <Tanium Client>\Tools\IR\TaniumPersistenceAnalyzer.exe
  File <Tanium Client>\Tools\IR\PowerForensics\PowerForensics.dll
7.2.x clients, 3 Process <Tanium Client>\Python27\TPython.exe
7.4.x clients, 3 Process <Tanium Client>\Python38\TPython.exe
7.2.x clients Folder <Tanium Client>\Python27
7.4.x clients Folder <Tanium Client>\Python38
  Process <Tanium Client>\TaniumCX.exe
  File <Tanium Client>\extensions\TaniumDEC.dll
  File <Tanium Client>\extensions\TaniumDEC.dll.sig
  File C:\Windows\System32\drivers\TaniumRecorderDrv.sys
  File C:\Windows\SysWOW64\TaniumProcessMonitor.dll
  File C:\Windows\system32\drivers\TaniumProcessMonitor.dll
Linux x86 and x64 endpoints   Process <Tanium Client>/extensions/recorder/TaniumAuditPipe
  Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/Tools/IR/TaniumExecWrapper
  File <Tanium Client>/extensions/libTaniumIndex.so
  File <Tanium Client>/extensions/libTaniumIndex.so.sig
7.2.x clients Folder <Tanium Client>/python27
7.2.x clients Process <Tanium Client>/python27/python
7.2.x clients Process <Tanium Client>/python27/bin/pybin
7.4.x clients Folder <Tanium Client>/python38
7.4.x clients Process <Tanium Client>/python38/python
  File <Tanium Client>/libTaniumClientExtensions.so
  File <Tanium Client>/libTaniumClientExtensions.so.sig
  File <Tanium Client>/libSupportCX.so
  File <Tanium Client>/libSupportCX.so.sig
  File <Tanium Client>/extensions/libTaniumThreatResponse.so
  File <Tanium Client>/extensions/libTaniumThreatResponse.so.sig
  File <Tanium Client>/extensions/libTaniumRecorder.so
  File <Tanium Client>/extensions/libTaniumRecorder.so.sig
  File <Tanium Client>/extensions/recorder/proc.bin
  File <Tanium Client>/extensions/recorder/recorder.db
  File <Tanium Client>/extensions/recorder/recorder.db-shm
  File <Tanium Client>/extensions/recorder/recorder.db-wal
  File <Tanium Client>/extensions/recorder/recorder.auditpipe
  File <Tanium Client>/extensions/index/index.db
  File <Tanium Client>/extensions/index/index.db-shm
  File <Tanium Client>/extensions/index/index.db-wal
  File <Tanium Client>/extensions/core/libTaniumPythonCx.so
  File <Tanium Client>/extensions/core/libTaniumPythonCx.so.sig
  File <Tanium Client>/extensions/libTaniumDEC.so
  File <Tanium Client>/extensions/libTaniumDEC.so.sig
  Folder <Tanium Client>/extensions/stream
1,2 Process <Tanium Client>/Downloads/Action_*/surge-collect
1,2 File <Tanium Client>/Downloads/Action_*/surge.dat
1 File <Tanium Client>/Downloads/Action_*/linpmem-*.bin
1 Process <Tanium Client>/Downloads/Action_*/taniumfiletransfer
macOS endpoints   Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/Tools/IR/TaniumExecWrapper
  File <Tanium Client>/extensions/libTaniumIndex.dylib
  File <Tanium Client>/extensions/libTaniumIndex.dylib.sig
7.2.x clients Folder <Tanium Client>/python27
7.2.x clients Process <Tanium Client>/python27/python
7.4.x clients Folder <Tanium Client>/python38
7.4.x clients Process <Tanium Client>/python38/python
  File <Tanium Client>/libTaniumClientExtensions.dylib
  File <Tanium Client>/libTaniumClientExtensions.dylib.sig
  File <Tanium Client>/extensions/libTaniumThreatResponse.dylib
  File <Tanium Client>/extensions/libTaniumThreatResponse.dylib.sig
  File <Tanium Client>/extensions/libTaniumRecorder.dylib
  File <Tanium Client>/extensions/libTaniumRecorder.dylib.sig
  File <Tanium Client>/extensions/recorder/proc.bin
  File <Tanium Client>/extensions/recorder/recorder.db
  File <Tanium Client>/extensions/recorder/recorder.db-shm
  File <Tanium Client>/extensions/recorder/recorder.db-wal
  File <Tanium Client>/extensions/recorder/recorder.auditpipe
  File <Tanium Client>/extensions/core/libTaniumPythonCx.dylib
  File <Tanium Client>/extensions/index/index.db
  File <Tanium Client>/extensions/index/index.db-shm
  File <Tanium Client>/extensions/index/index.db-wal
  File <Tanium Client>/extensions/core/libTaniumPythonCx.dylib.sig
  Folder <Tanium Client>/extensions/stream
  File <Tanium Client>/extensions/libTaniumDEC.dylib
  File <Tanium Client>/extensions/libTaniumDEC.dylib.sig
  File <Tanium Client>/extensions/libSupportCX.dylib
  File <Tanium Client>/extensions/libSupportCX.dylib.sig
1,2 Process <Tanium Client>/Downloads/Action_*/surge-collect
1,2 File <Tanium Client>/Downloads/Action_*/surge.dat
1 Process <Tanium Client>/Downloads/Action_*/osxpmem.app/osxpmem
1 Process <Tanium Client>/Downloads/Action_*/taniumfiletransfer
1 = Where * corresponds to the action ID or the version of linpmem.

2 = Exception is required if Volexity Surge is used for memory collection.

3 = TPython requires SHA2 support to allow installation.

Threat Response security exclusions
Target Device Notes Exclusion Type Exclusion
Tanium Zone Server   Process <Tanium Installation Directory>\Tanium Direct Connect Zone Proxy\node.exe
  Process <Tanium Installation Directory>\Tanium Direct Connect Zone Proxy\twsm.exe
Windows x86 and x64 endpoints   Process <Tanium Client>\Tools\IR\TaniumExecWrapper.exe
  Process <Tanium Client>\Tools\IR\TanFileInfo.exe
  Process <Tanium Client>\Tools\IR\TaniumFileInfo.exe
  Process <Tanium Client>\Tools\IR\TaniumHandle.exe
  Process <Tanium Client>\Tools\IR\TaniumListModules.exe
  File <Tanium Client>\extensions\TaniumIndex.dll
  File <Tanium Client>\extensions\TaniumIndex.dll.sig
  Process  <Tanium Client>\Tools\recorder\TaniumRecorderCtl.exe
  File <Tanium Client>\extensions\TaniumRecorder.dll
  File <Tanium Client>\extensions\TaniumRecorder.dll.sig
  File <Tanium Client>\extensions\recorder\proc.bin
  File <Tanium Client>\extensions\recorder\recorder.db
  File <Tanium Client>\extensions\recorder\recorder.db-shm
  File <Tanium Client>\extensions\recorder\recorder.db-wal
  File <Tanium Client>\extensions\TaniumThreatResponse.dll
  File <Tanium Client>\extensions\index\index.db
  File <Tanium Client>\extensions\index\index.db-shm
  File <Tanium Client>\extensions\index\index.db-wal
  File <Tanium Client>\extensions\TaniumThreatResponse.dll.sig
  File <Tanium Client>\extensions\core\TaniumPythonCx.dll
  File <Tanium Client>\extensions\core\TaniumPythonCx.dll.sig
  File <Tanium Client>\TaniumClientExtensions.dll
  File <Tanium Client>\TaniumClientExtensions.dll.sig
1 Process <Tanium Client>\Downloads\Action_*\TaniumFileTransfer.exe
1 Process <Tanium Client>\Downloads\Action_*\Winpmem.gb414603.exe
  Process <Tanium Client>\Tools\IR\TaniumPersistenceAnalyzer.exe
  File <Tanium Client>\Tools\IR\PowerForensics\PowerForensics.dll
7.4.x clients Process <Tanium Client>\Python38\TPython.exe
7.4.x clients Folder <Tanium Client>\Python38
  Process <Tanium Client>\TaniumCX.exe
  File <Tanium Client>\extensions\TaniumDEC.dll
  File <Tanium Client>\extensions\TaniumDEC.dll.sig
  File C:\Windows\System32\drivers\TaniumRecorderDrv.sys
  File C:\Windows\SysWOW64\TaniumProcessMonitor.dll
  File C:\Windows\system32\drivers\TaniumProcessMonitor.dll
  Process <Tanium Client>\tools\driver\TaniumDriverCtl.exe
  Process <Tanium Client>\tools\driver\TaniumDriverCtl64.exe
  Process <Tanium Client>\tools\driver\TaniumDriverSvc.exe
  Process <Tanium Client>\tools\driver\TaniumDriverSvc64.exe
  Process <Tanium Client>\tools\driver\service\TaniumDriverSvc.exe
  Process <Tanium Client>\tools\driver\service\TaniumDriverSvc64.exe
Linux x86 and x64 endpoints   Process <Tanium Client>/extensions/recorder/TaniumAuditPipe
  Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/Tools/IR/TaniumExecWrapper
7.4.x clients Folder <Tanium Client>/python38
7.4.x clients Process <Tanium Client>/python38/python
  File <Tanium Client>/libTaniumClientExtensions.so
  File <Tanium Client>/libTaniumClientExtensions.so.sig
  File <Tanium Client>/extensions/libTaniumThreatResponse.so
  File <Tanium Client>/extensions/libTaniumThreatResponse.so.sig
  File <Tanium Client>/extensions/libTaniumRecorder.so
  File <Tanium Client>/extensions/libTaniumRecorder.so.sig
  File <Tanium Client>/extensions/recorder/proc.bin
  File <Tanium Client>/extensions/recorder/recorder.db
  File <Tanium Client>/extensions/recorder/recorder.db-shm
  File <Tanium Client>/extensions/recorder/recorder.db-wal
  File <Tanium Client>/extensions/recorder/recorder.auditpipe
  File <Tanium Client>/extensions/index/index.db
  File <Tanium Client>/extensions/index/index.db-shm
  File <Tanium Client>/extensions/index/index.db-wal
  File <Tanium Client>/extensions/core/libTaniumPythonCx.so
  File <Tanium Client>/extensions/core/libTaniumPythonCx.so.sig
  File <Tanium Client>/extensions/libTaniumDEC.so
  File <Tanium Client>/extensions/libTaniumDEC.so.sig
  File <Tanium Client>/extensions/libTaniumIndex.so
  File <Tanium Client>/extensions/libTaniumIndex.so.sig
1,2 Process <Tanium Client>/Downloads/Action_*/surge-collect
1,2 File <Tanium Client>/Downloads/Action_*/surge.dat
1 File <Tanium Client>/Downloads/Action_*/linpmem-*.bin
1 Process <Tanium Client>/Downloads/Action_*/taniumfiletransfer
macOS endpoints   Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/Tools/IR/TaniumExecWrapper
  File <Tanium Client>/extensions/libTaniumIndex.dylib
  File <Tanium Client>/extensions/libTaniumIndex.dylib.sig
7.4.x clients Folder <Tanium Client>/python38
7.4.x clients Process <Tanium Client>/python38/python
  File <Tanium Client>/libTaniumClientExtensions.dylib
  File <Tanium Client>/libTaniumClientExtensions.dylib.sig
  File <Tanium Client>/extensions/libTaniumThreatResponse.dylib
  File <Tanium Client>/extensions/libTaniumThreatResponse.dylib.sig
  File <Tanium Client>/extensions/libTaniumRecorder.dylib
  File <Tanium Client>/extensions/libTaniumRecorder.dylib.sig
  File <Tanium Client>/extensions/recorder/proc.bin
  File <Tanium Client>/extensions/recorder/recorder.db
  File <Tanium Client>/extensions/recorder/recorder.db-shm
  File <Tanium Client>/extensions/recorder/recorder.db-wal
  File <Tanium Client>/extensions/recorder/recorder.auditpipe
  File <Tanium Client>/extensions/index/index.db
  File <Tanium Client>/extensions/index/index.db-shm
  File <Tanium Client>/extensions/index/index.db-wal
  File <Tanium Client>/extensions/core/libTaniumPythonCx.dylib
  File <Tanium Client>/extensions/core/libTaniumPythonCx.dylib.sig
  File <Tanium Client>/extensions/libTaniumDEC.dylib
  File <Tanium Client>/extensions/libTaniumDEC.dylib.sig
1,2 Process <Tanium Client>/Downloads/Action_*/surge-collect
1,2 File <Tanium Client>/Downloads/Action_*/surge.dat
1 Process <Tanium Client>/Downloads/Action_*/osxpmem.app/osxpmem
1 Process <Tanium Client>/Downloads/Action_*/taniumfiletransfer
1 = Where * corresponds to the action ID or the version of linpmem.

2 = Exception is required if Volexity Surge is used for memory collection.

3 = TPython requires SHA2 support to allow installation.

Trends

Trends security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\twsm-v1\twsm.exe
Required only during upgrade from Trends 3.8 and earlier Process <Module Server>\services\trends\node_modules\@tanium
\postgresql\lib\win32\bin\postgres.exe
Required only during upgrade from Trends 3.8 and earlier Process <Module Server>\services\trends\node_modules\@tanium
\postgresql\lib\win32\bin\pg_ctl.exe

No additional process exclusions are required.