Host system security exclusions

To monitor and block unknown host system processes, many organizations use security software, such as host-based firewalls and antivirus detection. To ensure that such software does not interfere with Tanium operations, work with your network and security team to allow Tanium Client folders and processes, so that the software treats them as trusted exclusions. Typically, this means configuring the security software to exclude the installation directories of the Tanium Client and (for Windows deployments) Tanium Core Platform servers from real-time inspection. Configuring trusted exclusions also typically involves setting a policy to ignore input and output from Tanium binaries.

Tanium Core Platform servers do not require host system security exclusions in a Tanium Appliance deployment. Tanium Clients on all operating systems (OSs) require host system security exclusions.

Tanium Client Core Platform folders

The following table lists Tanium Client Core Platform folders that antivirus and other host-based security applications must exclude from real-time scans. Include subfolders of these locations when you create the exception rules. The listed folder paths are the defaults. If you changed the folder locations to non-default paths, create rules based on the actual locations.

Table 1: Security exclusions for Tanium Client folders
Endpoint OS	Installation folder
Windows 32-bit	\Program Files\Tanium\Tanium Client
Windows 64-bit	\Program Files (x86)\Tanium\Tanium Client
macOS	/Library/Tanium/TaniumClient
Linux, Solaris	/opt/Tanium/TaniumClient

Table 1: Security exclusions for Tanium Core Platform folders
Target Device	OS	Installation folder
¹ Tanium Server	Windows 64-bit	\Program Files\Tanium\Tanium Server
Tanium Module Server	Windows 64-bit	\Program Files\Tanium\Tanium Module Server
		\Program Files\Tanium\Tanium Module Postgres
Tanium Zone Server, Zone Server Hub	Windows 64-bit	\Program Files (x86)\Tanium\Tanium ZoneServer
² Tanium Client endpoints	Windows 32-bit	\Program Files\Tanium\Tanium Client
	Windows 64-bit	\Program Files (x86)\Tanium\Tanium Client
	macOS	/Library/Tanium/TaniumClient
	Linux, Solaris, AIX	/opt/Tanium/TaniumClient
¹ You might also have to exclude the Tanium Server Downloads directory if it was moved out of the installation directory using the instructions in the KB article Relocate Downloads Directory. ² For additional folder exclusions that are required during Tanium Client installation, see Tanium Client Management User Guide: Security exclusions for Client Management.

Tanium Client Core Platform system processes

The following table lists Tanium Client Core Platform system processes that must be allowed (not blocked, quarantined, or otherwise processed). The <Tanium Client> variable indicates the client installation folder. The variables such as <Module Server> indicate the installation folder of the platform servers and Tanium Client.

Table 2: Security exclusions for Tanium Client processes
Endpoint OS	Process
Windows, macOS, Linux	<Tanium Client>/Tools/StdUtils folder or all the files that it contains, including: 7za.exe (Windows) or 7za (macOS, Linux) runasuser.exe (Windows only) runasuser64.exe (Windows only) TaniumExecWrapper.exe (Windows) or TaniumExecWrapper (macOS, Linux) TaniumFileInfo.exe (Windows only) TPowerShell.exe (Windows only) distribute-tools.sh (macOS, Linux only)
Windows	<Tanium Client>\TaniumClient.exe
Windows	<Tanium Client>\TaniumCX.exe
macOS, Linux, Solaris, AIX	<Tanium Client>/TaniumClient
	<Tanium Client>/taniumclient
	<Tanium Client>/TaniumCX

Table 2: Security exclusions for Tanium Core Platform processes
Target Device	OS	Process
Tanium Server	Windows	<Tanium Server>\TaniumReceiver.exe
Tanium Module Server	Windows	<Module Server>\7za.exe
		<Module Server>\TaniumModuleServer.exe
		<Module Server>\temp\content-management\ContentManagement.exe
		<Module Server>\services\tanium-data-service\TaniumDataService.exe
		<Module Server>\services\gateway-service\TaniumGatewayService.exe
		<Module Server>\services\reporting-service\TaniumReportingService.exe
Tanium Zone Server, Zone Server Hub	Windows	<Zone Server>\TaniumZoneServer.exe
Tanium Zone Server, Zone Server Hub	Windows	<Zone Server Hub>\TaniumZoneServer.exe
Tanium Client endpoints	Windows, macOS, Linux	<Tanium Client>/Tools/StdUtils folder or all the files that it contains, including: 7za.exe (Windows) or 7za (macOS, Linux) runasuser.exe (Windows only) runasuser64.exe (Windows only) TaniumExecWrapper.exe (Windows) or TaniumExecWrapper (macOS, Linux) TaniumFileInfo.exe (Windows only) TPowerShell.exe (Windows only) distribute-tools.sh (macOS, Linux only)
	Windows	<Tanium Client>\TaniumClient.exe
	Windows	<Tanium Client>\TaniumCX.exe
	macOS, Linux, Solaris, AIX	<Tanium Client>/TaniumClient
		<Tanium Client>/taniumclient
		<Tanium Client>/TaniumCX

If you use Microsoft Group Policy Objects (GPO) or other central management tools to manage host firewalls, you might need to create rules to allow inbound and outbound TCP traffic across port 17472 and port 17486 on any managed endpoints, including the Tanium Server.
If running McAfee Host Intrusion Prevention System (HIPS), mark the Tanium Client as both Trusted for Firewall and Trusted for IPS, per McAfee KB71704.
The Tanium Client on Windows uses the Windows Update offline scan file, Wsusscn2.cab, to assess computers for installed or missing OS and application security patches. If your endpoint security solutions scan archive files, refer to the Microsoft KB for information on how to configure those tools to interact appropriately with the Wsusscn2.cab file.

Tanium binary file signer

Some security products base exclusion rules on file signers. Tanium uses an extended validation (EV) code-signing certificate with the following signer for the Tanium-generated binary files of Tanium Core Platform servers, Tanium Clients, and Tanium modules. Tanium also uses this certificate to sign VBS and PS1 files within action packages:

Subject: jurisdictionC=US/jurisdictionST=Delaware/businessCategory=Private Organization/serialNumber=4332270, C=US, ST=CA, L=Emeryville, O=Tanium Inc., CN=Tanium Inc.

Solution module folders

As a rule, Tanium solution modules are installed in subdirectories of the Tanium Module Server installation directory. This facilitates any exclusion rules you must create: simply exclude the Module Server installation directory and its subdirectories. This requirement applies only to a Module Server installed on Windows infrastructure.

Solution module processes

The following sections list additional processes on the Module Server (Windows infrastructure only) and Tanium Client (all OSs) that you must configure as exclusions in security software to enable Tanium modules and shared services to work.

The following sections use variables (such as <Module Server>) to indicate the installation folder of a Tanium Core Platform server or the Tanium Client. The following sections use the <Tanium Client> variable to indicate the client installation folder.

Asset
Client Management
Comply
Connect
Deploy
Direct Connect
Discover
Endpoint Configuration
End-User Notifications
Enforce
Health Check
Impact
Incident Response
Integrity Monitor
Map
Network Quarantine
Patch
Performance
Reputation
Reveal
Threat Response
Trends

Asset

Asset security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\asset-service\node.exe
		Process	<Module Server>\services\asset-service\[email protected]\postgresql\lib\win32\bin\postgres.exe
		Process	<Module Server>\services\asset-service\[email protected]\postgresql\lib\win32\bin\pg_ctl.exe
		Process	<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints	For integration with Flexera	Process	<Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe
Windows endpoints	For integration with Flexera	Process	<Tanium Client>\Tools\Asset\TaniumFileEvidence.exe
macOS and Linux endpoints	For integration with Flexera	Process	<Tanium Client>/Tools/EPI/TaniumEndpointIndex
macOS and Linux endpoints	For integration with Flexera	Process	<Tanium Client>/Tools/Asset/TaniumFileEvidence

Asset security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Windows endpoints	For integration with Flexera	Process	<Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe
Windows endpoints	For integration with Flexera	Process	<Tanium Client>\Tools\Asset\TaniumFileEvidence.exe
macOS and Linux endpoints	For integration with Flexera	Process	<Tanium Client>/Tools/EPI/TaniumEndpointIndex
macOS and Linux endpoints	For integration with Flexera	Process	<Tanium Client>/Tools/Asset/TaniumFileEvidence

Client Management

Table 3: Client Management security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\client-management-service\node.exe
Module Server		Process	<Module Server>\services\twsm-v1\twsm.exe
Windows x86 endpoints	During client installation	Process	\Program Files\Tanium\TaniumClientBootstrap.exe
	During client installation	Process	\Program Files\Tanium\SetupClient.exe
	During client installation	Process	<Tanium Client>\SetupClient.exe
		Process	<Tanium Client>\TaniumClientExtensions.dll
		Process	<Tanium Client>\TaniumClientExtensions.dll.sig
		Process	<Tanium Client>\extensions\TaniumDEC.dll
		Process	<Tanium Client>\extensions\TaniumDEC.dll.sig
		Process	<Tanium Client>\TaniumCX.exe
Windows x64 endpoints	During client installation	Process	\Program Files (x86)\Tanium\TaniumClientBootstrap.exe
	During client installation	Process	\Program Files (x86)\Tanium\SetupClient.exe
	During client installation	Process	<Tanium Client>\SetupClient.exe
		Process	<Tanium Client>\TaniumClientExtensions.dll
		Process	<Tanium Client>\TaniumClientExtensions.dll.sig
		Process	<Tanium Client>\extensions\TaniumDEC.dll
		Process	<Tanium Client>\extensions\TaniumDEC.dll.sig
		Process	<Tanium Client>\TaniumCX.exe
macOS endpoints	During client installation	Process	/Library/Tanium/TaniumClientBootstrap
	During client installation	Process	/Library/Tanium/SetupClient
	During client installation	Process	<Tanium Client>/SetupClient
		Process	<Tanium Client>/libTaniumClientExtensions.dylib
		Process	<Tanium Client>/libTaniumClientExtensions.dylib.sig
		Process	<Tanium Client>/extensions/libTaniumDEC.dylib
		Process	<Tanium Client>/extensions/libTaniumDEC.dylib.sig
		Process	<Tanium Client>/TaniumCX
Linux endpoints	During client installation	Process	/opt/Tanium/TaniumClientBootstrap
	During client installation	Process	/opt/Tanium/SetupClient
	During client installation	Process	<Tanium Client>/SetupClient
		Process	<Tanium Client>/libTaniumClientExtensions.so
		Process	<Tanium Client>/libTaniumClientExtensions.so.sig
		Process	<Tanium Client>/extensions/libTaniumDEC.so
		Process	<Tanium Client>/extensions/libTaniumDEC.so.sig
		Process	<Tanium Client>/TaniumCX
Solaris and AIX endpoints	During client installation	Process	/opt/Tanium/TaniumClientBootstrap
	During client installation	Process	/opt/Tanium/SetupClient
	During client installation	Process	<Tanium Client>/SetupClient

Table 3: Client Management security exclusions
Target Device	Exclusion Type	Exclusion
Windows x86 endpoint	Process	<Tanium Client>\TaniumClientExtensions.dll
	Process	<Tanium Client>\TaniumClientExtensions.dll.sig
	Process	<Tanium Client>\extensions\TaniumDEC.dll
	Process	<Tanium Client>\extensions\TaniumDEC.dll.sig
	Process	<Tanium Client>\TaniumCX.exe
Windows x64 endpoints	Process	<Tanium Client>\TaniumClientExtensions.dll
	Process	<Tanium Client>\TaniumClientExtensions.dll.sig
	Process	<Tanium Client>\extensions\TaniumDEC.dll
	Process	<Tanium Client>\extensions\TaniumDEC.dll.sig
	Process	<Tanium Client>\TaniumCX.exe
macOS endpoints	Process	<Tanium Client>/libTaniumClientExtensions.dylib
	Process	<Tanium Client>/libTaniumClientExtensions.dylib.sig
	Process	<Tanium Client>/extensions/libTaniumDEC.dylib
	Process	<Tanium Client>/extensions/libTaniumDEC.dylib.sig
	Process	<Tanium Client>/TaniumCX
Linux endpoints	Process	<Tanium Client>/libTaniumClientExtensions.so
	Process	<Tanium Client>/libTaniumClientExtensions.so.sig
	Process	<Tanium Client>/extensions/libTaniumDEC.so
	Process	<Tanium Client>/extensions/libTaniumDEC.so.sig
	Process	<Tanium Client>/TaniumCX

Comply

Comply security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\comply-service\node.exe
Module Server		Process	<Module Server>\services\comply-service\node_modules\ovalindex\build\bin\ovalindex.exe
Windows endpoints		Process	<Tanium Client>\Tools\Comply\TaniumExecWrapper.exe
		Process	<Tanium Client>\Tools\Comply\jre\bin\java.exe
		Process	<Tanium Client>\Tools\Comply\7za.exe
Linux/macOS/AIX endpoints		Process	<Tanium Client>/Tools/Comply/TaniumExecWrapper
		Process	<Tanium Client>/Tools/Comply/jre/bin/java
		Process	<Tanium Client>/Tools/Comply/7za
		Process	<Tanium Client>/Tools/Comply/xsltproc
Tanium Scan Engine		Process	<Tanium Client>/Tools/Comply/joval/Joval4Tanium.jar
Tanium Scan Engine		Process	<Tanium Client>/Tools/Comply/joval/Joval-Utilities.jar
CIS-CAT engine		Process	<Tanium Client>/Tools/Comply/cis-cat/CIS-CAT.jar
	Linux only	Process	<Tanium Client>/Tools/Comply/cis-cat/CIS-CAT.sh
	Windows only	Process	<Tanium Client>/Tools/Comply/cis-cat/CIS-CAT.BAT
SCC engine - Windows endpoints		Process	<Tanium Client>\Tools\Comply\scc\cscc.exe
		Process	<Tanium Client>\Tools\Comply\scc\cscc32.exe
		Process	<Tanium Client>\Tools\Comply\scc\cscc64.exe
		Process	<Tanium Client>\Tools\Comply\scc\scc.exe
		Process	<Tanium Client>\Tools\Comply\scc\scc32.exe
		Process	<Tanium Client>\Tools\Comply\scc\scc64.exe
SCC engine - Linux/macOS endpoints		Process	<Tanium Client>/Tools/Comply/scc/cscc
		Process	<Tanium Client>/Tools/Comply/scc/cscc.bin
		Process	<Tanium Client>/Tools/Comply/scc/scc
		Process	<Tanium Client>/Tools/Comply/scc/scc.bin

Comply security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Windows endpoints		Process	<Tanium Client>\Tools\Comply\TaniumExecWrapper.exe
		Process	<Tanium Client>\Tools\Comply\jre\bin\java.exe
		Process	<Tanium Client>\Tools\Comply\7za.exe
Linux/macOS endpoints		Process	<Tanium Client>/Tools/Comply/TaniumExecWrapper
		Process	<Tanium Client>/Tools/Comply/jre/bin/java
		Process	<Tanium Client>/Tools/Comply/7za
		Process	<Tanium Client>/Tools/Comply/xsltproc
Tanium Scan Engine		Process	<Tanium Client>/Tools/Comply/joval/Joval4Tanium.jar
Tanium Scan Engine		Process	<Tanium Client>/Tools/Comply/joval/Joval-Utilities.jar
CIS-CAT engine		Process	<Tanium Client>/Tools/Comply/cis-cat/CIS-CAT.jar
	Linux only	Process	<Tanium Client>/Tools/Comply/cis-cat/CIS-CAT.sh
	Windows only	Process	<Tanium Client>/Tools/Comply/cis-cat/CIS-CAT.BAT
SCC engine - Windows endpoints		Process	<Tanium Client>\Tools\Comply\scc\cscc.exe
		Process	<Tanium Client>\Tools\Comply\scc\cscc32.exe
		Process	<Tanium Client>\Tools\Comply\scc\cscc64.exe
		Process	<Tanium Client>\Tools\Comply\scc\scc.exe
		Process	<Tanium Client>\Tools\Comply\scc\scc32.exe
		Process	<Tanium Client>\Tools\Comply\scc\scc64.exe
SCC engine - Linux/macOS endpoints		Process	<Tanium Client>/Tools/Comply/scc/cscc
		Process	<Tanium Client>/Tools/Comply/scc/cscc.bin
		Process	<Tanium Client>/Tools/Comply/scc/scc
		Process	<Tanium Client>/Tools/Comply/scc/scc.bin

Connect

Connect security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\connect-service\node.exe

No additional process exclusions are required.

Deploy

Deploy security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\deploy-service\node.exe
Module Server	Required when Endpoint Configuration is installed	Process	<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints	Required only for the Microsoft Windows 10 Upgrade packages	Folder	C:\Deploy\Tanium
		Process	<Tanium Client>\Python27\TPython.exe
	7.4.x clients	Process	<Tanium Client>\Python38\TPython.exe
	7.4.x clients	Folder	<Tanium Client>\Python38
		Process	<Tanium Client>\Tools\Deploy\7za.exe
		Process	<Tanium Client>\Tools\SoftwareManagement\7za.exe
		Process	<Tanium Client>\TaniumCX.exe
		Folder	%programdata%\Tanium
Linux endpoints		Process	<Tanium Client>/python27/bin/pybin
	7.2.x clients	Process	<Tanium Client>/python27/pybin
	7.4.x clients	Process	<Tanium Client>/python38/python
		Process	<Tanium Client>/TaniumCX
		Process	<Tanium Client>/Tools/SoftwareManagement/data/software-management.db
		Process	<Tanium Client>/Tools/SoftwareManagement/data/software-management.db-wal
		Process	<Tanium Client>/Tools/SoftwareManagement/data/software-management.dc-shm
macOS endpoints		Process	<Tanium Client>/python27/bin/pybin
	7.2.x clients	Process	<Tanium Client>/python27/pybin
	7.4.x clients	Process	<Tanium Client>/python38/python
		Process	<Tanium Client>/TaniumCX

Deploy security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Windows endpoints	Required only for the Microsoft Windows 10 Upgrade packages	Folder	C:\Deploy\Tanium
		Process	<Tanium Client>\Python27\TPython.exe
	7.4.x clients	Process	<Tanium Client>\Python38\TPython.exe
	7.4.x clients	Folder	<Tanium Client>\Python38
		Process	<Tanium Client>\Tools\Deploy\7za.exe
		Process	<Tanium Client>\Tools\SoftwareManagement\7za.exe
		Process	<Tanium Client>\TaniumCX.exe
		Folder	%programdata%\Tanium
Linux endpoints		Process	<Tanium Client>/python27/bin/pybin
	7.4.x clients	Process	<Tanium Client>/python38/python
		Process	<Tanium Client>/TaniumCX
		Process	<Tanium Client>/Tools/SoftwareManagement/data/software-management.db
		Process	<Tanium Client>/Tools/SoftwareManagement/data/software-management.db-wal
		Process	<Tanium Client>/Tools/SoftwareManagement/data/software-management.dc-shm
macOS endpoints		Process	<Tanium Client>/python27/bin/pybin
	7.4.x clients	Process	<Tanium Client>/python38/python
		Process	<Tanium Client>/TaniumCX

Direct Connect

Direct Connect security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\direct-connect-service\node.exe
Module Server		Process	<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Zone Server		Process	<Tanium Installation Directory>\Tanium Direct Connect Zone Proxy\node.exe
Windows endpoints		Process	<Tanium Client>\TaniumClientExtensions.dll
		Process	<Tanium Client>\TaniumClientExtensions.dll.sig
		Process	<Tanium Client>\extensions\TaniumDEC.dll
		Process	<Tanium Client>\extensions\TaniumDEC.dll.sig
	7.2.x clients; requires SHA2 support to allow installation	Process	<Tanium Client>\Python27\TPython.exe
	7.4.x clients; requires SHA2 support to allow installation	Process	<Tanium Client>\Python38\TPython.exe
		Process	<Tanium Client>\TaniumCX.exe
	7.4.x clients	Folder	<Tanium Client>\Python38
macOS endpoints		Process	<Tanium Client>/libTaniumClientExtensions.dylib
		Process	<Tanium Client>/libTaniumClientExtensions.dylib.sig
		Process	<Tanium Client>/extensions/libTaniumDEC.dylib
		Process	<Tanium Client>/extensions/libTaniumDEC.dylib.sig
	7.2.x clients	Process	<Tanium Client>/python27/bin/pybin
	7.4.x clients	Process	<Tanium Client>/python38/bin/pybin
		Process	<Tanium Client>/TaniumCX
Linux endpoints		Process	<Tanium Client>/libTaniumClientExtensions.so
		Process	<Tanium Client>/libTaniumClientExtensions.so.sig
		Process	<Tanium Client>/extensions/libTaniumDEC.so
		Process	<Tanium Client>/extensions/libTaniumDEC.so.sig
	7.2.x clients	Process	<Tanium Client>/python27/bin/pybin
	7.4.x clients	Process	<Tanium Client>/python38/bin/pybin
		Process	<Tanium Client>/TaniumCX

Direct Connect security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Windows endpoints		Process	<Tanium Client>\TaniumClientExtensions.dll
		Process	<Tanium Client>\TaniumClientExtensions.dll.sig
		Process	<Tanium Client>\extensions\TaniumDEC.dll
		Process	<Tanium Client>\extensions\TaniumDEC.dll.sig
	Requires SHA2 support to allow installation	Process	<Tanium Client>\Python38\TPython.exe
		Process	<Tanium Client>\TaniumCX.exe
		Folder	<Tanium Client>\Python38
macOS endpoints		Process	<Tanium Client>/libTaniumClientExtensions.dylib
		Process	<Tanium Client>/libTaniumClientExtensions.dylib.sig
		Process	<Tanium Client>/extensions/libTaniumDEC.dylib
		Process	<Tanium Client>/extensions/libTaniumDEC.dylib.sig
		Process	<Tanium Client>/python38/bin/pybin
		Process	<Tanium Client>/TaniumCX
Linux endpoints		Process	<Tanium Client>/libTaniumClientExtensions.so
		Process	<Tanium Client>/libTaniumClientExtensions.so.sig
		Process	<Tanium Client>/extensions/libTaniumDEC.so
		Process	<Tanium Client>/extensions/libTaniumDEC.so.sig
		Process	<Tanium Client>/python38/bin/pybin
		Process	<Tanium Client>/TaniumCX

Discover

Discover security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\discover-service\node.exe
		Process	<Module Server>\plugins\content\discover-proxy\proxyplugin.exe
		Process	<Module Server>\services\twsm-v1\twsm.exe
		Process	<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints	(Level 3 and 4 profiles only)	Folder	C:\Program Files\Npcap
Windows endpoints	(Level 3 and 4 profiles only)	Process	<Tanium Client>\Tools\Discover\nmap\nmap.exe
Linux endpoints	(Level 3 and 4 profiles only)	Process	<Tanium Client>/Tools/Discover/nmap/nmap
macOS endpoints	(Level 3 and 4 profiles only)	Process	<Tanium Client>/Tools/Discover/nmap/nmap

Endpoint Configuration

No additional process exclusions are required.

Endpoint Configuration security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe

End-User Notifications

End-User Notifications security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server	Required when Endpoint Configuration is installed	Process	<Module Server>\interdependence-configuration-service\TaniumEndpointConfigService.exe
		Process	<Module Server>\services\end-user-notifications-service\node.exe
		Process	<Module Server>\services\twsm-v1\twsm.exe
Windows endpoints	7.2.x clients	Process	<Tanium Client>\Python27\TPython.exe
	7.4.x clients	Process	<Tanium Client>\Python38\TPython.exe
		Process	<Tanium>\Tanium End User Notification Tools\UserSessionProxy.exe
		Process	<Tanium>\Tanium End User Notification Tools\bin\end-user-notifications.exe
	exclude from on-access or real-time scans	Folder	<Tanium>\Tanium End User Notification Tools
macOS endpoints	7.2.x clients	Process	<Tanium Client>/python27/bin/pybin
	7.4.x clients	Process	<Tanium Client>/python38/bin/pybin
		Process	/Library/Tanium/EndUserNotifications/bin/end-user-notifications.app
		Folder	/Library/Tanium/EndUserNotifications

End-User Notifications security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Windows endpoints	7.4.x clients	Process	<Tanium Client>\Python38\TPython.exe
		Process	<Tanium>\Tanium End User Notification Tools\UserSessionProxy.exe
		Process	<Tanium>\Tanium End User Notification Tools\bin\end-user-notifications.exe
	exclude from on-access or real-time scans	Folder	<Tanium>\Tanium End User Notification Tools
macOS endpoints	7.4.x clients	Process	<Tanium Client>/python38/bin/pybin
		Process	/Library/Tanium/EndUserNotifications/bin/end-user-notifications.app
		Folder	/Library/Tanium/EndUserNotifications

Enforce

Enforce security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\enforce-service\7za.exe
Module Server		Process	<Module Server>\services\enforce-service\node.exe
Windows x86 endpoints		Process	<Tanium Client>\Tools\StdUtils\7za.exe
		Process	<Tanium Client>\Tools\Enforce\devcon32.exe
		Process	<Tanium Client>\Tools\Enforce\LocalPolicyTool.exe
	7.2.x clients	Process	<Tanium Client>\Python27\TPython.exe
	7.4.x clients	Process	<Tanium Client>\Python38\TPython.exe
	7.4.x clients	Folder	<Tanium Client>\Python38
		Process	<Tanium Client>\TaniumCX.exe
Windows x64 endpoints		Process	<Tanium Client>\Tools\StdUtils\7za.exe
		Process	<Tanium Client>\Tools\Enforce\devcon64.exe
		Process	<Tanium Client>\Tools\Enforce\LocalPolicyTool.exe
	7.2.x clients	Process	<Tanium Client>\Python27\TPython.exe
	7.4.x clients	Process	<Tanium Client>\Python38\TPython.exe
	7.4.x clients	Folder	<Tanium Client>\Python38
		Process	<Tanium Client>\TaniumCX.exe
macOS and Linux x86 and x64 endpoints	7.2.x clients	Process	<Tanium Client>/python27/python
		Process	<Tanium Client>/python27/bin/pybin
	7.4.x clients	Process	<Tanium Client>/python38/python
		Process	<Tanium Client>/python38/bin/pybin
		Process	<Tanium Client>/TaniumCX

Health Check

Health Check security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\health-service\node.exe
Module Server		Process	<Module Server>\services\health-service\twsm.exe

Impact

Impact security exclusions
Target Device	Exclusion Type	Exclusion
Module Server	Process	<Module Server>\services\impact-service\TaniumImpactService.exe
Module Server	Process	<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints	Process	<Tanium Client>\Python38\TPython.exe
Windows endpoints	Folder	<Tanium Client>\Python38

Impact security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Windows endpoints		Process	<Tanium Client>\Python38\TPython.exe
Windows endpoints		Folder	<Tanium Client>\Python38

Incident Response

Incident Response security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Windows x86 or x64 endpoints		Process	<Tanium Client>\Tools\IR\TaniumPersistenceAnalyzer.exe
		Process	<Tanium Client>\Tools\EPI\TaniumExecWrapper.exe
		Process	<Tanium Client>\Tools\IR\TaniumExecWrapper.exe
		Process	<Tanium Client>\Tools\IR\TanFileInfo.exe
		Process	<Tanium Client>\Tools\IR\TaniumHandle.exe
		Process	<Tanium Client>\Tools\IR\TanListModules.exe
		Process	<Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe
		Process	<Tanium Client>\Tools\IR\PowerForensics\PowerForensics.dll
	¹	Process	<Tanium Client>\Downloads\Action_nnn\Winpmem.gb414603.exe
	¹	Process	<Tanium Client>\Downloads\Action_nnn\TaniumFileTransfer.exe
	¹,²	Process	<Tanium Client>\Downloads\Action_nnn\surge-collect.exe
	¹,²	Process	<Tanium Client>\Downloads\Action_nnn\surge.dat
	7.2.x clients, ³	Process	<Tanium Client>\Python27\TPython.exe
	7.4.x clients, ³	Process	<Tanium Client>\Python38\TPython.exe
	7.4.x clients	Folder	<Tanium Client>\Python38
macOS endpoints		Process	<Tanium Client>/Tools/EPI/TaniumExecWrapper
		Process	<Tanium Client>/Tools/IR/TaniumExecWrapper
		Process	<Tanium Client>/Tools/EPI/TaniumEndpointIndex
	¹,²	Process	<Tanium Client>/Downloads/Action_nnn/surge-collect
	¹,²	Process	<Tanium Client>/Downloads/Action_nnn/surge.dat
	¹	Process	<Tanium Client>/Downloads/Action_nnn/osxpmem.app/osxpmem
	¹	Process	<Tanium Client>/Downloads/Action_nnn/taniumfiletransfer
	7.2.x clients	Process	<Tanium Client>/python27/python
	7.4.x clients	Process	<Tanium Client>/python38/python
Linux x86 or x64 endpoints		Process	<Tanium Client>/Tools/EPI/TaniumExecWrapper
		Process	<Tanium Client>/Tools/IR/TaniumExecWrapper
		Process	<Tanium Client>/Tools/EPI/TaniumEndpointIndex
	¹,²	Process	<Tanium Client>/Downloads/Action_nnn/surge-collect
	¹,²	Process	<Tanium Client>/Downloads/Action_nnn/surge.dat
	¹	Process	<Tanium Client>/Downloads/Action_nnn/linpmem-<version>.bin
	¹	Process	<Tanium Client>/Downloads/Action_nnn/taniumfiletransfer
	7.2.x clients	Process	<Tanium Client>/python27/python
	7.4.x clients	Process	<Tanium Client>/python38/python
¹ = Where nnn corresponds to the action ID. ² = Exception is required if Volexity Surge is used for memory collection. ³ = TPython requires SHA2 support to allow installation.

Integrity Monitor

Integrity Monitor security exclusions
Target Device	Notes	Exclusion Type	Process
Tanium Module Server		Process	<Module Server>\services\integrity-monitor-service\node.exe
Tanium Module Server		Process	<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Tanium Zone Server		Process	<Zone Server>\proxy\node.exe
Windows x86 and x64 endpoints		Process	<Tanium Client>\Tools\EPI\TaniumExecWrapper.exe
		Process	<Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe
		Process	<Tanium Client>\Tools\IM\TaniumSQLiteQuery.exe
		Process	<Tanium Client>\Tools\IM\TaniumExecWrapper.exe
		Process	<Tanium Client>\extensions\TaniumRecorder.dll
		Process	<Tanium Client>\extensions\TaniumRecorder.dll.sig
		Process	<Tanium Client>\extensions\recorder\proc.bin
		Process	<Tanium Client>\extensions\recorder\recorder.db
		Process	<Tanium Client>\extensions\recorder\recorder.db-shm
		Process	<Tanium Client>\extensions\recorder\recorder.db-wal
		Process	<Tanium Client>\extensions\core\libTaniumPythonCx.dll
		Process	<Tanium Client>\extensions\core\libTaniumPythonCx.dll.sig
		Process	<Tanium Client>\TaniumClientExtensions.dll
		Process	<Tanium Client>\TaniumClientExtensions.dll.sig
	7.2.x clients	Process	<Tanium Client>\Python27\TPython.exe
	7.4.x clients	Process	<Tanium Client>\Python38\TPython.exe
	7.4.x clients	Folder	<Tanium Client>\Python38
		Process	<Tanium Client>\TaniumCX.exe
Linux x86 and x64 endpoints		Process	<Tanium Client>/TaniumAuditPipe
		Process	<Tanium Client>/Tools/Trace/recorder
		Process	<Tanium Client>/Tools/EPI/TaniumEndpointIndex
		Process	<Tanium Client>/Tools/EPI/TaniumExecWrapper
		Process	<Tanium Client>/Tools/IM/TaniumExecWrapper
	7.2.x clients	Process	<Tanium Client>/python27/python
	7.2.x clients	Process	<Tanium Client>/python27/bin/pybin
	7.4.x clients	Process	<Tanium Client>/python38/python
		Process	<Tanium Client>/libTaniumClientExtensions.so
		Process	<Tanium Client>/libTaniumClientExtensions.so.sig
		Process	<Tanium Client>/extensions/recorder/proc.bin
		Process	<Tanium Client>/extensions/recorder/recorder.db
		Process	<Tanium Client>/extensions/recorder/recorder.db-shm
		Process	<Tanium Client>/extensions/recorder/recorder.db-wal
		Process	<Tanium Client>/extensions/recorder/recorder.auditpipe
		Process	<Tanium Client>/extensions/core/libTaniumPythonCx.so
		Process	<Tanium Client>/extensions/core/libTaniumPythonCx.so.sig
		Process	<Tanium Client>/TaniumCX

Integrity Monitor security exclusions
Target Device	Notes	Exclusion Type	Process
Windows x86 and x64 endpoints		Process	<Tanium Client>\Tools\EPI\TaniumExecWrapper.exe
		Process	<Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe
		Process	<Tanium Client>\Tools\IM\TaniumSQLiteQuery.exe
		Process	<Tanium Client>\Tools\IM\TaniumExecWrapper.exe
		Process	<Tanium Client>\extensions\TaniumRecorder.dll
		Process	<Tanium Client>\extensions\TaniumRecorder.dll.sig
		Process	<Tanium Client>\extensions\recorder\proc.bin
		Process	<Tanium Client>\extensions\recorder\recorder.db
		Process	<Tanium Client>\extensions\recorder\recorder.db-shm
		Process	<Tanium Client>\extensions\recorder\recorder.db-wal
		Process	<Tanium Client>\extensions\core\libTaniumPythonCx.dll
		Process	<Tanium Client>\extensions\core\libTaniumPythonCx.dll.sig
		Process	<Tanium Client>\TaniumClientExtensions.dll
		Process	<Tanium Client>\TaniumClientExtensions.dll.sig
	7.4.x clients	Process	<Tanium Client>\Python38\TPython.exe
	7.4.x clients	Folder	<Tanium Client>\Python38
		Process	<Tanium Client>\TaniumCX.exe
Linux x86 and x64 endpoints		Process	<Tanium Client>/TaniumAuditPipe
		Process	<Tanium Client>/Tools/Trace/recorder
		Process	<Tanium Client>/Tools/EPI/TaniumEndpointIndex
		Process	<Tanium Client>/Tools/EPI/TaniumExecWrapper
		Process	<Tanium Client>/Tools/IM/TaniumExecWrapper
	7.4.x clients	Process	<Tanium Client>/python38/python
		Process	<Tanium Client>/libTaniumClientExtensions.so
		Process	<Tanium Client>/libTaniumClientExtensions.so.sig
		Process	<Tanium Client>/extensions/recorder/proc.bin
		Process	<Tanium Client>/extensions/recorder/recorder.db
		Process	<Tanium Client>/extensions/recorder/recorder.db-shm
		Process	<Tanium Client>/extensions/recorder/recorder.db-wal
		Process	<Tanium Client>/extensions/recorder/recorder.auditpipe
		Process	<Tanium Client>/extensions/core/libTaniumPythonCx.so
		Process	<Tanium Client>/extensions/core/libTaniumPythonCx.so.sig
		Process	<Tanium Client>/TaniumCX

Map

Map security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\map-service\node.exe
		Process	<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints	7.2.x clients	Process	<Tanium Client>\Python27\TPython.exe
	7.4.x clients	Process	<Tanium Client>\Python38\TPython.exe
	7.4.x clients	Folder	<Tanium Client>\Python38
		Process	<Tanium Client>\TaniumCX.exe
macOS endpoints		Process	<Tanium Client>/TaniumCX
Linux endpoints	7.2.x clients	Process	<Tanium Client>/python27/bin/pybin
	7.4.x clients	Process	<Tanium Client>/python38/python
		Process	<Tanium Client>/TaniumCX

Map security exclusions
Target Device	Notes	Exclusion Type	Process
Windows endpoints	7.4.x clients	Process	<Tanium Client>\Python38\TPython.exe
	7.4.x clients	Folder	<Tanium Client>\Python38\
		Process	<Tanium Client>\TaniumCX.exe
macOS endpoints		Process	<Tanium Client>/TaniumCX
Linux endpoints	7.4.x clients	Process	<Tanium Client>/python38/python
Linux endpoints		Folder	<Tanium Client>/TaniumCX

Network Quarantine

No additional process exclusions are required.

Patch

Patch security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\patch-service\node.exe
Module Server	required when Endpoint Configuration is installed	Process	<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints		Process	<Tanium Client>\Patch\tanium-patch.min.vbs
		Process	<Tanium Client>\Patch\scans\Wsusscn2.cab
		Process	<Tanium Client>\Patch\tools\active-user-sessions.exe
		Process	<Tanium Client>\Patch\tools\run-patch-manager.min.vbs
		Process	<Tanium Client>\Patch\tools\TaniumExecWrapper.exe
		Process	<Tanium Client>\Patch\tools\TaniumFileInfo.exe
		Process	<Tanium Client>\Patch\tools\TaniumUpdateSearcher.exe
	7.2.x clients	Process	<Tanium Client>\Python27\TPython.exe
	7.2.x clients	Folder	<Tanium Client>\Python27
	7.4.x clients	Process	<Tanium Client>\Python38\TPython.exe
	7.4.x clients	Folder	<Tanium Client>\Python38
		Process	<Tanium Client>\TaniumCX.exe
		Process	<Tanium Client>\Tools\Patch\7za.exe
		Process	<Tanium Client>\Tools\Patch\TaniumExecWrapper.exe
	exclude from on-access or real-time scans	Folder	<Tanium Client>
Linux endpoints	7.2.x clients	Process	<Tanium Client>/python27/bin/pybin
	7.2.x clients	Process	<Tanium Client>/python27/python
	7.4.x clients	Process	<Tanium Client>/python38/bin/pybin
	7.4.x clients	Process	<Tanium Client>/python38/python
		Process	<Tanium Client>/Tools/Patch/TaniumExecWrapper

Patch security exclusions
Target device	Notes	Exclusion Type	Exclusion
Windows endpoints		Process	<Tanium Client>\Patch\tanium-patch.min.vbs
		Process	<Tanium Client>\Patch\scans\Wsusscn2.cab
		Process	<Tanium Client>\Patch\tools\active-user-sessions.exe
		Process	<Tanium Client>\Patch\tools\run-patch-manager.min.vbs
		Process	<Tanium Client>\Patch\tools\TaniumExecWrapper.exe
		Process	<Tanium Client>\Patch\tools\TaniumFileInfo.exe
		Process	<Tanium Client>\Patch\tools\TaniumUpdateSearcher.exe
	7.4.x clients	Process	<Tanium Client>\Python38\TPython.exe
	7.4.x clients	Folder	<Tanium Client>\Python38
		Process	<Tanium Client>\TaniumCX.exe
		Process	<Tanium Client>\Tools\Patch\7za.exe
		Process	<Tanium Client>\Tools\Patch\TaniumExecWrapper.exe
	exclude from on-access or real-time scans	Folder	<Tanium Client>
Linux endpoints	7.4.x clients	Process	<Tanium Client>/python38/bin/pybin
	7.4.x clients	Process	<Tanium Client>/python38/python
		Process	<Tanium Client>/Tools/Patch/TaniumExecWrapper

Performance

Performance security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\performance\node.exe
		Process	<Module Server>\services\event-service\twsm.exe
		Process	<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows x86 and x64 endpoints		Process	<Tanium Client>\TaniumClientExtensions.dll
		Process	<Tanium Client>\TaniumClientExtensions.dll.sig
		Process	<Tanium Client>\extensions\TaniumPerformance.dll
		Process	<Tanium Client>\extensions\TaniumPerformance.dll.sig
		Process	<Tanium Client>\Tools\Performance\TaniumTSDB.exe
	7.2.x clients¹	Process	<Tanium Client>\Python27\TPython.exe
	7.4.x clients¹	Process	<Tanium Client>\Python38\TPython.exe
	7.4.x clients	Folder	<Tanium Client>\Python38
		Process	<Tanium Client>\TaniumCX.exe
macOS and Linux (x86 and x64) endpoints		Process	<Tanium Client>/libTaniumClientExtensions.so
		Process	<Tanium Client>/libTaniumClientExtensions.so.sig
		Process	<Tanium Client>/extensions/libTaniumPerformance.so
		Process	<Tanium Client>/extensions/libTaniumPerformance.so.sig
		Process	<Tanium Client>/Tools/Performance/TaniumTSDB
	7.2.x clients	Process	<Tanium Client>/python27/bin/pybin
	7.4.x clients	Process	<Tanium Client>/python38/bin/pybin
		Process	<Tanium Client>/TaniumCX
¹ = TPython requires SHA2 support to allow installation.

Performance security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Windows (x86 and x64) endpoints		Process	<Tanium Client>\TaniumClientExtensions.dll
		Process	<Tanium Client>\TaniumClientExtensions.dll.sig
		Process	<Tanium Client>\extensions\TaniumPerformance.dll
		Process	<Tanium Client>\extensions\TaniumPerformance.dll.sig
		Process	<Tanium Client>\Tools\Performance\TaniumTSDB.exe
	¹	Process	<Tanium Client>\Python38\TPython.exe
		Folder	<Tanium Client>\Python38
		Process	<Tanium Client>\TaniumCX.exe
macOS and Linux (x86 and x64) endpoints		Process	<Tanium Client>/libTaniumClientExtensions.so
		Process	<Tanium Client>/libTaniumClientExtensions.so.sig
		Process	<Tanium Client>/extensions/libTaniumPerformance.so
		Process	<Tanium Client>/extensions/libTaniumPerformance.so.sig
		Process	<Tanium Client>/Tools/Performance/TaniumTSDB
		Process	<Tanium Client>/python38/bin/pybin
		Process	<Tanium Client>/TaniumCX
¹ = TPython requires SHA2 support to allow installation.

Reputation

Reputation security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\reputation-service\node.exe

No additional process exclusions are required.

Reveal

Reveal security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Module Server		Process	<Module Server>\services\reveal-service\node.exe
Module Server		Process	<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints		Process	<Tanium Client>\TaniumCX.exe
		Process	<Tanium Client>\Tools\EPI\TaniumExecWrapper.exe
		Process	<Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe
		Process	<Tanium Client>\TaniumClientExtensions.dll
		Process	<Tanium Client>\TaniumClientExtensions.dll.sig
		Process	<Tanium Client>\extensions\RevealCX.dll
		Process	<Tanium Client>\extensions\RevealCX.dll.sig
		Process	<Tanium Client>\extensions\TaniumDEC.dll
		Process	<Tanium Client>\extensions\TaniumDEC.dll.sig
		Process	<Tanium Client>\extensions\core\libTaniumPythonCx.dll
		Process	<Tanium Client>\extensions\core\libTaniumPythonCx.dll.sig
	7.2.x clients, ¹	Process	<Tanium Client>\Python27\TPython.exe
	7.4.x clients, ¹	Process	<Tanium Client>\Python38\TPython.exe
	7.2.x clients	Folder	<Tanium Client>\Python38
Linux endpoints		Process	<Tanium Client>/TaniumCX
		Process	<Tanium Client>/Tools/EPI/TaniumExecWrapper
		Process	<Tanium Client>/Tools/EPI/TaniumEndpointIndex
		Process	<Tanium Client>/libTaniumClientExtensions.so
		Process	<Tanium Client>/libTaniumClientExtensions.so.sig
		Process	<Tanium Client>/extensions/libRevealCX.so
		Process	<Tanium Client>/extensions/libRevealCX.so.sig
		Process	<Tanium Client>/extensions/libTaniumDEC.so
		Process	<Tanium Client>/extensions/libTaniumDEC.so.sig
		Process	<Tanium Client>/extensions/core/libTaniumPythonCx.so
		Process	<Tanium Client>/extensions/core/libTaniumPythonCx.so.sig
	7.2.x clients	Process	<Tanium Client>/python27/python
	7.4.x clients	Process	<Tanium Client>/python38/python
macOS endpoints		Process	<Tanium Client>/TaniumCX
		Process	<Tanium Client>/Tools/EPI/TaniumExecWrapper
		Process	<Tanium Client>/Tools/EPI/TaniumEndpointIndex
		Process	<Tanium Client>/libTaniumClientExtensions.dylib
		Process	<Tanium Client>/libTaniumClientExtensions.dylib.sig
		Process	<Tanium Client>/extensions/libRevealCX.dylib
		Process	<Tanium Client>/extensions/libRevealCX.dylib.sig
		Process	<Tanium Client>/extensions/libTaniumDEC.dylib
		Process	<Tanium Client>/extensions/libTaniumDEC.dylib.sig
		Process	<Tanium Client>/extensions/core/libTaniumPythonCx.dylib
		Process	<Tanium Client>/extensions/core/libTaniumPythonCx.dylib.sig
	7.2.x clients	Process	<Tanium Client>/python27/python
	7.4.x clients	Process	<Tanium Client>/python38/python
¹ = TPython requires SHA2 support to allow installation.

Reveal security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Windows endpoints		Process	<Tanium Client>\TaniumCX.exe
		Process	<Tanium Client>\Tools\EPI\TaniumExecWrapper.exe
		Process	<Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe
		Process	<Tanium Client>\Tools\Reveal\TaniumReveal.exe
		Process	<Tanium Client>\TaniumClientExtensions.dll
		Process	<Tanium Client>\TaniumClientExtensions.dll.sig
		Process	<Tanium Client>\extensions\RevealCX.dll
		Process	<Tanium Client>\extensions\RevealCX.dll.sig
		Process	<Tanium Client>\extensions\TaniumDEC.dll
		Process	<Tanium Client>\extensions\TaniumDEC.dll.sig
		Process	<Tanium Client>\extensions\core\libTaniumPythonCx.dll
		Process	<Tanium Client>\extensions\core\libTaniumPythonCx.dll.sig
	7.4.x clients, ¹	Process	<Tanium Client>\Python38\TPython.exe
Linux endpoints		Process	<Tanium Client>/TaniumCX
		Process	<Tanium Client>/Tools/EPI/TaniumExecWrapper
		Process	<Tanium Client>/Tools/EPI/TaniumEndpointIndex
		Process	<Tanium Client>/Tools/Reveal/TaniumReveal
		Process	<Tanium Client>/libTaniumClientExtensions.so
		Process	<Tanium Client>/libTaniumClientExtensions.so.sig
		Process	<Tanium Client>/extensions/libRevealCX.so
		Process	<Tanium Client>/extensions/libRevealCX.so.sig
		Process	<Tanium Client>/extensions/libTaniumDEC.so
		Process	<Tanium Client>/extensions/libTaniumDEC.so.sig
		Process	<Tanium Client>/extensions//core/libTaniumPythonCx.so
		Process	<Tanium Client>/extensions/core/libTaniumPythonCx.so.sig
	7.4.x clients	Process	<Tanium Client>/python38/python
macOS endpoints		Process	<Tanium Client>/TaniumCX
		Process	<Tanium Client>/Tools/EPI/TaniumExecWrapper
		Process	<Tanium Client>/Tools/EPI/TaniumEndpointIndex
		Process	<Tanium Client>/Tools/Reveal/TaniumReveal
		Process	<Tanium Client>/libTaniumClientExtensions.dylib
		Process	<Tanium Client>/libTaniumClientExtensions.dylib.sig
		Process	<Tanium Client>/extensions/libRevealCX.dylib
		Process	<Tanium Client>/extensions/libRevealCX.dylib.sig
		Process	<Tanium Client>/extensions/libTaniumDEC.dylib
		Process	<Tanium Client>/extensions/libTaniumDEC.dylib.sig
		Process	<Tanium Client>/extensions/core/libTaniumPythonCx.dylib
		Process	<Tanium Client>/extensions/core/libTaniumPythonCx.dylib.sig
	7.4.x clients	Process	<Tanium Client>/python38/python
¹ = TPython requires SHA2 support to allow installation.

Threat Response

Threat Response security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Tanium Module Server		Process	<Module Server>\services\detect3\node.exe
		Process	<Module Server>\services\detect3\twsm.exe
		Process	<Module Server>\services\event-service\node.exe
		Process	<Module Server>\services\event-service\twsm.exe
		Process	<Module Server>\services\threat-response-service\node.exe
		Process	<Module Server>\services\twsm-v1\twsm.exe
		Process	<Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Tanium Zone Server		Process	<Zone Server>\proxy\node.exe
Windows x86 and x64 endpoints		Process	<Tanium Client>\Tools\EPI\TaniumExecWrapper.exe
		Process	<Tanium Client>\Tools\IR\TaniumExecWrapper.exe
		Process	<Tanium Client>\Tools\IR\TanFileInfo.exe
		Process	<Tanium Client>\Tools\IR\TaniumFileInfo.exe
		Process	<Tanium Client>\Tools\IR\TaniumHandle.exe
		Process	<Tanium Client>\Tools\IR\TanListModules.exe
		Process	<Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe
		Process	<Tanium Client>\Tools\recorder\TaniumRecorderCtl.exe
		Process	<Tanium Client>\Tools\Detect3\TaniumDetectEngine.exe
		Process	<Tanium Client>\extensions\TaniumRecorder.dll
		Process	<Tanium Client>\extensions\TaniumRecorder.dll.sig
		Process	<Tanium Client>\extensions\SupportCX.dll
		Process	<Tanium Client>\extensions\SupportCX.dll.sig
		Process	<Tanium Client>\extensions\recorder\proc.bin
		Process	<Tanium Client>\extensions\recorder\recorder.db
		Process	<Tanium Client>\extensions\recorder\recorder.db-shm
		Process	<Tanium Client>\extensions\recorder\recorder.db-wal
		Process	<Tanium Client>\extensions\TaniumThreatResponse.dll
		Process	<Tanium Client>\extensions\TaniumThreatResponse.dll.sig
		Process	<Tanium Client>\extensions\core\libTaniumPythonCx.dll
		Process	<Tanium Client>\extensions\core\libTaniumPythonCx.dll.sig
		Folder	<Tanium Client>\extensions\stream
		Process	<Tanium Client>\TaniumClientExtensions.dll
		Process	<Tanium Client>\TaniumClientExtensions.dll.sig
	¹	Process	<Tanium Client>\Downloads\Action_*\TaniumFileTransfer.exe
	¹	Process	<Tanium Client>\Downloads\Action_*\Winpmem.gb414603.exe
		Process	<Tanium Client>\Tools\IR\TaniumPersistenceAnalyzer.exe
		Process	<Tanium Client>\Tools\IR\PowerForensics\PowerForensics.dll
	7.2.x clients, ³	Process	<Tanium Client>\Python27\TPython.exe
	7.4.x clients, ³	Process	<Tanium Client>\Python38\TPython.exe
	7.4.x clients	Folder	<Tanium Client>\Python38
		Process	<Tanium Client>\TaniumSensorDebugger.exe
		Process	<Tanium Client>\TaniumCX.exe
		Process	<Tanium Client>\extensions\TaniumDEC.dll
		Process	<Tanium Client>\extensions\TaniumDEC.dll.sig
Linux x86 and x64 endpoints		Process	<Tanium Client>/TaniumAuditPipe
		Process	<Tanium Client>/TaniumCX
		Process	<Tanium Client>/TaniumSensorDebugger
		Process	<Tanium Client>/Tools/EPI/TaniumExecWrapper
		Process	<Tanium Client>/Tools/IR/TaniumExecWrapper
		Process	<Tanium Client>/Tools/EPI/TaniumEndpointIndex
		Process	<Tanium Client>/Tools/Detect3/TaniumDetectEngine
	7.2.x clients	Process	<Tanium Client>/python27/python
	7.2.x clients	Process	<Tanium Client>/python27/bin/pybin
	7.4.x clients	Process	<Tanium Client>/python38/python
		Process	<Tanium Client>/libTaniumClientExtensions.so
		Process	<Tanium Client>/libTaniumClientExtensions.so.sig
		Process	<Tanium Client>/libSupportCX.so
		Process	<Tanium Client>/libSupportCX.so.sig
		Process	<Tanium Client>/extensions/libTaniumThreatResponse.so
		Process	<Tanium Client>/extensions/libTaniumThreatResponse.so.sig
		Process	<Tanium Client>/extensions/libTaniumRecorder.so
		Process	<Tanium Client>/extensions/libTaniumRecorder.so.sig
		Process	<Tanium Client>/extensions/recorder/proc.bin
		Process	<Tanium Client>/extensions/recorder/recorder.db
		Process	<Tanium Client>/extensions/recorder/recorder.db-shm
		Process	<Tanium Client>/extensions/recorder/recorder.db-wal
		Process	<Tanium Client>/extensions/recorder/recorder.auditpipe
		Process	<Tanium Client>/extensions/core/libTaniumPythonCx.so
		Process	<Tanium Client>/extensions/core/libTaniumPythonCx.so.sig
		Process	<Tanium Client>/extensions/libTaniumDEC.so
		Process	<Tanium Client>/extensions/libTaniumDEC.so.sig
		Folder	<Tanium Client>/extensions/stream
	¹,²	Process	<Tanium Client>/Downloads/Action_*/surge-collect
	¹,²	File	<Tanium Client>/Downloads/Action_*/surge.dat
	¹	Process	<Tanium Client>/Downloads/Action_/linpmem-.bin
	¹	Process	<Tanium Client>/Downloads/Action_*/taniumfiletransfer
macOS endpoints		Process	<Tanium Client>/TaniumCX
		Process	<Tanium Client>/TaniumSensorDebugger
		Process	<Tanium Client>/Tools/EPI/TaniumExecWrapper
		Process	<Tanium Client>/Tools/IR/TaniumExecWrapper
		Process	<Tanium Client>/Tools/EPI/TaniumEndpointIndex
		Process	<Tanium Client>/Tools/Detect3/TaniumDetectEngine
	7.2.x clients	Process	<Tanium Client>/python27/python
	7.4.x clients	Process	<Tanium Client>/python38/python
		Process	<Tanium Client>/libTaniumClientExtensions.dylib
		Process	<Tanium Client>/libTaniumClientExtensions.dylib.sig
		Process	<Tanium Client>/extensions/libTaniumThreatResponse.dylib
		Process	<Tanium Client>/extensions/libTaniumThreatResponse.dylib.sig
		Process	<Tanium Client>/extensions/libTaniumRecorder.dylib
		Process	<Tanium Client>/extensions/libTaniumRecorder.dylib.sig
		Process	<Tanium Client>/extensions/recorder/proc.bin
		Process	<Tanium Client>/extensions/recorder/recorder.db
		Process	<Tanium Client>/extensions/recorder/recorder.db-shm
		Process	<Tanium Client>/extensions/recorder/recorder.db-wal
		Process	<Tanium Client>/extensions/recorder/recorder.auditpipe
		Process	<Tanium Client>/extensions/core/libTaniumPythonCx.dylib
		Process	<Tanium Client>/extensions/core/libTaniumPythonCx.dylib.sig
		Folder	<Tanium Client>/extensions/stream
		Process	<Tanium Client>/extensions/libTaniumDEC.dylib
		Process	<Tanium Client>/extensions/libTaniumDEC.dylib.sig
		Process	<Tanium Client>/extensions/libSupportCX.dylib
		Process	<Tanium Client>/extensions/libSupportCX.dylib.sig
	¹,²	Process	<Tanium Client>/Downloads/Action_*/surge-collect
	¹,²	File	<Tanium Client>/Downloads/Action_*/surge.dat
	¹	Process	<Tanium Client>/Downloads/Action_*/osxpmem.app/osxpmem
	¹	Process	<Tanium Client>/Downloads/Action_*/taniumfiletransfer
¹ = Where * corresponds to the action ID or the version of linpmem. ² = Exception is required if Volexity Surge is used for memory collection. ³ = TPython requires SHA2 support to allow installation.

Threat Response security exclusions
Target Device	Notes	Exclusion Type	Exclusion
Tanium Zone Server		Process	<Zone Server>\proxy\node.exe
Windows x86 and x64 endpoints		Process	<Tanium Client>\Tools\EPI\TaniumExecWrapper.exe
		Process	<Tanium Client>\Tools\IR\TaniumExecWrapper.exe
		Process	<Tanium Client>\Tools\IR\TanFileInfo.exe
		Process	<Tanium Client>\Tools\IR\TaniumFileInfo.exe
		Process	<Tanium Client>\Tools\IR\TaniumHandle.exe
		Process	<Tanium Client>\Tools\IR\TanListModules.exe
		Process	<Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe
		Process	<Tanium Client>\Tools\recorder\TaniumRecorderCtl.exe
		Process	<Tanium Client>\Tools\Detect3\TaniumDetectEngine.exe
		Process	<Tanium Client>\extensions\TaniumRecorder.dll
		Process	<Tanium Client>\extensions\TaniumRecorder.dll.sig
		Process	<Tanium Client>\extensions\recorder\proc.bin
		Process	<Tanium Client>\extensions\recorder\recorder.db
		Process	<Tanium Client>\extensions\recorder\recorder.db-shm
		Process	<Tanium Client>\extensions\recorder\recorder.db-wal
		Process	<Tanium Client>\extensions\TaniumThreatResponse.dll
		Process	<Tanium Client>\extensions\TaniumThreatResponse.dll.sig
		Process	<Tanium Client>\extensions\core\libTaniumPythonCx.dll
		Process	<Tanium Client>\extensions\core\libTaniumPythonCx.dll.sig
		Process	<Tanium Client>\TaniumClientExtensions.dll
		Process	<Tanium Client>\TaniumClientExtensions.dll.sig
	¹	Process	<Tanium Client>\Downloads\Action_*\TaniumFileTransfer.exe
	¹	Process	<Tanium Client>\Downloads\Action_*\Winpmem.gb414603.exe
		Process	<Tanium Client>\Tools\IR\TaniumPersistenceAnalyzer.exe
		Process	<Tanium Client>\Tools\IR\PowerForensics\PowerForensics.dll
	7.4.x clients	Process	<Tanium Client>\Python38\TPython.exe
	7.4.x clients	Folder	<Tanium Client>\Python38
		Process	<Tanium Client>\TaniumSensorDebugger.exe
		Process	<Tanium Client>\TaniumCX.exe
		Process	<Tanium Client>\extensions\TaniumDEC.dll
		Process	<Tanium Client>\extensions\TaniumDEC.dll.sig
Linux x86 and x64 endpoints		Process	<Tanium Client>/TaniumAuditPipe
		Process	<Tanium Client>/TaniumCX
		Process	<Tanium Client>/TaniumSensorDebugger
		Process	<Tanium Client>/Tools/EPI/TaniumExecWrapper
		Process	<Tanium Client>/Tools/IR/TaniumExecWrapper
		Process	<Tanium Client>/Tools/EPI/TaniumEndpointIndex
		Process	<Tanium Client>/Tools/Detect3/TaniumDetectEngine
	7.4.x clients	Process	<Tanium Client>/python38/python
		Process	<Tanium Client>/libTaniumClientExtensions.so
		Process	<Tanium Client>/libTaniumClientExtensions.so.sig
		Process	<Tanium Client>/extensions/libTaniumThreatResponse.so
		Process	<Tanium Client>/extensions/libTaniumThreatResponse.so.sig
		Process	<Tanium Client>/extensions/libTaniumRecorder.so
		Process	<Tanium Client>/extensions/libTaniumRecorder.so.sig
		Process	<Tanium Client>/extensions/recorder/proc.bin
		Process	<Tanium Client>/extensions/recorder/recorder.db
		Process	<Tanium Client>/extensions/recorder/recorder.db-shm
		Process	<Tanium Client>/extensions/recorder/recorder.db-wal
		Process	<Tanium Client>/extensions/recorder/recorder.auditpipe
		Process	<Tanium Client>/extensions/core/libTaniumPythonCx.so
		Process	<Tanium Client>/extensions/core/libTaniumPythonCx.so.sig
		Process	<Tanium Client>/extensions/libTaniumDEC.so
		Process	<Tanium Client>/extensions/libTaniumDEC.so.sig
	¹,²	Process	<Tanium Client>/Downloads/Action_*/surge-collect
	¹,²	File	<Tanium Client>/Downloads/Action_*/surge.dat
	¹	Process	<Tanium Client>/Downloads/Action_/linpmem-.bin
	¹	Process	<Tanium Client>/Downloads/Action_*/taniumfiletransfer
macOS endpoints		Process	<Tanium Client>/TaniumCX
		Process	<Tanium Client>/TaniumSensorDebugger
		Process	<Tanium Client>/Tools/EPI/TaniumExecWrapper
		Process	<Tanium Client>/Tools/IR/TaniumExecWrapper
		Process	<Tanium Client>/Tools/EPI/TaniumEndpointIndex
		Process	<Tanium Client>/Tools/Detect3/TaniumDetectEngine
	7.4.x clients	Process	<Tanium Client>/python38/python
		Process	<Tanium Client>/libTaniumClientExtensions.dylib
		Process	<Tanium Client>/libTaniumClientExtensions.dylib.sig
		Process	<Tanium Client>/extensions/libTaniumThreatResponse.dylib
		Process	<Tanium Client>/extensions/libTaniumThreatResponse.dylib.sig
		Process	<Tanium Client>/extensions/libTaniumRecorder.dylib
		Process	<Tanium Client>/extensions/libTaniumRecorder.dylib.sig
		Process	<Tanium Client>/extensions/recorder/proc.bin
		Process	<Tanium Client>/extensions/recorder/recorder.db
		Process	<Tanium Client>/extensions/recorder/recorder.db-shm
		Process	<Tanium Client>/extensions/recorder/recorder.db-wal
		Process	<Tanium Client>/extensions/recorder/recorder.auditpipe
		Process	<Tanium Client>/extensions/core/libTaniumPythonCx.dylib
		Process	<Tanium Client>/extensions/core/libTaniumPythonCx.dylib.sig
		Process	<Tanium Client>/extensions/libTaniumDEC.dylib
		Process	<Tanium Client>/extensions/libTaniumDEC.dylib.sig
	¹,²	Process	<Tanium Client>/Downloads/Action_*/surge-collect
	¹,²	File	<Tanium Client>/Downloads/Action_*/surge.dat
	¹	Process	<Tanium Client>/Downloads/Action_*/osxpmem.app/osxpmem
	¹	Process	<Tanium Client>/Downloads/Action_*/taniumfiletransfer
¹ = Where * corresponds to the action ID or the version of linpmem. ² = Exception is required if Volexity Surge is used for memory collection. ³ = TPython requires SHA2 support to allow installation.

Trends

Trends security exclusions
Target Device	Exclusion Type	Exclusion
Module Server	Process	<Module Server>\services\twsm-v1\twsm.exe
	Process	<Module Server>\services\trends\node_modules\@tanium \postgresql\lib\win32\bin\postgres.exe
	Process	<Module Server>\services\trends\node_modules\@tanium \postgresql\lib\win32\bin\pg_ctl.exe

No additional process exclusions are required.