Host system security exclusions

If security software is in use in the environment to monitor and block unknown host system processes, a security administrator must create exclusions to allow the Tanium Client processes to run without interference. Typically, this means configuring the security software to exclude the installation directories of the Tanium Client and (for Windows deployments) Tanium Core Platform servers from real-time inspection. Configuring trusted exclusions also typically involves setting a policy to ignore input and output from Tanium binaries. The configuration of these exclusions varies depending on AV software.

Tanium Core Platform servers do not require host system security exclusions in a Tanium Appliance deployment. Tanium Clients on all operating systems (OSs) require host system security exclusions.

Tanium Client Core Platform folders

The following table lists Tanium Client Core Platform folders that antivirus and other host-based security applications must exclude from real-time scans. Include subfolders of these locations when you create the exception rules. The listed folder paths are the defaults. If you changed the folder locations to non-default paths, create rules based on the actual locations.

 Table 1: Security exclusions for Tanium Client folders
Endpoint OS Installation folder
Windows 32-bit \Program Files\Tanium\Tanium Client
Windows 64-bit \Program Files (x86)\Tanium\Tanium Client
macOS /Library/Tanium/TaniumClient
Linux, Solaris /opt/Tanium/TaniumClient
 Table 1: Security exclusions for Tanium Core Platform folders
Target Device OS Installation folder
¹ Tanium Server Windows 64-bit \Program Files\Tanium\Tanium Server
Tanium Module Server Windows 64-bit \Program Files\Tanium\Tanium Module Server
  \Program Files\Tanium\Tanium Module Postgres
Tanium Zone Server,

Zone Server Hub

Windows 64-bit \Program Files (x86)\Tanium\Tanium ZoneServer
² Tanium Client endpoints Windows 32-bit \Program Files\Tanium\Tanium Client
Windows 64-bit \Program Files (x86)\Tanium\Tanium Client
macOS /Library/Tanium/TaniumClient
Linux, Solaris, AIX /opt/Tanium/TaniumClient
1 You might also have to exclude the Tanium Server Downloads directory if it was moved out of the installation directory using the instructions in the KB article Relocate Downloads Directory.

2 For additional folder exclusions that are required during Tanium Client installation, see Tanium Client Management User Guide: Security exclusions for Client Management.

Tanium Client Core Platform system processes

The following table lists Tanium Client Core Platform system processes that must be allowed (not blocked, quarantined, or otherwise processed). The <Tanium Client> variable indicates the client installation folder. The variables such as <Module Server> indicate the installation folder of the platform servers and Tanium Client.

 Table 2: Security exclusions for Tanium Client processes
Endpoint OS Process
Windows, macOS, Linux <Tanium Client>/Tools/StdUtils folder or all the files that it contains, including:
  • 7za.exe (Windows only)
  • runasuser.exe (Windows only)
  • runasuser64.exe (Windows only)
  • TaniumExecWrapper.exe (Windows) or TaniumExecWrapper (macOS, Linux)
  • TaniumFileInfo.exe (Windows only)
  • TPowerShell.exe (Windows only)
  • distribute-tools.sh (macOS, Linux only)
Windows <Tanium Client>\TaniumClient.exe
<Tanium Client>\TaniumCX.exe
macOS, Linux, Solaris, AIX <Tanium Client>/TaniumClient
<Tanium Client>/taniumclient
<Tanium Client>/TaniumCX
 Table 2: Security exclusions for Tanium Core Platform processes
Target Device OS Process
Tanium Server Windows <Tanium Server>\TaniumReceiver.exe
Tanium Module Server Windows <Module Server>\services\comply-service\utils\7z\7za.exe

<Module Server>\plugins\console\lib\7za.exe

<Module Server>\TaniumModuleServer.exe
<Module Server>\temp\content-management\ContentManagement.exe
<Module Server>\services\tanium-data-service\TaniumDataService.exe
<Module Server>\services\gateway-service\TaniumGatewayService.exe
<Module Server>\services\reporting-service\TaniumReportingService.exe
Tanium Zone Server,

Zone Server Hub

Windows <Zone Server>\TaniumZoneServer.exe
<Zone Server Hub>\TaniumZoneServer.exe
Tanium Client endpoints Windows, macOS, Linux <Tanium Client>/Tools/StdUtils folder or all the files that it contains, including:
  • 7za.exe (Windows only)
  • runasuser.exe (Windows only)
  • runasuser64.exe (Windows only)
  • TaniumExecWrapper.exe (Windows) or TaniumExecWrapper (macOS, Linux)
  • TaniumFileInfo.exe (Windows only)
  • TPowerShell.exe (Windows only)
  • distribute-tools.sh (macOS, Linux only)
Windows <Tanium Client>\TaniumClient.exe
<Tanium Client>\TaniumCX.exe
macOS, Linux, Solaris, AIX <Tanium Client>/TaniumClient
<Tanium Client>/taniumclient
<Tanium Client>/TaniumCX
  • If you use Microsoft Group Policy Objects (GPO) or other central management tools to manage host firewalls, you might need to create rules to allow inbound and outbound TCP traffic across port 17472 and port 17486 on any managed endpoints, including the Tanium Server.
  • If running McAfee Host Intrusion Prevention System (HIPS), mark the Tanium Client as both Trusted for Firewall and Trusted for IPS, per McAfee KB71704.
  • The Tanium Client on Windows uses the Windows Update offline scan file, Wsusscn2.cab, to assess computers for installed or missing OS and application security patches. If your endpoint security solutions scan archive files, refer to the Microsoft KB for information on how to configure those tools to interact appropriately with the Wsusscn2.cab file.

Tanium binary file signer

Some security products base exclusion rules on file signers. Tanium uses an extended validation (EV) code-signing certificate with the following signers for the Tanium-generated binary files of Tanium Core Platform servers, Tanium Clients, and Tanium solutions (modules and shared services). Tanium also uses this certificate to sign VBS and PS1 files within action packages:

 Table 3: Tanium binary file signers
Operating system Signer
Windows Files are signed by:

Subject: jurisdictionC=US/jurisdictionST=Delaware/businessCategory=Private Organization/serialNumber=4332270, C=US, ST=CA, L=Emeryville, O=Tanium Inc., CN=Tanium Inc.

macOS The following Apple developer ID is used to sign and notarize files:

Tanium Inc. (TZTPM3VTUU)

Tanium solution folders

As a rule, Tanium solutions are installed in subdirectories of the Tanium Module Server installation directory. This facilitates any exclusion rules you must create: simply exclude the Module Server installation directory and its subdirectories. This requirement applies only to a Module Server installed on Windows infrastructure.

Tanium solution processes

The following sections list additional processes on the Module Server (Windows infrastructure only) and Tanium Client (all OSs) that you must configure as exclusions in security software to enable Tanium modules and shared services to work.

The following sections use variables (such as <Module Server>) to indicate the installation folder of a Tanium Core Platform server or the Tanium Client.The following sections use the <Tanium Client> variable to indicate the client installation folder.

API Gateway

API Gateway security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\gateway-service\TaniumGatewayService.exe

No additional process exclusions are required.

Asset

Asset security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\asset-service\node.exe
  Process <Module Server>\services\asset-service\[email protected]\postgresql\lib\win32\bin\postgres.exe
  Process <Module Server>\services\asset-service\[email protected]\postgresql\lib\win32\bin\pg_ctl.exe
  Process <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints For integration with Flexera Process <Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe
Process <Tanium Client>\Tools\Asset\TaniumFileEvidence.exe
  Process <Tanium Client>\extensions\TaniumSoftwareManager.dll
  Process <Tanium Client>\extensions\TaniumSoftwareManager.dll.sig
macOS endpoints For integration with Flexera Process

<Tanium Client>/Tools/EPI/TaniumEndpointIndex

Process

<Tanium Client>/Tools/Asset/TaniumFileEvidence

  Process <Tanium Client>/extensions/libTaniumSoftwareManager.dylib
  Process <Tanium Client>/extensions/libTaniumSoftwareManager.dylib.sig
Linux endpoints For integration with Flexera Process

<Tanium Client>/Tools/EPI/TaniumEndpointIndex

Process

<Tanium Client>/Tools/Asset/TaniumFileEvidence

  Process <Tanium Client>/extensions/libTaniumSoftwareManager.so
  Process <Tanium Client>/extensions/libTaniumSoftwareManager.so.sig
Asset security exclusions
Target Device Notes Exclusion Type Exclusion
Windows endpoints For integration with Flexera Process <Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe
Process <Tanium Client>\Tools\Asset\TaniumFileEvidence.exe
  Process <Tanium Client>\extensions\TaniumSoftwareManager.dll
  Process <Tanium Client>\extensions\TaniumSoftwareManager.dll.sig
macOS endpoints For integration with Flexera Process

<Tanium Client>/Tools/EPI/TaniumEndpointIndex

Process

<Tanium Client>/Tools/Asset/TaniumFileEvidence

  Process <Tanium Client>/extensions/libTaniumSoftwareManager.dylib
  Process <Tanium Client>/extensions/libTaniumSoftwareManager.dylib.sig
Linux endpoints For integration with Flexera Process

<Tanium Client>/Tools/EPI/TaniumEndpointIndex

Process

<Tanium Client>/Tools/Asset/TaniumFileEvidence

  Process <Tanium Client>/extensions/libTaniumSoftwareManager.so
  Process <Tanium Client>/extensions/libTaniumSoftwareManager.so.sig

Client Management

 Table 4: Client Management security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\client-management-service\node.exe
  Process <Module Server>\services\twsm-v1\twsm.exe
Windows x86 endpoints During client installation Process \Program Files\Tanium\TaniumClientBootstrap.exe
During client installation Process \Program Files\Tanium\SetupClient.exe
During client installation Process <Tanium Client>\SetupClient.exe
  Process <Tanium Client>\TaniumClientExtensions.dll
  Process <Tanium Client>\TaniumClientExtensions.dll.sig
  Process <Tanium Client>\extensions\TaniumDEC.dll
  Process <Tanium Client>\extensions\TaniumDEC.dll.sig
  Process <Tanium Client>\TaniumCX.exe
Windows x64 endpoints During client installation Process \Program Files (x86)\Tanium\TaniumClientBootstrap.exe
During client installation Process \Program Files (x86)\Tanium\SetupClient.exe
During client installation Process <Tanium Client>\SetupClient.exe
  Process <Tanium Client>\TaniumClientExtensions.dll
  Process <Tanium Client>\TaniumClientExtensions.dll.sig
  Process <Tanium Client>\extensions\TaniumDEC.dll
  Process <Tanium Client>\extensions\TaniumDEC.dll.sig
  Process <Tanium Client>\TaniumCX.exe
macOS endpoints During client installation Process /Library/Tanium/TaniumClientBootstrap
During client installation Process /Library/Tanium/SetupClient
During client installation Process <Tanium Client>/SetupClient
  Process <Tanium Client>/libTaniumClientExtensions.dylib
  Process <Tanium Client>/libTaniumClientExtensions.dylib.sig
  Process <Tanium Client>/extensions/libTaniumDEC.dylib
  Process <Tanium Client>/extensions/libTaniumDEC.dylib.sig
  Process <Tanium Client>/TaniumCX
Linux endpoints During client installation Process /opt/Tanium/TaniumClientBootstrap
During client installation Process /opt/Tanium/SetupClient
During client installation Process <Tanium Client>/SetupClient
  Process <Tanium Client>/libTaniumClientExtensions.so
  Process <Tanium Client>/libTaniumClientExtensions.so.sig
  Process <Tanium Client>/extensions/libTaniumDEC.so
  Process <Tanium Client>/extensions/libTaniumDEC.so.sig
  Process <Tanium Client>/TaniumCX
Solaris and AIX endpoints During client installation Process /opt/Tanium/TaniumClientBootstrap
During client installation Process /opt/Tanium/SetupClient
During client installation Process <Tanium Client>/SetupClient
 Table 4: Client Management security exclusions
Target Device Notes Exclusion Type Exclusion
Windows x86 endpoint   Process <Tanium Client>\TaniumClientExtensions.dll
  Process <Tanium Client>\TaniumClientExtensions.dll.sig
  Process <Tanium Client>\extensions\TaniumDEC.dll
  Process <Tanium Client>\extensions\TaniumDEC.dll.sig
  Process <Tanium Client>\TaniumCX.exe
Windows x64 endpoints   Process <Tanium Client>\TaniumClientExtensions.dll
  Process <Tanium Client>\TaniumClientExtensions.dll.sig
  Process <Tanium Client>\extensions\TaniumDEC.dll
  Process <Tanium Client>\extensions\TaniumDEC.dll.sig
  Process <Tanium Client>\TaniumCX.exe
macOS endpoints   Process <Tanium Client>/libTaniumClientExtensions.dylib
  Process <Tanium Client>/libTaniumClientExtensions.dylib.sig
  Process <Tanium Client>/extensions/libTaniumDEC.dylib
  Process <Tanium Client>/extensions/libTaniumDEC.dylib.sig
  Process <Tanium Client>/TaniumCX
Linux endpoints   Process <Tanium Client>/libTaniumClientExtensions.so
  Process <Tanium Client>/libTaniumClientExtensions.so.sig
  Process <Tanium Client>/extensions/libTaniumDEC.so
  Process <Tanium Client>/extensions/libTaniumDEC.so.sig
  Process <Tanium Client>/TaniumCX

Comply

Comply security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\comply-service\node.exe
  Process <Module Server>\services\comply-service\node_modules\ovalindex\build\bin\ovalindex.exe
Windows endpoints   Process <Tanium Client>\Tools\Comply\TaniumExecWrapper.exe
Environments where Java encryption is disabled Process <Tanium Client>\Tools\Comply\jre\bin\java.exe
Environments where Java encryption is enabled Process <Tanium Client>\Downloads\Action_*\jre\bin\java.exe
  Process <Tanium Client>\Tools\Comply\7za.exe
Linux/macOS/AIX endpoints   Process <Tanium Client>/Tools/Comply/TaniumExecWrapper
Environments where Java encryption is disabled Process <Tanium Client>/Tools/Comply/jre/bin/java
Environments where Java encryption is enabled Process <Tanium Client>/Downloads/Action_*/jre/bin/java
  Process <Tanium Client>/Tools/Comply/7za
  Process <Tanium Client>/Tools/Comply/xsltproc
Tanium scan engine   Process <Tanium Client>/Tools/Comply/joval/Joval-Utilities.jar
CIS-CAT engine   Process <Tanium Client>/Tools/Comply/cis-cat/CIS-CAT.jar
Linux only Process <Tanium Client>/Tools/Comply/cis-cat/CIS-CAT.sh
Windows only Process <Tanium Client>/Tools/Comply/cis-cat/CIS-CAT.BAT
SCC engine - Windows endpoints   Process <Tanium Client>\Tools\Comply\scc\cscc.exe
  Process <Tanium Client>\Tools\Comply\scc\cscc32.exe
  Process <Tanium Client>\Tools\Comply\scc\cscc64.exe
  Process <Tanium Client>\Tools\Comply\scc\scc.exe
  Process <Tanium Client>\Tools\Comply\scc\scc32.exe
  Process <Tanium Client>\Tools\Comply\scc\scc64.exe
SCC engine - Linux/macOS endpoints   Process <Tanium Client>/Tools/Comply/scc/cscc
  Process <Tanium Client>/Tools/Comply/scc/cscc.bin
  Process <Tanium Client>/Tools/Comply/scc/scc
  Process <Tanium Client>/Tools/Comply/scc/scc.bin
Comply security exclusions
Target Device Notes Exclusion Type Exclusion
Windows endpoints   Process <Tanium Client>\Tools\Comply\TaniumExecWrapper.exe
Environments where Java encryption is disabled Process <Tanium Client>\Tools\Comply\jre\bin\java.exe
Environments where Java encryption is enabled Process <Tanium Client>\Downloads\Action_*\jre\bin\java.exe
  Process <Tanium Client>\Tools\Comply\7za.exe
Linux/macOS endpoints   Process <Tanium Client>/Tools/Comply/TaniumExecWrapper
Environments where Java encryption is disabled Process <Tanium Client>/Tools/Comply/jre/bin/java
Environments where Java encryption is enabled Process <Tanium Client>/Downloads/Action_*/jre/bin/java
  Process <Tanium Client>/Tools/Comply/7za
  Process <Tanium Client>/Tools/Comply/xsltproc
Tanium Scan Engine   Process <Tanium Client>/Tools/Comply/joval/Joval4Tanium.jar
  Process <Tanium Client>/Tools/Comply/joval/Joval-Utilities.jar
CIS-CAT engine   Process <Tanium Client>/Tools/Comply/cis-cat/CIS-CAT.jar
Linux only Process <Tanium Client>/Tools/Comply/cis-cat/CIS-CAT.sh
Windows only Process <Tanium Client>/Tools/Comply/cis-cat/CIS-CAT.BAT
SCC engine - Windows endpoints   Process <Tanium Client>\Tools\Comply\scc\cscc.exe
  Process <Tanium Client>\Tools\Comply\scc\cscc32.exe
  Process <Tanium Client>\Tools\Comply\scc\cscc64.exe
  Process <Tanium Client>\Tools\Comply\scc\scc.exe
  Process <Tanium Client>\Tools\Comply\scc\scc32.exe
  Process <Tanium Client>\Tools\Comply\scc\scc64.exe
SCC engine - Linux/macOS endpoints   Process <Tanium Client>/Tools/Comply/scc/cscc
  Process <Tanium Client>/Tools/Comply/scc/cscc.bin
  Process <Tanium Client>/Tools/Comply/scc/scc
  Process <Tanium Client>/Tools/Comply/scc/scc.bin

Connect

Connect security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\connect-service\node.exe

No additional process exclusions are required.

Deploy

For Windows endpoints, review and follow the Microsoft antivirus security exclusion recommendations for enterprise computers. For more information, see Microsoft Support: Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows (KB822158).

Deploy security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\deploy-service\node.exe
Required when Endpoint Configuration is installed Process <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints Required only for the Microsoft Windows 10 Upgrade packages Folder C:\Deploy\Tanium
  Process <Tanium Client>\Python27\TPython.exe
7.4.x clients Process <Tanium Client>\Python38\TPython.exe
7.4.x clients Folder <Tanium Client>\Python38
  Process <Tanium Client>\Tools\Deploy\7za.exe
  Process <Tanium Client>\Tools\SoftwareManagement\7za.exe
  Process <Tanium Client>\TaniumCX.exe
  Process <Tanium Client>\extensions\TaniumSoftwareManager.dll
  Process <Tanium Client>\extensions\TaniumSoftwareManager.dll.sig
  Folder %programdata%\Tanium
Linux endpoints   Process <Tanium Client>/python27/bin/pybin
7.2.x clients Process <Tanium Client>/python27/pybin
7.4.x clients Process <Tanium Client>/python38/python
  Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/Tools/SoftwareManagement/data/software-management.db
  Process <Tanium Client>/Tools/SoftwareManagement/data/software-management.db-wal
  Process <Tanium Client>/Tools/SoftwareManagement/data/software-management.dc-shm
  Process <Tanium Client>/extensions/libTaniumSoftwareManager.so
  Process <Tanium Client>/extensions/libTaniumSoftwareManager.so.sig
macOS endpoints   Process <Tanium Client>/python27/bin/pybin
7.2.x clients Process <Tanium Client>/python27/pybin
7.4.x clients Process <Tanium Client>/python38/python
  Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/extensions/libTaniumSoftwareManager.dylib
  Process <Tanium Client>/extensions/libTaniumSoftwareManager.dylib.sig
Deploy security exclusions
Target Device Notes Exclusion Type Exclusion
Windows endpoints Required only for the Microsoft Windows 10 Upgrade packages Folder C:\Deploy\Tanium
  Process <Tanium Client>\Python27\TPython.exe
7.4.x clients Process <Tanium Client>\Python38\TPython.exe
7.4.x clients Folder <Tanium Client>\Python38
  Process <Tanium Client>\Tools\Deploy\7za.exe
  Process <Tanium Client>\Tools\SoftwareManagement\7za.exe
  Process <Tanium Client>\TaniumCX.exe
  Process <Tanium Client>\extensions\TaniumSoftwareManager.dll
  Process <Tanium Client>\extensions\TaniumSoftwareManager.dll.sig
  Folder %programdata%\Tanium
Linux endpoints   Process <Tanium Client>/python27/bin/pybin
7.4.x clients Process <Tanium Client>/python38/python
  Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/Tools/SoftwareManagement/data/software-management.db
  Process <Tanium Client>/Tools/SoftwareManagement/data/software-management.db-wal
  Process <Tanium Client>/Tools/SoftwareManagement/data/software-management.dc-shm
  Process <Tanium Client>/extensions/libTaniumSoftwareManager.so
  Process <Tanium Client>/extensions/libTaniumSoftwareManager.so.sig
macOS endpoints   Process <Tanium Client>/python27/bin/pybin
7.4.x clients Process <Tanium Client>/python38/python
  Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/extensions/libTaniumSoftwareManager.dylib
  Process <Tanium Client>/extensions/libTaniumSoftwareManager.dylib.sig

Direct Connect

Direct Connect security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\direct-connect-service\TaniumDirectConnectService.exe
  Process <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Zone Server   Process <Tanium Installation Directory>\Tanium Direct Connect Zone Proxy\node.exe
Windows endpoints   Process <Tanium Client>\TaniumClientExtensions.dll
  Process <Tanium Client>\TaniumClientExtensions.dll.sig
  Process <Tanium Client>\extensions\TaniumDEC.dll
  Process <Tanium Client>\extensions\TaniumDEC.dll.sig
7.2.x clients; requires SHA2 support to allow installation Process <Tanium Client>\Python27\TPython.exe
7.4.x clients; requires SHA2 support to allow installation Process <Tanium Client>\Python38\TPython.exe
  Process <Tanium Client>\TaniumCX.exe
7.4.x clients Folder <Tanium Client>\Python38
macOS endpoints   Process <Tanium Client>/libTaniumClientExtensions.dylib
  Process <Tanium Client>/libTaniumClientExtensions.dylib.sig
  Process <Tanium Client>/extensions/libTaniumDEC.dylib
  Process <Tanium Client>/extensions/libTaniumDEC.dylib.sig
7.2.x clients Process <Tanium Client>/python27/bin/pybin
7.4.x clients Process <Tanium Client>/python38/bin/pybin
  Process <Tanium Client>/TaniumCX
Linux endpoints   Process <Tanium Client>/libTaniumClientExtensions.so
  Process <Tanium Client>/libTaniumClientExtensions.so.sig
  Process <Tanium Client>/extensions/libTaniumDEC.so
  Process <Tanium Client>/extensions/libTaniumDEC.so.sig
7.2.x clients Process <Tanium Client>/python27/bin/pybin
7.4.x clients Process <Tanium Client>/python38/bin/pybin
  Process <Tanium Client>/TaniumCX
Direct Connect security exclusions
Target Device Notes Exclusion Type Exclusion
Windows endpoints   Process <Tanium Client>\TaniumClientExtensions.dll
  Process <Tanium Client>\TaniumClientExtensions.dll.sig
  Process <Tanium Client>\extensions\TaniumDEC.dll
  Process <Tanium Client>\extensions\TaniumDEC.dll.sig

Requires SHA2 support to allow installation

Process <Tanium Client>\Python38\TPython.exe
  Process <Tanium Client>\TaniumCX.exe
  Folder <Tanium Client>\Python38
macOS endpoints   Process <Tanium Client>/libTaniumClientExtensions.dylib
  Process <Tanium Client>/libTaniumClientExtensions.dylib.sig
  Process <Tanium Client>/extensions/libTaniumDEC.dylib
  Process <Tanium Client>/extensions/libTaniumDEC.dylib.sig
  Process <Tanium Client>/python38/bin/pybin
  Process <Tanium Client>/TaniumCX
Linux endpoints   Process <Tanium Client>/libTaniumClientExtensions.so
  Process <Tanium Client>/libTaniumClientExtensions.so.sig
  Process <Tanium Client>/extensions/libTaniumDEC.so
  Process <Tanium Client>/extensions/libTaniumDEC.so.sig
  Process <Tanium Client>/python38/bin/pybin
  Process <Tanium Client>/TaniumCX

Discover

Discover security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server Process <Module Server>\services\discover-service\node.exe
Process <Module Server>\plugins\content\discover-proxy\proxyplugin.exe
Process <Module Server>\services\twsm-v1\twsm.exe
Process <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints   Process <Tanium Client>\TaniumCX.exe
  Process <Tanium Client>\TaniumClientExtensions.dll
  Process <Tanium Client>\TaniumClientExtensions.dll.sig
(Distributed level 3, distributed level 4, and satellite profiles only) Folder C:\Program Files\Npcap
(Distributed level 3, distributed level 4, and satellite profiles only) Process <Tanium Client>\Tools\Discover\nmap\nmap.exe
(Satellite profiles only) Process <Tanium Client>\extensions\TaniumDEC.dll
(Satellite profiles only) Process <Tanium Client>\extensions\TaniumDEC.dll.sig
(Satellite profiles only) Process <Tanium Client>\extensions\TaniumDiscover.dll
(Satellite profiles only) Process <Tanium Client>\extensions\TaniumDiscover.dll.sig
(Satellite profiles only) Process <Tanium Client>\extensions\TaniumExtras.dll
(Satellite profiles only) Process <Tanium Client>\extensions\TaniumExtrasDiscover.dll.sig
7.2.x clients1 Process <Tanium Client>\python27\TPython.exe
7.4.x clients1 Process <Tanium Client>\python38\TPython.exe
7.4.x clients Folder <Tanium Client>\python38
Linux endpoints   Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/libTaniumClientExtensions.so
  Process <Tanium Client>/libTaniumClientExtensions.so.sig
(Distributed level 3, distributed level 4, and satellite profiles only) Process <Tanium Client>/Tools/Discover/nmap/nmap
(Satellite profiles only) Process

<Tanium Client>/extensions/libTaniumDEC.so

(Satellite profiles only) Process <Tanium Client>/extensions/libTaniumDEC.so.sig
(Satellite profiles only) Process <Tanium Client>/extensions/libTaniumDiscover.so
(Satellite profiles only) Process <Tanium Client>/extensions/libTaniumDiscover.so.sig
(Satellite profiles only) Process <Tanium Client>/extensions/libTaniumExtras.so
(Satellite profiles only) Process <Tanium Client>/extensions/libTaniumExtras.so.sig
7.2.x clients Process <Tanium Client>/python27/python
7.4.x clients Process <Tanium Client>/python38/python
macOS endpoints   Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/libTaniumClientExtensions.dylib
  Process <Tanium Client>/libTaniumClientExtensions.dylib.sig
(Distributed level 3, distributed level 4, and satellite profiles only) Process <Tanium Client>/Tools/Discover/nmap/nmap
(Satellite profiles only) Process

<Tanium Client>/extensions/libTaniumDEC.dylib

(Satellite profiles only) Process <Tanium Client>/extensions/libTaniumDEC.dylib.sig
(Satellite profiles only) Process <Tanium Client>/extensions/libTaniumDiscover.dylib
(Satellite profiles only) Process <Tanium Client>/extensions/libTaniumDiscover.dylib.sig
(Satellite profiles only) Process <Tanium Client>/extensions/libTaniumExtras.dylib
(Satellite profiles only) Process <Tanium Client>/extensions/libTaniumExtras.dylib.sig
7.2.x clients Process <Tanium Client>/python27/python
7.4.x clients Process <Tanium Client>/python38/python
1 = TPython requires SHA2 support to allow installation.
Discover security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server Process <Module Server>\services\discover-service\node.exe
Process <Module Server>\plugins\content\discover-proxy\proxyplugin.exe
Process <Module Server>\services\twsm-v1\twsm.exe
Process <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints Process <Tanium Client>\TaniumCX.exe
Process <Tanium Client>\TaniumClientExtensions.dll
Process <Tanium Client>\TaniumClientExtensions.dll.sig
(Distributed level 3, distributed level 4, and satellite profiles only) Folder C:\Program Files\Npcap
(Distributed level 3, distributed level 4, and satellite profiles only) Process <Tanium Client>\Tools\Discover\nmap\nmap.exe
(Satellite profiles only) Process <Tanium Client>\extensions\TaniumDEC.dll
(Satellite profiles only) Process <Tanium Client>\extensions\TaniumDEC.dll.sig
(Satellite profiles only) Process <Tanium Client>\extensions\TaniumDiscover.dll
(Satellite profiles only) Process <Tanium Client>\extensions\TaniumDiscover.dll.sig
(Satellite profiles only) Process <Tanium Client>\extensions\TaniumExtras.dll
(Satellite profiles only) Process <Tanium Client>\extensions\TaniumExtrasDiscover.dll.sig
7.2.x clients1 Process <Tanium Client>\python27\TPython.exe
7.4.x clients1 Process <Tanium Client>\python38\TPython.exe
7.4.x clients Folder <Tanium Client>\python38
Linux endpoints Process

<Tanium Client>/TaniumCX

Process <Tanium Client>/libTaniumClientExtensions.so
Process <Tanium Client>/libTaniumClientExtensions.so.sig
(Distributed level 3, distributed level 4, and satellite profiles only) Process <Tanium Client>/Tools/Discover/nmap/nmap
(Satellite profiles only) Process

<Tanium Client>/extensions/libTaniumDEC.so

(Satellite profiles only) Process <Tanium Client>/extensions/libTaniumDEC.so.sig
(Satellite profiles only) Process <Tanium Client>/extensions/libTaniumDiscover.so
(Satellite profiles only) Process <Tanium Client>/extensions/libTaniumDiscover.so.sig
(Satellite profiles only) Process <Tanium Client>/extensions/libTaniumExtras.so
(Satellite profiles only) Process <Tanium Client>/extensions/libTaniumExtras.so.sig
7.2.x clients Process <Tanium Client>/python27/python
7.4.x clients Process <Tanium Client>/python38/python
macOS endpoints Process <Tanium Client>/TaniumCX
Process <Tanium Client>/libTaniumClientExtensions.dylib
Process <Tanium Client>/libTaniumClientExtensions.dylib.sig
(Distributed level 3, distributed level 4, and satellite profiles only) Process <Tanium Client>/Tools/Discover/nmap/nmap
(Satellite profiles only) Process

<Tanium Client>/extensions/libTaniumDEC.dylib

(Satellite profiles only) Process <Tanium Client>/extensions/libTaniumDEC.dylib.sig
(Satellite profiles only) Process <Tanium Client>/extensions/libTaniumDiscover.dylib
(Satellite profiles only) Process <Tanium Client>/extensions/libTaniumDiscover.dylib.sig
(Satellite profiles only) Process <Tanium Client>/extensions/libTaniumExtras.dylib
(Satellite profiles only) Process <Tanium Client>/extensions/libTaniumExtras.dylib.sig
7.2.x clients Process <Tanium Client>/python27/python
7.4.x clients Process <Tanium Client>/python38/python
1 = TPython requires SHA2 support to allow installation.

Endpoint Configuration

No additional process exclusions are required.

Endpoint Configuration security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe

End-User Notifications

End-User Notifications security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server Required when Endpoint Configuration is installed Process <Module Server>\interdependence-configuration-service\TaniumEndpointConfigService.exe
  Process <Module Server>\services\end-user-notifications-service\node.exe
  Process <Module Server>\services\twsm-v1\twsm.exe
Windows endpoints 7.2.x clients Process <Tanium Client>\Python27\TPython.exe
7.4.x clients Process <Tanium Client>\Python38\TPython.exe
64-bit OS versions Process %programfiles(x86)%\Tanium\Tanium End User Notification Tools\UserSessionProxy.exe
32-bit OS versions Process %programfiles%\Tanium\Tanium End User Notification Tools\UserSessionProxy.exe
64-bit OS versions Process %programfiles(x86)%\Tanium\Tanium End User Notification Tools\bin\end-user-notifications.exe
32-bit OS versions Process %programfiles%\Tanium\Tanium End User Notification Tools\bin\end-user-notifications.exe
exclude from on-access or real-time scans (64-bit OS versions) Folder %programfiles(x86)%\Tanium\Tanium End User Notification Tools
exclude from on-access or real-time scans (32-bit OS versions) Folder %programfiles%\Tanium\Tanium End User Notification Tools
  Folder %programdata%\Tanium
macOS endpoints 7.2.x clients Process <Tanium Client>/python27/bin/pybin
7.4.x clients Process <Tanium Client>/python38/bin/pybin
  Process /Library/Tanium/EndUserNotifications/bin/end-user-notifications.app
  Folder /Library/Tanium/EndUserNotifications
End-User Notifications security exclusions
Target Device Notes Exclusion Type Exclusion
Windows endpoints 7.4.x clients Process <Tanium Client>\Python38\TPython.exe
64-bit OS versions Process %programfiles(x86)%\Tanium\Tanium End User Notification Tools\UserSessionProxy.exe
32-bit OS versions Process %programfiles%\Tanium\Tanium End User Notification Tools\UserSessionProxy.exe
64-bit OS versions Process %programfiles(x86)%\Tanium\Tanium End User Notification Tools\bin\end-user-notifications.exe
32-bit OS versions Process %programfiles%\Tanium\Tanium End User Notification Tools\bin\end-user-notifications.exe
exclude from on-access or real-time scans (64-bit OS versions) Folder %programfiles(x86)%\Tanium\Tanium End User Notification Tools
exclude from on-access or real-time scans (32-bit OS versions) Folder %programfiles%\Tanium\Tanium End User Notification Tools
  Folder %programdata%\Tanium
macOS endpoints 7.4.x clients Process <Tanium Client>/python38/bin/pybin
  Process /Library/Tanium/EndUserNotifications/bin/end-user-notifications.app
  Folder /Library/Tanium/EndUserNotifications

Enforce

Enforce security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\enforce-service\7za.exe
  Process <Module Server>\services\enforce-service\node.exe
Windows x86 endpoints   File %SystemRoot%\System32\GroupPolicy\Machine\registry.pol
  Process <Tanium Client>\Tools\StdUtils\7za.exe
  Process <Tanium Client>\Tools\Enforce\devcon32.exe
  Process <Tanium Client>\Tools\Enforce\LocalPolicyTool.exe
7.2.x clients Process <Tanium Client>\Python27\TPython.exe
7.4.x clients Process <Tanium Client>\Python38\TPython.exe
7.4.x clients Folder <Tanium Client>\Python38
  Process <Tanium Client>\TaniumCX.exe
Windows x64 endpoints   File %SystemRoot%\System32\GroupPolicy\Machine\registry.pol
  Process <Tanium Client>\Tools\StdUtils\7za.exe
  Process <Tanium Client>\Tools\Enforce\devcon64.exe
  Process <Tanium Client>\Tools\Enforce\LocalPolicyTool.exe
7.2.x clients Process <Tanium Client>\Python27\TPython.exe
7.4.x clients Process <Tanium Client>\Python38\TPython.exe
7.4.x clients Folder <Tanium Client>\Python38
  Process <Tanium Client>\TaniumCX.exe
macOS and Linux x86 and x64 endpoints 7.2.x clients Process <Tanium Client>/python27/python
  Process <Tanium Client>/python27/bin/pybin
7.4.x clients Process <Tanium Client>/python38/python
  Process <Tanium Client>/python38/bin/pybin
  Process <Tanium Client>/TaniumCX

Health Check

Health Check security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\health-service\node.exe
  Process <Module Server>\services\health-service\twsm.exe

Impact

Impact security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\impact-service\TaniumImpactService.exe
  Process <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints   Process <Tanium Client>\Python38\TPython.exe
  Folder <Tanium Client>\Python38
Impact security exclusions
Target Device Notes Exclusion Type Exclusion
Windows endpoints   Process <Tanium Client>\Python38\TPython.exe
  Folder <Tanium Client>\Python38

Integrity Monitor

Integrity Monitor security exclusions
Target Device Notes Exclusion Type Process
Tanium Module Server   Process <Module Server>\services\integrity-monitor-service\node.exe
  Process <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Tanium Zone Server   Process <Zone Server>\proxy\node.exe
Windows x86 and x64 endpoints   Process <Tanium Client>\Tools\EPI\TaniumExecWrapper.exe
  Process <Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe
  Process <Tanium Client>\Tools\IM\TaniumSQLiteQuery.exe
  Process <Tanium Client>\Tools\IM\TaniumExecWrapper.exe
  Process <Tanium Client>\extensions\TaniumRecorder.dll
  Process <Tanium Client>\extensions\TaniumRecorder.dll.sig
  Process <Tanium Client>\extensions\recorder\proc.bin
  Process <Tanium Client>\extensions\recorder\recorder.db
  Process <Tanium Client>\extensions\recorder\recorder.db-shm
  Process <Tanium Client>\extensions\recorder\recorder.db-wal
  Process <Tanium Client>\extensions\core\libTaniumPythonCx.dll
  Process <Tanium Client>\extensions\core\libTaniumPythonCx.dll.sig
  Process <Tanium Client>\TaniumClientExtensions.dll
  Process <Tanium Client>\TaniumClientExtensions.dll.sig
7.2.x clients Process <Tanium Client>\Python27\TPython.exe
7.4.x clients Process <Tanium Client>\Python38\TPython.exe
7.4.x clients Folder <Tanium Client>\Python38
  Process <Tanium Client>\TaniumCX.exe
Linux x86 and x64 endpoints   Process <Tanium Client>/TaniumAuditPipe
  Process <Tanium Client>/Tools/Trace/recorder
  Process <Tanium Client>/Tools/EPI/TaniumEndpointIndex
  Process <Tanium Client>/Tools/EPI/TaniumExecWrapper
  Process <Tanium Client>/Tools/IM/TaniumExecWrapper
7.2.x clients Process <Tanium Client>/python27/python
7.2.x clients Process <Tanium Client>/python27/bin/pybin
7.4.x clients Process <Tanium Client>/python38/python
  Process <Tanium Client>/libTaniumClientExtensions.so
  Process <Tanium Client>/libTaniumClientExtensions.so.sig
  Process <Tanium Client>/extensions/recorder/proc.bin
  Process <Tanium Client>/extensions/recorder/recorder.db
  Process <Tanium Client>/extensions/recorder/recorder.db-shm
  Process <Tanium Client>/extensions/recorder/recorder.db-wal
  Process <Tanium Client>/extensions/recorder/recorder.auditpipe
  Process <Tanium Client>/extensions/core/libTaniumPythonCx.so
  Process <Tanium Client>/extensions/core/libTaniumPythonCx.so.sig
  Process <Tanium Client>/TaniumCX
Integrity Monitor security exclusions
Target Device Notes Exclusion Type Process
Windows x86 and x64 endpoints   Process <Tanium Client>\Tools\EPI\TaniumExecWrapper.exe
  Process <Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe
  Process <Tanium Client>\Tools\IM\TaniumSQLiteQuery.exe
  Process <Tanium Client>\Tools\IM\TaniumExecWrapper.exe
  Process <Tanium Client>\extensions\TaniumRecorder.dll
  Process <Tanium Client>\extensions\TaniumRecorder.dll.sig
  Process <Tanium Client>\extensions\recorder\proc.bin
  Process <Tanium Client>\extensions\recorder\recorder.db
  Process <Tanium Client>\extensions\recorder\recorder.db-shm
  Process <Tanium Client>\extensions\recorder\recorder.db-wal
  Process <Tanium Client>\extensions\core\libTaniumPythonCx.dll
  Process <Tanium Client>\extensions\core\libTaniumPythonCx.dll.sig
  Process <Tanium Client>\TaniumClientExtensions.dll
  Process <Tanium Client>\TaniumClientExtensions.dll.sig
7.4.x clients Process <Tanium Client>\Python38\TPython.exe
7.4.x clients Folder <Tanium Client>\Python38
  Process <Tanium Client>\TaniumCX.exe
Linux x86 and x64 endpoints   Process <Tanium Client>/TaniumAuditPipe
  Process <Tanium Client>/Tools/Trace/recorder
  Process <Tanium Client>/Tools/EPI/TaniumEndpointIndex
  Process <Tanium Client>/Tools/EPI/TaniumExecWrapper
  Process <Tanium Client>/Tools/IM/TaniumExecWrapper
7.4.x clients Process <Tanium Client>/python38/python
  Process <Tanium Client>/libTaniumClientExtensions.so
  Process <Tanium Client>/libTaniumClientExtensions.so.sig
  Process <Tanium Client>/extensions/recorder/proc.bin
  Process <Tanium Client>/extensions/recorder/recorder.db
  Process <Tanium Client>/extensions/recorder/recorder.db-shm
  Process <Tanium Client>/extensions/recorder/recorder.db-wal
  Process <Tanium Client>/extensions/recorder/recorder.auditpipe
  Process <Tanium Client>/extensions/core/libTaniumPythonCx.so
  Process <Tanium Client>/extensions/core/libTaniumPythonCx.so.sig
  Process <Tanium Client>/TaniumCX

Map

Map security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\map-service\node.exe
    Process <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
    Process <Module Server>\services\map-service\[email protected]\postgresql\lib\win32\bin\postgres.exe
    Process <Module Server>\services\map-service\[email protected]\postgresql\lib\win32\bin\pg_ctl.exe
Windows endpoints 7.2.x clients Process <Tanium Client>\Python27\TPython.exe
7.4.x clients Process <Tanium Client>\Python38\TPython.exe
7.4.x clients Folder <Tanium Client>\Python38
  Process <Tanium Client>\TaniumCX.exe
macOS endpoints   Process <Tanium Client>/TaniumCX
 Linux endpoints 7.2.x clients Process <Tanium Client>/python27/bin/pybin
7.4.x clients Process

<Tanium Client>/python38/python

  Process <Tanium Client>/TaniumCX

 

Map security exclusions
Target Device Notes Exclusion Type Process
Windows endpoints 7.4.x clients Process <Tanium Client>\Python38\TPython.exe
7.4.x clients Folder <Tanium Client>\Python38\
  Process <Tanium Client>\TaniumCX.exe
macOS endpoints   Process <Tanium Client>/TaniumCX
Linux endpoints 7.4.x clients Process

<Tanium Client>/python38/python

  Folder <Tanium Client>/TaniumCX

Patch

For Windows endpoints, review and follow the Microsoft antivirus security exclusion recommendations for enterprise computers. For more information, see Microsoft Support: Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows (KB822158).

Patch security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\patch-service\node.exe
required when Endpoint Configuration is installed Process <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints   Process <Tanium Client>\Patch\tanium-patch.min.vbs
  Process <Tanium Client>\Patch\scans\Wsusscn2.cab
  Process <Tanium Client>\Patch\tools\active-user-sessions.exe
  Process <Tanium Client>\Patch\tools\run-patch-manager.min.vbs
  Process <Tanium Client>\Patch\tools\TaniumExecWrapper.exe
  Process <Tanium Client>\Patch\tools\TaniumFileInfo.exe
  Process <Tanium Client>\Patch\tools\TaniumUpdateSearcher.exe
7.2.x clients Process <Tanium Client>\Python27\TPython.exe
7.2.x clients Folder <Tanium Client>\Python27
7.4.x clients Process <Tanium Client>\Python38\TPython.exe
7.4.x clients Folder <Tanium Client>\Python38
  Process <Tanium Client>\TaniumCX.exe
  Process <Tanium Client>\Tools\Patch\7za.exe
  Process <Tanium Client>\Tools\Patch\TaniumExecWrapper.exe
  Process <Tanium Client>\extensions\TaniumSoftwareManager.dll
  Process <Tanium Client>\extensions\TaniumSoftwareManager.dll.sig
exclude from on-access or real-time scans Folder <Tanium Client>
Linux endpoints 7.2.x clients Process <Tanium Client>/python27/bin/pybin
7.2.x clients Process <Tanium Client>/python27/python
7.4.x clients Process <Tanium Client>/python38/bin/pybin
7.4.x clients Process <Tanium Client>/python38/python
  Process <Tanium Client>/Tools/Patch/TaniumExecWrapper
  Process <Tanium Client>/extensions/libTaniumSoftwareManager.so
  Process <Tanium Client>/extensions/libTaniumSoftwareManager.so.sig
macOS endpoints 7.2.x clients Process <Tanium Client>/python27/bin/pybin
7.2.x clients Process <Tanium Client>/python27/python
7.4.x clients Process <Tanium Client>/python38/bin/pybin
7.4.x clients Process <Tanium Client>/python38/python
  Process <Tanium Client>/Tools/Patch/TaniumExecWrapper
  Process <Tanium Client>/extensions/libTaniumSoftwareManager.dylib
  Process <Tanium Client>/extensions/libTaniumSoftwareManager.dylib.sig
Patch security exclusions
Target device Notes Exclusion Type Exclusion
Windows endpoints   Process <Tanium Client>\Patch\tanium-patch.min.vbs
  Process <Tanium Client>\Patch\scans\Wsusscn2.cab
  Process <Tanium Client>\Patch\tools\active-user-sessions.exe
  Process <Tanium Client>\Patch\tools\run-patch-manager.min.vbs
  Process <Tanium Client>\Patch\tools\TaniumExecWrapper.exe
  Process <Tanium Client>\Patch\tools\TaniumFileInfo.exe
  Process <Tanium Client>\Patch\tools\TaniumUpdateSearcher.exe
7.4.x clients Process <Tanium Client>\Python38\TPython.exe
7.4.x clients Folder <Tanium Client>\Python38
  Process <Tanium Client>\TaniumCX.exe
  Process <Tanium Client>\Tools\Patch\7za.exe
  Process <Tanium Client>\Tools\Patch\TaniumExecWrapper.exe
  Process <Tanium Client>\extensions\TaniumSoftwareManager.dll
  Process <Tanium Client>\extensions\TaniumSoftwareManager.dll.sig
exclude from on-access or real-time scans Folder <Tanium Client>
Linux endpoints 7.4.x clients Process <Tanium Client>/python38/bin/pybin
7.4.x clients Process <Tanium Client>/python38/python
  Process <Tanium Client>/Tools/Patch/TaniumExecWrapper
  Process <Tanium Client>/extensions/libTaniumSoftwareManager.so
  Process <Tanium Client>/extensions/libTaniumSoftwareManager.so.sig
macOS endpoints 7.4.x clients Process <Tanium Client>/python38/bin/pybin
7.4.x clients Process <Tanium Client>/python38/python
  Process <Tanium Client>/Tools/Patch/TaniumExecWrapper
  Process <Tanium Client>/extensions/libTaniumSoftwareManager.dylib
  Process <Tanium Client>/extensions/libTaniumSoftwareManager.dylib.sig

Performance

Performance security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\performance\node.exe
  Process <Module Server>\services\event-service\twsm.exe
  Process <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows (x86 and x64) endpoints   Process <Tanium Client>\TaniumClientExtensions.dll
  Process <Tanium Client>\TaniumClientExtensions.dll.sig
  Process <Tanium Client>\extensions\TaniumPerformance.dll
  Process <Tanium Client>\extensions\TaniumPerformance.dll.sig
  Process <Tanium Client>\Tools\Performance\TaniumTSDB.exe
7.2.x clients1 Process <Tanium Client>\Python27\TPython.exe
7.4.x clients1 Process <Tanium Client>\Python38\TPython.exe
7.4.x clients Folder <Tanium Client>\Python38
  Process <Tanium Client>\TaniumCX.exe
Linux (x86 and x64) endpoints   Process <Tanium Client>/libTaniumClientExtensions.so
  Process <Tanium Client>/libTaniumClientExtensions.so.sig
  Process <Tanium Client>/extensions/libTaniumPerformance.so
  Process <Tanium Client>/extensions/libTaniumPerformance.so.sig
  Process <Tanium Client>/Tools/Performance/TaniumTSDB
7.2.x clients Process <Tanium Client>/python27/bin/pybin
7.4.x clients Process <Tanium Client>/python38/bin/pybin
  Process <Tanium Client>/TaniumCX
macOS endpoints   Process <Tanium Client>/libTaniumClientExtensions.dylib
  Process <Tanium Client>/libTaniumClientExtensions.dylib.sig
  Process <Tanium Client>/extensions/libTaniumPerformance.dylib
  Process <Tanium Client>/extensions/libTaniumPerformance.dylib.sig
  Process <Tanium Client>/Tools/Performance/TaniumTSDB
7.2.x clients Process <Tanium Client>/python27/bin/pybin
7.4.x client Process <Tanium Client>/python38/bin/pybin
  Process <Tanium Client>/TaniumCX
1 = TPython requires SHA2 support to allow installation.
Performance security exclusions
Target Device Notes Exclusion Type Exclusion
Windows (x86 and x64) endpoints   Process <Tanium Client>\TaniumClientExtensions.dll
  Process <Tanium Client>\TaniumClientExtensions.dll.sig
  Process <Tanium Client>\extensions\TaniumPerformance.dll
  Process <Tanium Client>\extensions\TaniumPerformance.dll.sig
  Process <Tanium Client>\Tools\Performance\TaniumTSDB.exe
7.4.x clients1 Process <Tanium Client>\Python38\TPython.exe
7.4.x clients Folder <Tanium Client>\Python38
  Process <Tanium Client>\TaniumCX.exe
Linux (x86 and x64) endpoints   Process <Tanium Client>/libTaniumClientExtensions.so
  Process <Tanium Client>/libTaniumClientExtensions.so.sig
  Process <Tanium Client>/extensions/libTaniumPerformance.so
  Process <Tanium Client>/extensions/libTaniumPerformance.so.sig
  Process <Tanium Client>/Tools/Performance/TaniumTSDB
7.4.x clients Process <Tanium Client>/python38/bin/pybin
  Process <Tanium Client>/TaniumCX
macOS endpoints   Process <Tanium Client>/libTaniumClientExtensions.dylib
  Process <Tanium Client>/libTaniumClientExtensions.dylib.sig
  Process <Tanium Client>/extensions/libTaniumPerformance.dylib
  Process <Tanium Client>/extensions/libTaniumPerformance.dylib.sig
  Process <Tanium Client>/Tools/Performance/TaniumTSDB
7.4.x clients Process <Tanium Client>/python38/bin/pybin
  Process <Tanium Client>/TaniumCX
1 = TPython requires SHA2 support to allow installation.

Reporting

Reporting security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\reporting-service\TaniumReportingService.exe

No additional process exclusions are required.

Reputation

Reputation security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\reputation-service\node.exe

No additional process exclusions are required.

Reveal

Reveal security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\reveal-service\node.exe
  Process <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Windows endpoints   Process <Tanium Client>\TaniumCX.exe
  Process <Tanium Client>\TaniumClientExtensions.dll
  Process <Tanium Client>\TaniumClientExtensions.dll.sig
  Process <Tanium Client>\extensions\TaniumReveal.dll
  Process <Tanium Client>\extensions\TaniumReveal.dll.sig
  Process <Tanium Client>\extensions\TaniumDEC.dll
  Process <Tanium Client>\extensions\TaniumDEC.dll.sig
  Process <Tanium Client>\extensions\TaniumIndex.dll
  Process <Tanium Client>\extensions\TaniumIndex.dll.sig
  Process <Tanium Client>\extensions\core\TaniumPythonCx.dll
  Process <Tanium Client>\extensions\core\TaniumPythonCx.dll.sig
7.2.x clients, 1 Process <Tanium Client>\python27\TPython.exe
7.4.x clients, 1 Process <Tanium Client>\python38\TPython.exe
7.4.x clients Folder <Tanium Client>\python38
Linux endpoints   Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/libTaniumClientExtensions.so
  Process <Tanium Client>/libTaniumClientExtensions.so.sig
  Process <Tanium Client>/extensions/libTaniumReveal.so
  Process <Tanium Client>/extensions/libTaniumReveal.so.sig
  Process <Tanium Client>/extensions/libTaniumDEC.so
  Process <Tanium Client>/extensions/libTaniumDEC.so.sig
  Process <Tanium Client>/extensions/libTaniumIndex.so
  Process <Tanium Client>/extensions/libTaniumIndex.so.sig
  Process <Tanium Client>/extensions/core/libTaniumPythonCx.so
  Process <Tanium Client>/extensions/core/libTaniumPythonCx.so.sig
7.2.x clients Process <Tanium Client>/python27/python
7.4.x clients Process <Tanium Client>/python38/python
 macOS endpoints   Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/libTaniumClientExtensions.dylib
  Process <Tanium Client>/libTaniumClientExtensions.dylib.sig
  Process <Tanium Client>/extensions/libTaniumReveal.dylib
  Process <Tanium Client>/extensions/libTaniumReveal.dylib.sig
  Process <Tanium Client>/extensions/libTaniumDEC.dylib
  Process <Tanium Client>/extensions/libTaniumDEC.dylib.sig
  Process <Tanium Client>/extensions/libTaniumIndex.dylib
  Process <Tanium Client>/extensions/libTaniumIndex.dylib.sig
  Process <Tanium Client>/extensions/core/libTaniumPythonCx.dylib
  Process <Tanium Client>/extensions/core/libTaniumPythonCx.dylib.sig
7.2.x clients Process <Tanium Client>/python27/python
7.4.x clients Process <Tanium Client>/python38/python
1 = TPython requires SHA2 support to allow installation.
Reveal security exclusions
Target Device Notes Exclusion Type Exclusion
Windows endpoints   Process <Tanium Client>\TaniumCX.exe
  Process <Tanium Client>\Tools\Reveal\TaniumReveal.exe
  Process <Tanium Client>\TaniumClientExtensions.dll
  Process <Tanium Client>\TaniumClientExtensions.dll.sig
  Process <Tanium Client>\extensions\TaniumReveal.dll
  Process <Tanium Client>\extensions\TaniumReveal.dll.sig
  Process <Tanium Client>\extensions\TaniumDEC.dll
  Process <Tanium Client>\extensions\TaniumDEC.dll.sig
  Process <Tanium Client>\extensions\TaniumIndex.dll
  Process <Tanium Client>\extensions\TaniumIndex.dll.sig
  Process <Tanium Client>\extensions\core\TaniumPythonCx.dll
  Process <Tanium Client>\extensions\core\TaniumPythonCx.dll.sig
7.4.x clients, 1 Process <Tanium Client>\python38\TPython.exe
Linux endpoints   Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/Tools/Reveal/TaniumReveal
  Process <Tanium Client>/libTaniumClientExtensions.so
  Process <Tanium Client>/libTaniumClientExtensions.so.sig
  Process <Tanium Client>/extensions/libTaniumReveal.so
  Process <Tanium Client>/extensions/libTaniumReveal.so.sig
  Process <Tanium Client>/extensions/libTaniumDEC.so
  Process <Tanium Client>/extensions/libTaniumDEC.so.sig
  Process <Tanium Client>/extensions/libTaniumIndex.so
  Process <Tanium Client>/extensions/libTaniumIndex.so.sig
  Process <Tanium Client>/extensions/core/libTaniumPythonCx.so
  Process <Tanium Client>/extensions/core/libTaniumPythonCx.so.sig
7.4.x clients Process <Tanium Client>/python38/python
 macOS endpoints   Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/Tools/Reveal/TaniumReveal
  Process <Tanium Client>/libTaniumClientExtensions.dylib
  Process <Tanium Client>/libTaniumClientExtensions.dylib.sig
  Process <Tanium Client>/extensions/libTaniumReveal.dylib
  Process <Tanium Client>/extensions/libTaniumReveal.dylib.sig
  Process <Tanium Client>/extensions/libTaniumDEC.dylib
  Process <Tanium Client>/extensions/libTaniumDEC.dylib.sig
  Process <Tanium Client>/extensions/libTaniumIndex.dylib
  Process <Tanium Client>/extensions/libTaniumIndex.dylib.sig
  Process <Tanium Client>/extensions/core/libTaniumPythonCx.dylib
  Process <Tanium Client>/extensions/core/libTaniumPythonCx.dylib.sig
7.4.x clients Process <Tanium Client>/python38/python
1 = TPython requires SHA2 support to allow installation.

Risk

Risk security exclusions
Target Device Notes Exclusion Type Process
Windows endpoints 7.2.x clients1 Process <Tanium Client>\Python27\TPython.exe
7.4.x clients1 Process <Tanium Client>\Python38\TPython.exe
7.4.x clients Process <Tanium Client>\Python38\*.dll
  Process <Tanium Client>\TaniumCX.exe
  Process <Tanium Client>\extensions\TaniumRisk.dll
  Process <Tanium Client>\extensions\TaniumRisk.dll.sig
Linux endpoints 7.2.x clients Process <Tanium Client>/python27/python
7.4.x clients Process <Tanium Client>/python38/python
  Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/libTaniumRisk.so
  Process <Tanium Client>/libTaniumRisk.so.sig
macOS endpoints 7.2.x clients Process <Tanium Client>/python27/python
7.4.x clients Process <Tanium Client>/python38/python
  Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/libTaniumRisk.dylib
  Process <Tanium Client>/libTaniumRisk.dylib.sig
1 = TPython requires SHA2 support to allow installation.
Risk security exclusions
Target Device Notes Exclusion Type Process
Windows endpoints 7.2.x clients1 Process <Tanium Client>\Python27\TPython.exe
7.4.x clients1 Process <Tanium Client>\Python38\TPython.exe
7.4.x clients Process <Tanium Client>\Python38\*.dll
  Process <Tanium Client>\TaniumCX.exe
  Process <Tanium Client>\extensions\TaniumRisk.dll
  Process <Tanium Client>\extensions\TaniumRisk.dll.sig
Linux endpoints 7.2.x clients Process <Tanium Client>/python27/python
7.4.x clients Process <Tanium Client>/python38/python
  Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/libTaniumRisk.so
  Process <Tanium Client>/libTaniumRisk.so.sig
macOS endpoints 7.2.x clients Process <Tanium Client>/python27/python
7.4.x clients Process <Tanium Client>/python38/python
  Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/libTaniumRisk.dylib.sig
  Process <Tanium Client>/libTaniumRisk.dylib.sig
1 = TPython requires SHA2 support to allow installation.

Threat Response

Threat Response security exclusions
Target Device Notes Exclusion Type Exclusion
Tanium Module Server   Process  <Module Server>\services\detect3\node.exe
  Process <Module Server>\services\detect3\twsm.exe
  Process <Module Server>\services\event-service\node.exe
  Process <Module Server>\services\event-service\twsm.exe
  Process <Module Server>\services\threat-response-service\node.exe
  Process <Module Server>\services\twsm-v1\twsm.exe
  Process <Module Server>\services\endpoint-configuration-service\TaniumEndpointConfigService.exe
Tanium Zone Server   Process <Zone Server>\proxy\node.exe
Windows x86 and x64 endpoints   Process <Tanium Client>\Tools\EPI\TaniumExecWrapper.exe
  Process <Tanium Client>\Tools\IR\TaniumExecWrapper.exe
  Process <Tanium Client>\Tools\IR\TanFileInfo.exe
  Process <Tanium Client>\Tools\IR\TaniumFileInfo.exe
  Process <Tanium Client>\Tools\IR\TaniumHandle.exe
  Process <Tanium Client>\Tools\IR\TaniumListModules.exe
  Process <Tanium Client>\extensions\TaniumIndex.dll
  Process <Tanium Client>\extensions\TaniumIndex.dll.sig
  Process  <Tanium Client>\Tools\recorder\TaniumRecorderCtl.exe
  Process <Tanium Client>\Tools\Detect3\TaniumDetectEngine.exe
  Process <Tanium Client>\extensions\TaniumRecorder.dll
  Process <Tanium Client>\extensions\TaniumRecorder.dll.sig
  Process <Tanium Client>\extensions\SupportCX.dll
  Process <Tanium Client>\extensions\SupportCX.dll.sig
  Process <Tanium Client>\extensions\recorder\proc.bin
  Process <Tanium Client>\extensions\recorder\recorder.db
  Process <Tanium Client>\extensions\recorder\recorder.db-shm
  Process <Tanium Client>\extensions\recorder\recorder.db-wal
  Process <Tanium Client>\extensions\TaniumThreatResponse.dll
  Process <Tanium Client>\extensions\TaniumThreatResponse.dll.sig
  Process <Tanium Client>\extensions\core\TaniumPythonCx.dll
  Process <Tanium Client>\extensions\core\TaniumPythonCx.dll.sig
  Folder <Tanium Client>\extensions\stream
  Process <Tanium Client>\TaniumClientExtensions.dll
  Process <Tanium Client>\TaniumClientExtensions.dll.sig
1 Process <Tanium Client>\Downloads\Action_*\TaniumFileTransfer.exe
1 Process <Tanium Client>\Downloads\Action_*\Winpmem.gb414603.exe
  Process <Tanium Client>\Tools\IR\TaniumPersistenceAnalyzer.exe
  Process <Tanium Client>\Tools\IR\PowerForensics\PowerForensics.dll
7.2.x clients, 3 Process <Tanium Client>\Python27\TPython.exe
7.4.x clients, 3 Process <Tanium Client>\Python38\TPython.exe
7.4.x clients Folder <Tanium Client>\Python38
  Process <Tanium Client>\TaniumCX.exe
  Process <Tanium Client>\extensions\TaniumDEC.dll
  Process <Tanium Client>\extensions\TaniumDEC.dll.sig
  Process C:\Windows\System32\drivers\TaniumRecorderDrv.sys
Linux x86 and x64 endpoints   Process <Tanium Client>/TaniumAuditPipe
  Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/Tools/EPI/TaniumExecWrapper
  Process <Tanium Client>/Tools/IR/TaniumExecWrapper
  Process <Tanium Client>/extensions/libTaniumIndex.so
  Process <Tanium Client>/extensions/libTaniumIndex.so.sig
  Process  <Tanium Client>/Tools/Detect3/TaniumDetectEngine
7.2.x clients Process <Tanium Client>/python27/python
7.2.x clients Process <Tanium Client>/python27/bin/pybin
7.4.x clients Process <Tanium Client>/python38/python
  Process <Tanium Client>/libTaniumClientExtensions.so
  Process <Tanium Client>/libTaniumClientExtensions.so.sig
  Process <Tanium Client>/libSupportCX.so
  Process <Tanium Client>/libSupportCX.so.sig
  Process <Tanium Client>/extensions/libTaniumThreatResponse.so
  Process <Tanium Client>/extensions/libTaniumThreatResponse.so.sig
  Process <Tanium Client>/extensions/libTaniumRecorder.so
  Process <Tanium Client>/extensions/libTaniumRecorder.so.sig
  Process <Tanium Client>/extensions/recorder/proc.bin
  Process <Tanium Client>/extensions/recorder/recorder.db
  Process <Tanium Client>/extensions/recorder/recorder.db-shm
  Process <Tanium Client>/extensions/recorder/recorder.db-wal
  Process <Tanium Client>/extensions/recorder/recorder.auditpipe
  Process <Tanium Client>/extensions/core/libTaniumPythonCx.so
  Process <Tanium Client>/extensions/core/libTaniumPythonCx.so.sig
  Process <Tanium Client>/extensions/libTaniumDEC.so
  Process <Tanium Client>/extensions/libTaniumDEC.so.sig
  Folder <Tanium Client>/extensions/stream
1,2 Process <Tanium Client>/Downloads/Action_*/surge-collect
1,2 File <Tanium Client>/Downloads/Action_*/surge.dat
1 Process <Tanium Client>/Downloads/Action_*/linpmem-*.bin
1 Process <Tanium Client>/Downloads/Action_*/taniumfiletransfer
macOS endpoints   Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/Tools/EPI/TaniumExecWrapper
  Process <Tanium Client>/Tools/IR/TaniumExecWrapper
  Process <Tanium Client>/extensions/libTaniumIndex.dylib
  Process <Tanium Client>/extensions/libTaniumIndex.dylib.sig
  Process  <Tanium Client>/Tools/Detect3/TaniumDetectEngine
7.2.x clients Process <Tanium Client>/python27/python
7.4.x clients Process <Tanium Client>/python38/python
  Process <Tanium Client>/libTaniumClientExtensions.dylib
  Process <Tanium Client>/libTaniumClientExtensions.dylib.sig
  Process <Tanium Client>/extensions/libTaniumThreatResponse.dylib
  Process <Tanium Client>/extensions/libTaniumThreatResponse.dylib.sig
  Process <Tanium Client>/extensions/libTaniumRecorder.dylib
  Process <Tanium Client>/extensions/libTaniumRecorder.dylib.sig
  Process <Tanium Client>/extensions/recorder/proc.bin
  Process <Tanium Client>/extensions/recorder/recorder.db
  Process <Tanium Client>/extensions/recorder/recorder.db-shm
  Process <Tanium Client>/extensions/recorder/recorder.db-wal
  Process <Tanium Client>/extensions/recorder/recorder.auditpipe
  Process <Tanium Client>/extensions/core/libTaniumPythonCx.dylib
  Process <Tanium Client>/extensions/core/libTaniumPythonCx.dylib.sig
  Folder <Tanium Client>/extensions/stream
  Process <Tanium Client>/extensions/libTaniumDEC.dylib
  Process <Tanium Client>/extensions/libTaniumDEC.dylib.sig
  Process <Tanium Client>/extensions/libSupportCX.dylib
  Process <Tanium Client>/extensions/libSupportCX.dylib.sig
1,2 Process <Tanium Client>/Downloads/Action_*/surge-collect
1,2 File <Tanium Client>/Downloads/Action_*/surge.dat
1 Process <Tanium Client>/Downloads/Action_*/osxpmem.app/osxpmem
1 Process <Tanium Client>/Downloads/Action_*/taniumfiletransfer
1 = Where * corresponds to the action ID or the version of linpmem.

2 = Exception is required if Volexity Surge is used for memory collection.

3 = TPython requires SHA2 support to allow installation.

Threat Response security exclusions
Target Device Notes Exclusion Type Exclusion
Tanium Zone Server   Process <Zone Server>\proxy\node.exe
Windows x86 and x64 endpoints   Process <Tanium Client>\Tools\EPI\TaniumExecWrapper.exe
  Process <Tanium Client>\Tools\IR\TaniumExecWrapper.exe
  Process <Tanium Client>\Tools\IR\TanFileInfo.exe
  Process <Tanium Client>\Tools\IR\TaniumFileInfo.exe
  Process <Tanium Client>\Tools\IR\TaniumHandle.exe
  Process <Tanium Client>\Tools\IR\TaniumListModules.exe
  Process <Tanium Client>\extensions\TaniumIndex.dll
  Process <Tanium Client>\extensions\TaniumIndex.dll.sig
  Process  <Tanium Client>\Tools\recorder\TaniumRecorderCtl.exe
  Process <Tanium Client>\Tools\Detect3\TaniumDetectEngine.exe
  Process <Tanium Client>\extensions\TaniumRecorder.dll
  Process <Tanium Client>\extensions\TaniumRecorder.dll.sig
  Process <Tanium Client>\extensions\recorder\proc.bin
  Process <Tanium Client>\extensions\recorder\recorder.db
  Process <Tanium Client>\extensions\recorder\recorder.db-shm
  Process <Tanium Client>\extensions\recorder\recorder.db-wal
  Process <Tanium Client>\extensions\TaniumThreatResponse.dll
  Process <Tanium Client>\extensions\TaniumThreatResponse.dll.sig
  Process <Tanium Client>\extensions\core\TaniumPythonCx.dll
  Process <Tanium Client>\extensions\core\TaniumPythonCx.dll.sig
  Process <Tanium Client>\TaniumClientExtensions.dll
  Process <Tanium Client>\TaniumClientExtensions.dll.sig
1 Process <Tanium Client>\Downloads\Action_*\TaniumFileTransfer.exe
1 Process <Tanium Client>\Downloads\Action_*\Winpmem.gb414603.exe
  Process <Tanium Client>\Tools\IR\TaniumPersistenceAnalyzer.exe
  Process <Tanium Client>\Tools\IR\PowerForensics\PowerForensics.dll
7.4.x clients Process <Tanium Client>\Python38\TPython.exe
7.4.x clients Folder <Tanium Client>\Python38
  Process <Tanium Client>\TaniumCX.exe
  Process <Tanium Client>\extensions\TaniumDEC.dll
  Process <Tanium Client>\extensions\TaniumDEC.dll.sig
  Process C:\Windows\System32\drivers\TaniumRecorderDrv.sys
Linux x86 and x64 endpoints   Process <Tanium Client>/TaniumAuditPipe
  Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/Tools/EPI/TaniumExecWrapper
  Process <Tanium Client>/Tools/IR/TaniumExecWrapper
  Process  <Tanium Client>/Tools/Detect3/TaniumDetectEngine
7.4.x clients Process <Tanium Client>/python38/python
  Process <Tanium Client>/libTaniumClientExtensions.so
  Process <Tanium Client>/libTaniumClientExtensions.so.sig
  Process <Tanium Client>/extensions/libTaniumThreatResponse.so
  Process <Tanium Client>/extensions/libTaniumThreatResponse.so.sig
  Process <Tanium Client>/extensions/libTaniumRecorder.so
  Process <Tanium Client>/extensions/libTaniumRecorder.so.sig
  Process <Tanium Client>/extensions/recorder/proc.bin
  Process <Tanium Client>/extensions/recorder/recorder.db
  Process <Tanium Client>/extensions/recorder/recorder.db-shm
  Process <Tanium Client>/extensions/recorder/recorder.db-wal
  Process <Tanium Client>/extensions/recorder/recorder.auditpipe
  Process <Tanium Client>/extensions/core/libTaniumPythonCx.so
  Process <Tanium Client>/extensions/core/libTaniumPythonCx.so.sig
  Process <Tanium Client>/extensions/libTaniumDEC.so
  Process <Tanium Client>/extensions/libTaniumDEC.so.sig
  Process <Tanium Client>/extensions/libTaniumIndex.so
  Process <Tanium Client>/extensions/libTaniumIndex.so.sig
1,2 Process <Tanium Client>/Downloads/Action_*/surge-collect
1,2 File <Tanium Client>/Downloads/Action_*/surge.dat
1 Process <Tanium Client>/Downloads/Action_*/linpmem-*.bin
1 Process <Tanium Client>/Downloads/Action_*/taniumfiletransfer
macOS endpoints   Process <Tanium Client>/TaniumCX
  Process <Tanium Client>/Tools/EPI/TaniumExecWrapper
  Process <Tanium Client>/Tools/IR/TaniumExecWrapper
  Process <Tanium Client>/extensions/libTaniumIndex.dylib
  Process <Tanium Client>/extensions/libTaniumIndex.dylib.sig
  Process  <Tanium Client>/Tools/Detect3/TaniumDetectEngine
7.4.x clients Process <Tanium Client>/python38/python
  Process <Tanium Client>/libTaniumClientExtensions.dylib
  Process <Tanium Client>/libTaniumClientExtensions.dylib.sig
  Process <Tanium Client>/extensions/libTaniumThreatResponse.dylib
  Process <Tanium Client>/extensions/libTaniumThreatResponse.dylib.sig
  Process <Tanium Client>/extensions/libTaniumRecorder.dylib
  Process <Tanium Client>/extensions/libTaniumRecorder.dylib.sig
  Process <Tanium Client>/extensions/recorder/proc.bin
  Process <Tanium Client>/extensions/recorder/recorder.db
  Process <Tanium Client>/extensions/recorder/recorder.db-shm
  Process <Tanium Client>/extensions/recorder/recorder.db-wal
  Process <Tanium Client>/extensions/recorder/recorder.auditpipe
  Process <Tanium Client>/extensions/core/libTaniumPythonCx.dylib
  Process <Tanium Client>/extensions/core/libTaniumPythonCx.dylib.sig
  Process <Tanium Client>/extensions/libTaniumDEC.dylib
  Process <Tanium Client>/extensions/libTaniumDEC.dylib.sig
1,2 Process <Tanium Client>/Downloads/Action_*/surge-collect
1,2 File <Tanium Client>/Downloads/Action_*/surge.dat
1 Process <Tanium Client>/Downloads/Action_*/osxpmem.app/osxpmem
1 Process <Tanium Client>/Downloads/Action_*/taniumfiletransfer
1 = Where * corresponds to the action ID or the version of linpmem.

2 = Exception is required if Volexity Surge is used for memory collection.

3 = TPython requires SHA2 support to allow installation.

Trends

Trends security exclusions
Target Device Notes Exclusion Type Exclusion
Module Server   Process <Module Server>\services\twsm-v1\twsm.exe
  Process <Module Server>\services\trends\node_modules\@tanium
\postgresql\lib\win32\bin\postgres.exe
  Process <Module Server>\services\trends\node_modules\@tanium
\postgresql\lib\win32\bin\pg_ctl.exe

No additional process exclusions are required.