Host system security exclusions

To monitor and block unknown host system processes, many organizations use security software, such as host-based firewalls and antivirus detection. To ensure that such software does not interfere with Tanium operations, work with your network and security team to whitelist Tanium folders and processes, so that the software treats them as trusted exclusions. Typically, this means configuring the security software to exclude the installation directories of the Tanium™ Client and (for Windows deployments) Tanium Core Platform servers from real-time inspection. Configuring trusted exclusions also typically involves setting a policy to ignore input and output from Tanium binaries.

Tanium Core Platform servers do not require host system security exclusions in a Tanium Appliance or Tanium as a Service deployment. Tanium Clients on all operating systems (OSs) require host system security exclusions.

Tanium Core Platform folders

The following table lists Tanium Core Platform folders that antivirus and other host-based security applications must exclude from real-time scans. Include subfolders of these locations when you create the exception rules. The listed folder paths are the defaults. If you changed the folder locations to non-default paths, create rules based on the actual locations.

Table 1:   Security exclusions for Tanium Core Platform folders
Target Device OS Installation folder
¹ Tanium™ Server Windows 64-bit \Program Files\Tanium\Tanium Server\
Tanium™ Module Server Windows 64-bit \Program Files\Tanium\Tanium Module Server\
Tanium™ Zone Server /

Zone Server Hub

Windows 64-bit \Program Files (x86)\Tanium\Tanium ZoneServer\
² Tanium Client endpoints Windows 32-bit \Program Files\Tanium\Tanium Client\
Windows 64-bit \Program Files (x86)\Tanium\Tanium Client\
macOS /Library/Tanium/TaniumClient/
Linux, Solaris, AIX /opt/Tanium/TaniumClient/
1 You might also have to exclude the Tanium Server Downloads directory if it was moved out of the installation directory using the instructions in the KB article Relocate Downloads Directory.

2 For additional folder exclusions that are required during Tanium Client installation, see Client Management.

Tanium Core Platform system processes

The following table lists Tanium Core Platform system processes that must be allowed (not blocked, quarantined, or otherwise processed). The <Module Server> and <Tanium Client> variables indicate the installation folder of the Module Server and Tanium Client, respectively.

Table 2:   Security exclusions for Tanium Core Platform processes
Target Device OS Process
Tanium Server Windows TaniumReceiver.exe
Tanium Module Server Windows 7za.exe
TaniumModuleServer.exe
<Module Server>\services\tanium-data-service\TaniumDataService.exe
Tanium Zone Server / Zone Server Hub Windows TaniumZoneServer.exe
Tanium Client endpoints Windows, macOS, Linux <Tanium_Client>/Tools/StdUtils

or

<Tanium_Client>/Tools/StdUtils/*.*

Windows, macOS, Linux /Python27/*.dll
/Python38/*.dll
Windows TaniumClient.exe
Windows TPython.exe
Windows TaniumCX.exe
macOS, Linux distribute-tools.sh
macOS, Linux TaniumExecWrapper
macOS, Linux, Solaris, AIX TaniumClient

taniumclient

macOS, Linux TaniumCX
macOS, Linux python
  • If you use Microsoft Group Policy Objects (GPO) or other central management tools to manage host firewalls, you might need to create rules to allow inbound and outbound TCP traffic across port 17472 on any managed endpoints, including the Tanium Server.
  • If running McAfee Host Intrusion Prevention System (HIPS), mark the Tanium Client as both Trusted for Firewall and Trusted for IPS, per McAfee KB71704.
  • The Tanium Client on Windows uses the Windows Update offline scan file, Wsusscn2.cab, to assess computers for installed or missing OS and application security patches. If your endpoint security solutions scan archive files, refer to the Microsoft KB for information on how to configure those tools to interact appropriately with the Wsusscn2.cab file.

Tanium binary file signer

Some security products base exclusion rules on file signers. Tanium uses an extended validation (EV) code-signing certificate with the following signer for the Tanium-generated binary files of Tanium Core Platform servers, Tanium Clients, and Tanium modules. Tanium also uses this certificate to sign VBS and PS1 files within action packages:

Subject: jurisdictionC=US/jurisdictionST=Delaware/businessCategory=Private Organization/serialNumber=4332270, C=US, ST=CA, L=Emeryville, O=Tanium Inc., CN=Tanium Inc.

Solution module folders

As a rule, Tanium solution modules are installed in subdirectories of the Tanium Module Server installation directory. This facilitates any exclusion rules you must create: simply exclude the Module Server installation directory and its subdirectories. This requirement applies only to a Module Server installed on Windows infrastructure.

Solution module processes

If you install Tanium modules and shared services, see the following sections for additional processes on the Module Server (Windows infrastructure only) and Tanium Client (all OSs) that you must configure as exclusions in security software.

The following sections use variables (such as <Module Server>) to indicate the installation folder of a Tanium Core Platform server or the Tanium Client.

Asset

Table 3:   Asset security exclusions
Target Device Notes Process
Module Server   <Module Server>\services\asset-service\node.exe
  <Module Server>\services\asset-service\[email protected]\postgresql\lib\win32\bin\postgres.exe
  <Module Server>\services\asset-service\[email protected]\postgresql\lib\win32\bin\pg_ctl.exe
Windows endpoints For integration with Flexera <Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe
macOS and Linux endpoints For integration with Flexera <Tanium Client>/Tools/EPI/TaniumEndpointIndex

Client Management

Table 4:   Client Management security exclusions
Target Device Notes Process
Module Server   "<Tanium Module Server>\services\client-management-service\node.exe" service.js
  <Tanium Module Server>\services\twsm-v1\twsm.exe
Windows x86 endpoints During client installation \Program Files\Tanium\TaniumClientBootstrap.exe
During client installation \Program Files\Tanium\SetupClient.exe
During client installation <Tanium Client>\SetupClient.exe
  <Tanium Client>\TaniumClientExtensions.dll
  <Tanium Client>\TaniumClientExtensions.dll.sig
  <Tanium Client>\extensions\TaniumDEC.dll
  <Tanium Client>\extensions\TaniumDEC.dll.sig
  <Tanium Client>\TaniumCX.exe
Windows x64 endpoints During client installation \Program Files (x86)\Tanium\TaniumClientBootstrap.exe
During client installation \Program Files (x86)\Tanium\SetupClient.exe
During client installation <Tanium Client>\SetupClient.exe
  <Tanium Client>\TaniumClientExtensions.dll
  <Tanium Client>\TaniumClientExtensions.dll.sig
  <Tanium Client>\extensions\TaniumDEC.dll
  <Tanium Client>\extensions\TaniumDEC.dll.sig
  <Tanium Client>\TaniumCX.exe
macOS endpoints During client installation /Library/Tanium/TaniumClientBootstrap
During client installation /Library/Tanium/SetupClient
During client installation <Tanium Client>/SetupClient
  <Tanium Client>/libTaniumClientExtensions.dylib
  <Tanium Client>/libTaniumClientExtensions.dylib.sig
  <Tanium Client>/extensions/libTaniumDEC.dylib
  <Tanium Client>/extensions/libTaniumDEC.dylib.sig
  <Tanium Client>/TaniumCX
Linux endpoints During client installation /opt/Tanium/TaniumClientBootstrap
During client installation /opt/Tanium/SetupClient
During client installation <Tanium Client>/SetupClient
  <Tanium Client>/libTaniumClientExtensions.so
  <Tanium Client>/libTaniumClientExtensions.so.sig
  <Tanium Client>/extensions/libTaniumDEC.so
  <Tanium Client>/extensions/libTaniumDEC.so.sig
  <Tanium Client>/TaniumCX
Solaris and AIX endpoints During client installation /opt/Tanium/TaniumClientBootstrap
During client installation /opt/Tanium/SetupClient
During client installation <Tanium Client>/SetupClient
Table 5:   Client Management security exclusions
Target Device Notes Process
Windows x86 endpoint   <Tanium Client>\TaniumClientExtensions.dll
  <Tanium Client>\TaniumClientExtensions.dll.sig
  <Tanium Client>\extensions\TaniumDEC.dll
  <Tanium Client>\extensions\TaniumDEC.dll.sig
  <Tanium Client>\TaniumCX.exe
Windows x64 endpoints   <Tanium Client>\TaniumClientExtensions.dll
  <Tanium Client>\TaniumClientExtensions.dll.sig
  <Tanium Client>\extensions\TaniumDEC.dll
  <Tanium Client>\extensions\TaniumDEC.dll.sig
  <Tanium Client>\TaniumCX.exe
macOS endpoints   <Tanium Client>/libTaniumClientExtensions.dylib
  <Tanium Client>/libTaniumClientExtensions.dylib.sig
  <Tanium Client>/extensions/libTaniumDEC.dylib
  <Tanium Client>/extensions/libTaniumDEC.dylib.sig
  <Tanium Client>/TaniumCX
Linux endpoints   <Tanium Client>/libTaniumClientExtensions.so
  <Tanium Client>/libTaniumClientExtensions.so.sig
  <Tanium Client>/extensions/libTaniumDEC.so
  <Tanium Client>/extensions/libTaniumDEC.so.sig
  <Tanium Client>/TaniumCX

Comply

Table 6:   Comply security exclusions
Target Device Notes Process
Module Server   <Module Server>\services\comply-service\node.exe
  <Module Server>\services\comply-service\node_modules\ovalindex\ovalindex.exe
Windows endpoints   <Tanium Client>\Tools\Comply\TaniumExecWrapper.exe
  <Tanium Client>\Tools\Comply\jre\bin\java.exe
  <Tanium Client>\Tools\Comply\7za.exe
Linux/macOS/AIX endpoints   <Tanium Client>/Tools/Comply/TaniumExecWrapper
  <Tanium Client>/Tools/Comply/jre/bin/java
  <Tanium Client>/Tools/Comply/7za
  <Tanium Client>/Tools/Comply/xsltproc
Tanium Scan Engine   <Tanium Client>/Tools/Comply/joval/Joval4Tanium.jar
  <Tanium Client>/Tools/Comply/joval/Joval-Utilities.jar
CIS-CAT engine   <Tanium Client>/Tools/Comply/cis-cat/CIS-CAT.jar
Linux only <Tanium Client>/Tools/Comply/cis-cat/CIS-CAT.sh
Windows only <Tanium Client>/Tools/Comply/cis-cat/CIS-CAT.BAT
SCC engine - Windows endpoints   <Tanium Client>\Tools\Comply\scc\cscc.exe
  <Tanium Client>\Tools\Comply\scc\cscc32.exe
  <Tanium Client>\Tools\Comply\scc\cscc64.exe
  <Tanium Client>\Tools\Comply\scc\scc.exe
  <Tanium Client>\Tools\Comply\scc\scc32.exe
  <Tanium Client>\Tools\Comply\scc\scc64.exe
SCC engine - Linux/macOS endpoints   <Tanium Client>/Tools/Comply/scc/cscc
  <Tanium Client>/Tools/Comply/scc/cscc.bin
  <Tanium Client>/Tools/Comply/scc/scc
  <Tanium Client>/Tools/Comply/scc/scc.bin
Table 7:   Comply security exclusions
Target Device Notes Process
Windows endpoints   <Tanium Client>\Tools\Comply\TaniumExecWrapper.exe
  <Tanium Client>\Tools\Comply\jre\bin\java.exe
  <Tanium Client>\Tools\Comply\7za.exe
Linux/macOS endpoints   <Tanium Client>/Tools/Comply/TaniumExecWrapper
  <Tanium Client>/Tools/Comply/jre/bin/java
  <Tanium Client>/Tools/Comply/7za
  <Tanium Client>/Tools/Comply/xsltproc
Tanium Scan Engine   <Tanium Client>/Tools/Comply/joval/Joval4Tanium.jar
  <Tanium Client>/Tools/Comply/joval/Joval-Utilities.jar
CIS-CAT engine   <Tanium Client>/Tools/Comply/cis-cat/CIS-CAT.jar
Linux only <Tanium Client>/Tools/Comply/cis-cat/CIS-CAT.sh
Windows only <Tanium Client>/Tools/Comply/cis-cat/CIS-CAT.BAT
SCC engine - Windows endpoints   <Tanium Client>\Tools\Comply\scc\cscc.exe
  <Tanium Client>\Tools\Comply\scc\cscc32.exe
  <Tanium Client>\Tools\Comply\scc\cscc64.exe
  <Tanium Client>\Tools\Comply\scc\scc.exe
  <Tanium Client>\Tools\Comply\scc\scc32.exe
  <Tanium Client>\Tools\Comply\scc\scc64.exe
SCC engine - Linux/macOS endpoints   <Tanium Client>/Tools/Comply/scc/cscc
  <Tanium Client>/Tools/Comply/scc/cscc.bin
  <Tanium Client>/Tools/Comply/scc/scc
  <Tanium Client>/Tools/Comply/scc/scc.bin

Connect

Table 8:   Connect security exclusions
Target device Notes Process
Module Server   <Tanium Module Server>\services\connect-service\node.exe

No additional process exclusions are required.

Deploy

Table 9:   Deploy security exclusions
Target device Notes Process
Module Server   <Module Server>\services\deploy-service\node.exe
Windows endpoints   <Tanium Client>\Python27\TPython.exe
7.4.x clients <Tanium Client>\Python38\TPython.exe
7.4.x clients <Tanium Client>\Python38\*.dll
  <Tanium Client>\Tools\Deploy\7za.exe
  <Tanium Client>\Tools\SoftwareManagement\7za.exe
  <Tanium Client>\TaniumCX.exe
Linux endpoints   <Tanium Client>/python27/bin/pybin
7.2.x clients <Tanium Client>/python27/pybin
7.4.x clients <Tanium Client>/python38/python
  <Tanium Client>/TaniumCX
macOS endpoints   <Tanium Client>/python27/bin/pybin
7.2.x clients <Tanium Client>/python27/pybin
7.4.x clients <Tanium Client>/python38/python
  <Tanium Client>/TaniumCX
Table 10:   Deploy security exclusions
Target device Notes Process
Windows endpoints   <Tanium Client>\Python27\TPython.exe
7.4.x clients <Tanium Client>\Python38\TPython.exe
7.4.x clients <Tanium Client>\Python38\*.dll
  <Tanium Client>\Tools\Deploy\7za.exe
  <Tanium Client>\Tools\SoftwareManagement\7za.exe
  <Tanium Client>\TaniumCX.exe
Linux endpoints   <Tanium Client>/python27/bin/pybin
7.4.x clients <Tanium Client>/python38/python
  <Tanium Client>/TaniumCX
macOS endpoints   <Tanium Client>/python27/bin/pybin
7.4.x clients <Tanium Client>/python38/python
  <Tanium Client>/TaniumCX

Direct Connect

Table 11:   Direct Connect security exclusions
Target Device Notes Process
Windows endpoints   <Tanium Client>\TaniumClientExtensions.dll
  <Tanium Client>\TaniumClientExtensions.dll.sig
  <Tanium Client>\extensions\TaniumDEC.dll
  <Tanium Client>\extensions\TaniumDEC.dll.sig
  <Tanium Client>\TaniumCX.exe
macOS endpoints   <Tanium Client>/libTaniumClientExtensions.dylib
  <Tanium Client>/libTaniumClientExtensions.dylib.sig
  <Tanium Client>/extensions/libTaniumDEC.dylib
  <Tanium Client>/extensions/libTaniumDEC.dylib.sig
  <Tanium Client>/TaniumCX
Linux endpoints   <Tanium Client>/libTaniumClientExtensions.so
  <Tanium Client>/libTaniumClientExtensions.so.sig
  <Tanium Client>/extensions/libTaniumDEC.so
  <Tanium Client>/extensions/libTaniumDEC.so.sig
  <Tanium Client>/TaniumCX

Discover

Table 12:   Discover security exclusions
Target Device Notes Process
Module Server   "<Module Server>\services\discover\node.exe
  <Module Server>\plugins\content\discover-proxy\proxyplugin.exe
  <Module Server>\services\twsm-v1\twsm.exe
Windows endpoints (Level 3 and 4 profiles only) C:\Program Files\Npcap
(Level 3 and 4 profiles only) <Tanium Client>Tools\Discover\nmap\nmap.exe
Linux endpoints (Level 3 and 4 profiles only)

<Tanium Client>/Tools/Discover/nmap/nmap

macOS endpoints (Level 3 and 4 profiles only) <Tanium Client>/Tools/Discover/nmap/nmap

End-User Notifications

Table 13:   End-User Notifications security exclusions
Target Device Notes Process
Module Server   <Module Server>\services\end-user-notifications-service\node.exe
  <Module Server>\services\twsm-v1\twsm.exe
Windows endpoints 7.2.x clients <Tanium Client>\Python27\TPython.exe
7.4.x clients <Tanium Client>\Python38\TPython.exe
  <Tanium>\Tanium End User Notification Tools\UserSessionProxy.exe
  <Tanium>\Tanium End User Notification Tools\bin\end-user-notifications.exe
exclude from on-access or real-time scans <Tanium>\Tanium End User Notification Tools\
macOS endpoints 7.2.x clients <Tanium Client>/python27/python
7.4.x clients <Tanium Client>/python38/python
  /Library/Tanium/EndUserNotifications/bin/end-user-notifications.app
  /Library/Tanium/EndUserNotifications
Table 14:   End-User Notifications security exclusions
Target Device Notes Process
Windows endpoints 7.4.x clients <Tanium Client>\Python38\TPython.exe
  <Tanium>\Tanium End User Notification Tools\UserSessionProxy.exe
  <Tanium>\Tanium End User Notification Tools\bin\end-user-notifications.exe
exclude from on-access or real-time scans <Tanium>\Tanium End User Notification Tools\
macOS endpoints 7.4.x clients <Tanium Client>/python38/python
  /Library/Tanium/EndUserNotifications/bin/end-user-notifications.app
  /Library/Tanium/EndUserNotifications

Health Check

Table 15:   Health Check security exclusions
Target Device Notes Process
Module Server   <Module Server>\services\health-service\node.exe
  <Module Server>\services\health-service\twsm.exe

Impact

Table 16:   Impact security exclusions
Target Device Notes Process
Module Server (Windows)   <Module Server>\services\impact-service\TaniumImpactService.exe
Windows endpoints   <Tanium Client>\Python38\TPython.exe
  <Tanium Client>\Python38\*.dll

Incident Response

Table 17:   Incident Response security exclusions
Target Device Notes Process
Windows x86 or x64 endpoints   <Tanium Client>\Tools\IR\TaniumPersistenceAnalyzer.exe
  <Tanium Client>\Tools\EPI\TaniumExecWrapper.exe
  <Tanium Client>\Tools\IR\TaniumExecWrapper.exe
  <Tanium Client>\Tools\IR\TanFileInfo.exe
  <Tanium Client>\Tools\IR\TaniumHandle.exe
  <Tanium Client>\Tools\IR\TanListModules.exe
  <Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe
  <Tanium Client>\Tools\IR\PowerForensics\PowerForensics.dll
1 <Tanium Client>\Downloads\Action_nnn\Winpmem.gb414603.exe
1 <Tanium Client>\Downloads\Action_nnn\TaniumFileTransfer.exe
7.2.x clients <Tanium Client>\Python27\TPython.exe
7.4.x clients <Tanium Client>\Python38\TPython.exe
7.4.x clients <Tanium Client>\Python38\*.dll
macOS endpoints   <Tanium Client>/Tools/EPI/TaniumExecWrapper
  <Tanium Client>/Tools/IR/TaniumExecWrapper
  <Tanium Client>/Tools/EPI/TaniumEndpointIndex
1,2 <Tanium Client>/Downloads/Action_nnn/surge-collect
1,2 <Tanium Client>/Downloads/Action_nnn/surge.dat
1 <Tanium Client>/Downloads/Action_nnn/osxpmem.app/osxpmem
1 <Tanium Client>/Downloads/Action_nnn/taniumfiletransfer
7.2.x clients <Tanium Client>/python27/python
7.4.x clients <Tanium Client>/python38/python
Linux x86 or x64 endpoints   <Tanium Client>/Tools/EPI/TaniumExecWrapper
  <Tanium Client>/Tools/IR/TaniumExecWrapper 
  <Tanium Client>/Tools/EPI/TaniumEndpointIndex 
1,2 <Tanium Client>/Downloads/Action_nnn/surge-collect
1,2 <Tanium Client>/Downloads/Action_nnn/surge.dat
1 <Tanium Client>/Downloads/Action_nnn/linpmem-<version>.bin
1 <Tanium Client>/Downloads/Action_nnn/taniumfiletransfer
7.2.x clients <Tanium Client>/python27/python
7.4.x clients <Tanium Client>/python38/python

1 = Where nnn corresponds to the action ID.

2 = Exception is required if Volexity Surge is used for memory collection.

Integrity Monitor

Table 18:   Integrity Monitor security exclusions
Target Device Notes Process
Tanium Module Server   <Module Server>\services\integrity-monitor-service\node.exe
Tanium Zone Server   <Zone Server>\proxy\node.exe
Windows x86 and x64 endpoints   <Tanium Client>\Tools\EPI\TaniumExecWrapper.exe
  <Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe
  <Tanium Client>\Tools\IM\TaniumSQLiteQuery.exe
  <Tanium Client>\Tools\IM\TaniumExecWrapper.exe
  <Tanium Client>\extensions\TaniumRecorder.dll
  <Tanium Client>\extensions\TaniumRecorder.dll.sig
  <Tanium Client>\extensions\recorder\proc.bin
  <Tanium Client>\extensions\recorder\recorder.db
  <Tanium Client>\extensions\recorder\recorder.db-shm
  <Tanium Client>\extensions\recorder\recorder.db-wal
  <Tanium Client>\extensions\core\libTaniumPythonCx.dll
  <Tanium Client>\extensions\core\libTaniumPythonCx.dll.sig
  <Tanium Client>\TaniumClientExtensions.dll
  <Tanium Client>\TaniumClientExtensions.dll.sig
7.2.x clients <Tanium Client>\Python27\TPython.exe
7.4.x clients <Tanium Client>\Python38\TPython.exe
7.4.x clients <Tanium Client>\Python38\*.dll
  <Tanium Client>\TaniumCX.exe
Linux x86 and x64 endpoints   <Tanium Client>/TaniumAuditPipe
  <Tanium Client>/Tools/Trace/recorder
  <Tanium Client>/Tools/EPI/TaniumEndpointIndex
  <Tanium Client>/Tools/EPI/TaniumExecWrapper
  <Tanium Client>/Tools/IM/TaniumExecWrapper
7.2.x clients <Tanium Client>/python27/python
7.4.x clients <Tanium Client>/python38/python
  <Tanium Client>/libTaniumClientExtensions.so
  <Tanium Client>/libTaniumClientExtensions.so.sig
  <Tanium Client>/extensions/recorder/proc.bin
  <Tanium Client>/extensions/recorder/recorder.db
  <Tanium Client>/extensions/recorder/recorder.db-shm
  <Tanium Client>/extensions/recorder/recorder.db-wal
  <Tanium Client>/extensions/recorder/recorder.auditpipe
  <Tanium Client>/extensions/core/libTaniumPythonCx.so
  <Tanium Client>/extensions/core/libTaniumPythonCx.so.sig
  <Tanium Client>/TaniumCX
Table 19:   Integrity Monitor security exclusions
Target Device Notes Process
Windows x86 and x64 endpoints   <Tanium Client>\Tools\EPI\TaniumExecWrapper.exe
  <Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe
  <Tanium Client>\Tools\IM\TaniumSQLiteQuery.exe
  <Tanium Client>\Tools\IM\TaniumExecWrapper.exe
  <Tanium Client>\extensions\TaniumRecorder.dll
  <Tanium Client>\extensions\TaniumRecorder.dll.sig
  <Tanium Client>\extensions\recorder\proc.bin
  <Tanium Client>\extensions\recorder\recorder.db
  <Tanium Client>\extensions\recorder\recorder.db-shm
  <Tanium Client>\extensions\recorder\recorder.db-wal
  <Tanium Client>\extensions\core\libTaniumPythonCx.dll
  <Tanium Client>\extensions\core\libTaniumPythonCx.dll.sig
  <Tanium Client>\TaniumClientExtensions.dll
  <Tanium Client>\TaniumClientExtensions.dll.sig
7.4.x clients <Tanium Client>\Python38\TPython.exe
7.4.x clients <Tanium Client>\Python38\*.dll
  <Tanium Client>\TaniumCX.exe
Linux x86 and x64 endpoints   <Tanium Client>/TaniumAuditPipe
  <Tanium Client>/Tools/Trace/recorder
  <Tanium Client>/Tools/EPI/TaniumEndpointIndex
  <Tanium Client>/Tools/EPI/TaniumExecWrapper
  <Tanium Client>/Tools/IM/TaniumExecWrapper
7.4.x clients <Tanium Client>/python38/python
  <Tanium Client>/libTaniumClientExtensions.so
  <Tanium Client>/libTaniumClientExtensions.so.sig
  <Tanium Client>/extensions/recorder/proc.bin
  <Tanium Client>/extensions/recorder/recorder.db
  <Tanium Client>/extensions/recorder/recorder.db-shm
  <Tanium Client>/extensions/recorder/recorder.db-wal
  <Tanium Client>/extensions/recorder/recorder.auditpipe
  <Tanium Client>/extensions/core/libTaniumPythonCx.so
  <Tanium Client>/extensions/core/libTaniumPythonCx.so.sig
  <Tanium Client>/TaniumCX

Map

Table 20:   Map security exclusions
Target Device Notes Process
Module Server   <Tanium Module Server>\services\map-service\node.exe
Windows endpoints 7.2.x clients <Tanium Client>\Python27\TPython.exe
7.4.x clients <Tanium Client>\Python38\TPython.exe
7.4.x clients <Tanium Client>\Python38\*.dll
  <Tanium Client>\TaniumCX.exe
 Linux endpoints 7.2.x clients <Tanium Client>/python27/bin/pybin
7.4.x clients

<Tanium Client>/python38/python

  <Tanium Client>/Tools/Trace/recorder
  <Tanium Client>/TaniumCX
macOS endpoints   <Tanium Client>/Tools/Trace/TaniumRecorder
  <Tanium Client>/TaniumCX

 

Table 21:   Map security exclusions
Target Device Notes Process
Windows endpoints 7.4.x clients <Tanium Client>\Python38\TPython.exe
7.4.x clients <Tanium Client>\Python38\*.dll
  <Tanium Client>\TaniumCX.exe
Linux endpoints 7.4.x clients

<Tanium Client>/python38/python

  <Tanium Client>/Tools/Trace/recorder
  <Tanium Client>/TaniumCX
macOS endpoints   <Tanium Client>/Tools/Trace/TaniumRecorder
  <Tanium Client>/TaniumCX

Network Quarantine

No additional process exclusions are required.

Patch

Table 22:   Patch security exclusions
Target device Notes Process
Module Server   <Module Server>\services\patch-service\node.exe
Windows endpoints   <Tanium Client>\Patch\tanium-patch.min.vbs
  <Tanium Client>\Patch\scans\Wsusscn2.cab
  <Tanium Client>\Patch\tools\active-user-sessions.exe
  <Tanium Client>\Patch\tools\run-patch-manager.min.vbs
  <Tanium Client>\Patch\tools\TaniumExecWrapper.exe
  <Tanium Client>\Patch\tools\TaniumFileInfo.exe
  <Tanium Client>\Patch\tools\TaniumUpdateSearcher.exe
7.2.x clients <Tanium Client>\Python27\TPython.exe
7.2.x clients <Tanium Client>\Python27\*.dll
7.4.x clients <Tanium Client>\Python38\TPython.exe
7.4.x clients <Tanium Client>\Python38\*.dll
  <Tanium Client>\TaniumCX.exe
  <Tanium Client>\Tools\Patch\7za.exe
  <Tanium Client>\Tools\Patch\TaniumExecWrapper.exe
exclude from on-access or real-time scans <Tanium Client>
Linux endpoints 7.2.x clients <Tanium Client>/python27/bin/pybin
7.2.x clients <Tanium Client>/python27/python
7.4.x clients <Tanium Client>/python38/bin/pybin
7.4.x clients <Tanium Client>/python38/python
  <Tanium Client>/Tools/Patch/TaniumExecWrapper
Table 23:   Patch security exclusions
Target device Notes Process
Windows endpoints   <Tanium Client>\Patch\tanium-patch.min.vbs
  <Tanium Client>\Patch\scans\Wsusscn2.cab
  <Tanium Client>\Patch\tools\active-user-sessions.exe
  <Tanium Client>\Patch\tools\run-patch-manager.min.vbs
  <Tanium Client>\Patch\tools\TaniumExecWrapper.exe
  <Tanium Client>\Patch\tools\TaniumFileInfo.exe
  <Tanium Client>\Patch\tools\TaniumUpdateSearcher.exe
7.4.x clients <Tanium Client>\Python38\TPython.exe
7.4.x clients <Tanium Client>\Python38\*.dll
  <Tanium Client>\TaniumCX.exe
  <Tanium Client>\Tools\Patch\7za.exe
  <Tanium Client>\Tools\Patch\TaniumExecWrapper.exe
exclude from on-access or real-time scans <Tanium Client>
Linux endpoints 7.4.x clients <Tanium Client>/python38/bin/pybin
7.4.x clients <Tanium Client>/python38/python
  <Tanium Client>/Tools/Patch/TaniumExecWrapper

Performance

Table 24:   Performance security exclusions
Target Device Notes Process
Tanium Module Server   <Module Server>\services\performance\node.exe
  <Module Server>\services\event-service\twsm.exe
Windows x86 and x64 endpoints   <Tanium Client>\Tools\Performance\TaniumTSDB.exe
7.2.x clients <Tanium Client>\Python27\TPython.exe
7.4.x clients <Tanium Client>\Python38\TPython.exe
7.4.x clients <Tanium Client>\Python38\*.dll
  <Tanium Client>\TaniumCX.exe
macOS and Linux (x86 and x64) endpoints   <Tanium Client>/Tools/Performance/TaniumTSDB
7.2.x clients <Tanium Client>/python27/python
7.4.x clients <Tanium Client>/python38/python
  <Tanium Client>/TaniumCX
Table 25:   Performance security exclusions
Target Device Notes Process
Windows (x86 and x64) endpoints   <Tanium Client>\Tools\Performance\TaniumTSDB.exe
  <Tanium Client>\Python38\TPython.exe
  <Tanium Client>\Python38\*.dll
  <Tanium Client>\TaniumCX.exe
macOS and Linux (x86 and x64) endpoints   <Tanium Client>/Tools/Performance/TaniumTSDB
  <Tanium Client>/python38/python
  <Tanium Client>/TaniumCX

Protect

Table 26:   Protect security exclusions
Target Device Notes Process
Module Server   <Tanium Module Server>\services\protect-service\7za.exe
  <Tanium Module Server>\services\protect-service\node.exe
Windows x86 endpoints   <Tanium Client>\Tools\StdUtils\7za.exe
  <Tanium Client>\Tools\Protect\LocalPolicyTool.exe
  <Tanium Client>\Protect\LocalPolicyTool.exe
  <Tanium Client>\Tools\Protect\devcon32.exe
(7.2.x clients) <Tanium Client>\Python27\TPython.exe
(7.4.x clients) <Tanium Client>\Python38\TPython.exe
(7.4.x clients) <Tanium Client>\Python38\*.dll
  <Tanium Client>\TaniumCX.exe
Windows x64 endpoints   <Tanium Client>\Tools\StdUtils\7za.exe
  <Tanium Client>\Tools\Protect\LocalPolicyTool.exe
  <Tanium Client>\Protect\LocalPolicyTool.exe
  <Tanium Client>\Tools\Protect\devcon64.exe
(7.2.x clients) <Tanium Client>\Python27\TPython.exe
(7.4.x clients) <Tanium Client>\Python38\TPython.exe
(7.4.x clients) <Tanium Client>\Python38\*.dll
  <Tanium Client>\TaniumCX.exe
macOS, and Linux x86 and x64 endpoints (7.2.x clients) <Tanium Client>/python27/python
(7.4.x clients) <Tanium Client>/python38/python
  <Tanium Client>/TaniumCX

Reputation

Table 27:   Reputation security exclusions
Target device Notes Process
Module Server   <Module Server>\services\reputation-service\node.exe

No additional process exclusions are required.

Reveal

Table 28:   Reveal security exclusions
Target Device Notes Process
Module Server   <Tanium Module Server>\services\reveal-service\node.exe
Windows endpoints   <Tanium Client>\TaniumCX.exe
  <Tanium Client>\Tools\EPI\TaniumExecWrapper.exe
  <Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe
  <Tanium Client>\Tools\Reveal\TaniumReveal.exe
  <Tanium Client>\TaniumClientExtensions.dll
  <Tanium Client>\TaniumClientExtensions.dll.sig
  <Tanium Client>\extensions\RevealCX.dll
  <Tanium Client>\extensions\RevealCX.dll.sig
  <Tanium Client>\extensions\TaniumDEC.dll
  <Tanium Client>\extensions\TaniumDEC.dll.sig
  <Tanium Client>\extensions\core\libTaniumPythonCx.dll
  <Tanium Client>\extensions\core\libTaniumPythonCx.dll.sig
7.2.x clients <Tanium Client>\Python27\TPython.exe
7.4.x clients <Tanium Client>\Python38\TPython.exe
7.2.x clients <Tanium Client>\Python38\*.dll
Linux endpoints   <Tanium Client>/TaniumCX
  <Tanium Client>/Tools/EPI/TaniumExecWrapper
  <Tanium Client>/Tools/EPI/TaniumEndpointIndex
  <Tanium Client>/Tools/Reveal/TaniumReveal
  <Tanium Client>/libTaniumClientExtensions.so
  <Tanium Client>/libTaniumClientExtensions.so.sig
  <Tanium Client>/extensions/libRevealCX.so
  <Tanium Client>/extensions/libRevealCX.so.sig
  <Tanium Client>/extensions/libTaniumDEC.so
  <Tanium Client>/extensions/libTaniumDEC.so.sig
  <Tanium Client>/extensions//core/libTaniumPythonCx.so
  <Tanium Client>/extensions/core/libTaniumPythonCx.so.sig
7.2.x clients <Tanium Client>/python27/python
7.4.x clients <Tanium Client>/python38/python
 macOS endpoints   <Tanium Client>/TaniumCX
  <Tanium Client>/Tools/EPI/TaniumExecWrapper
  <Tanium Client>/Tools/EPI/TaniumEndpointIndex
  <Tanium Client>/Tools/Reveal/TaniumReveal
  <Tanium Client>/libTaniumClientExtensions.dylib
  <Tanium Client>/libTaniumClientExtensions.dylib.sig
  <Tanium Client>/extensions/libRevealCX.dylib
  <Tanium Client>/extensions/libRevealCX.dylib.sig
  <Tanium Client>/extensions/libTaniumDEC.dylib
  <Tanium Client>/extensions/libTaniumDEC.dylib.sig
  <Tanium Client>/extensions/core/libTaniumPythonCx.dylib
  <Tanium Client>/extensions/core/libTaniumPythonCx.dylib.sig
7.2.x clients <Tanium Client>/python27/python
7.4.x clients <Tanium Client>/python38/python
Table 29:   Reveal security exclusions
Target Device Notes Process
Windows endpoints   <Tanium Client>\TaniumCX.exe
  <Tanium Client>\Tools\EPI\TaniumExecWrapper.exe
  <Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe
  <Tanium Client>\Tools\Reveal\TaniumReveal.exe
  <Tanium Client>\TaniumClientExtensions.dll
  <Tanium Client>\TaniumClientExtensions.dll.sig
  <Tanium Client>\extensions\RevealCX.dll
  <Tanium Client>\extensions\RevealCX.dll.sig
  <Tanium Client>\extensions\TaniumDEC.dll
  <Tanium Client>\extensions\TaniumDEC.dll.sig
  <Tanium Client>\extensions\core\libTaniumPythonCx.dll
  <Tanium Client>\extensions\core\libTaniumPythonCx.dll.sig
7.4.x clients <Tanium Client>\Python38\TPython.exe
Linux endpoints   <Tanium Client>/TaniumCX
  <Tanium Client>/Tools/EPI/TaniumExecWrapper
  <Tanium Client>/Tools/EPI/TaniumEndpointIndex
  <Tanium Client>/Tools/Reveal/TaniumReveal
  <Tanium Client>/libTaniumClientExtensions.so
  <Tanium Client>/libTaniumClientExtensions.so.sig
  <Tanium Client>/extensions/libRevealCX.so
  <Tanium Client>/extensions/libRevealCX.so.sig
  <Tanium Client>/extensions/libTaniumDEC.so
  <Tanium Client>/extensions/libTaniumDEC.so.sig
  <Tanium Client>/extensions//core/libTaniumPythonCx.so
  <Tanium Client>/extensions/core/libTaniumPythonCx.so.sig
7.4.x clients <Tanium Client>/python38/python
 macOS endpoints   <Tanium Client>/TaniumCX
  <Tanium Client>/Tools/EPI/TaniumExecWrapper
  <Tanium Client>/Tools/EPI/TaniumEndpointIndex
  <Tanium Client>/Tools/Reveal/TaniumReveal
  <Tanium Client>/libTaniumClientExtensions.dylib
  <Tanium Client>/libTaniumClientExtensions.dylib.sig
  <Tanium Client>/extensions/libRevealCX.dylib
  <Tanium Client>/extensions/libRevealCX.dylib.sig
  <Tanium Client>/extensions/libTaniumDEC.dylib
  <Tanium Client>/extensions/libTaniumDEC.dylib.sig
  <Tanium Client>/extensions/core/libTaniumPythonCx.dylib
  <Tanium Client>/extensions/core/libTaniumPythonCx.dylib.sig
7.4.x clients <Tanium Client>/python38/python

Threat Response

Table 30:   Threat Response security exclusions
Target Device Notes Process
Tanium Module Server   <Module Server>\services\trace-service\node.exe
  <Module Server>\services\detect3\node.exe
  <Module Server>\services\detect3\twsm.exe
  <Module Server>\services\event-service\node.exe
  <Module Server>\services\event-service\twsm.exe
  <Module Server>\services\threat-response-service\node.exe
  <Module Server>\services\twsm-v1\twsm.exe
Tanium Zone Server   <Zone Server>\proxy\node.exe
Windows x86 and x64 endpoints   <Tanium Client>\Tools\EPI\TaniumExecWrapper.exe
  <Tanium Client>\Tools\IR\TaniumExecWrapper.exe
  <Tanium Client>\Tools\IR\TanFileInfo.exe
  <Tanium Client>\Tools\IR\TaniumFileInfo.exe
  <Tanium Client>\Tools\IR\TaniumHandle.exe
  <Tanium Client>\Tools\IR\TanListModules.exe
  <Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe
  <Tanium Client>\Tools\Trace\TaniumTraceWebsocketClient.exe
  <Tanium Client>\Tools\Trace\TaniumTraceWebsocketClient64.exe
  <Tanium Client>\Tools\Trace\TaniumExecWrapper.exe
  <Tanium Client>\Tools\recorder\TaniumRecorderCtl.exe
  <Tanium Client>\Tools\Detect3\TaniumDetectEngine.exe
  <Tanium Client>\extensions\TaniumRecorder.dll
  <Tanium Client>\extensions\TaniumRecorder.dll.sig
  <Tanium Client>\extensions\SupportCX.dll
  <Tanium Client>\extensions\SupportCX.dll.sig
  <Tanium Client>\extensions\recorder\proc.bin
  <Tanium Client>\extensions\recorder\recorder.db
  <Tanium Client>\extensions\recorder\recorder.db-shm
  <Tanium Client>\extensions\recorder\recorder.db-wal
  <Tanium Client>\extensions\TaniumThreatResponse.dll
  <Tanium Client>\extensions\TaniumThreatResponse.dll.sig
  <Tanium Client>\extensions\core\libTaniumPythonCx.dll
  <Tanium Client>\extensions\core\libTaniumPythonCx.dll.sig
  <Tanium Client>\extensions\stream\*.py
  <Tanium Client>\TaniumClientExtensions.dll
  <Tanium Client>\TaniumClientExtensions.dll.sig
  <Tanium Client>\Downloads\Action_nnn\TaniumFileTransfer.exe
  <Tanium Client>\Downloads\Action_nnn\Winpmem.gb414603.exe1
  <Tanium Client>\Tools\IR\TaniumPersistenceAnalyzer.exe
  <Tanium Client>\Tools\IR\PowerForensics\PowerForensics.dll
7.2.x clients <Tanium Client>\Python27\TPython.exe
7.4.x clients <Tanium Client>\Python38\TPython.exe
7.4.x clients <Tanium Client>\Python38\*.dll
  <Tanium Client>\TaniumSensorDebugger.exe
  <Tanium Client>\TaniumCX.exe
  <Tanium Client>\extensions\TaniumDEC.dll
  <Tanium Client>\extensions\TaniumDEC.dll.sig
Linux x86 and x64 endpoints   <Tanium Client>/TaniumAuditPipe
  <Tanium Client>/TaniumCX
  <Tanium Client>/TaniumSensorDebugger
  <Tanium Client>/Tools/EPI/TaniumExecWrapper
  <Tanium Client>/Tools/IR/TaniumExecWrapper
  <Tanium Client>/Tools/EPI/TaniumEndpointIndex
  <Tanium Client>/Tools/Trace/TaniumTraceWebsocketClient
  <Tanium Client>/Tools/Trace/TaniumExecWrapper
  <Tanium Client>/Tools/Detect3/TaniumDetectEngine
7.2.x clients <Tanium Client>/python27/python
7.4.x clients <Tanium Client>/python38/python
  <Tanium Client>/libTaniumClientExtensions.so
  <Tanium Client>/libTaniumClientExtensions.so.sig
  <Tanium Client>/libSupportCX.so
  <Tanium Client>/libSupportCX.so.sig
  <Tanium Client>/extensions/libTaniumThreatResponse.so
  <Tanium Client>/extensions/libTaniumThreatResponse.so.sig
  <Tanium Client>/extensions/libTaniumRecorder.so
  <Tanium Client>/extensions/libTaniumRecorder.dylib.sig
  <Tanium Client>/extensions/recorder/proc.bin
  <Tanium Client>/extensions/recorder/recorder.db
  <Tanium Client>/extensions/recorder/recorder.db-shm
  <Tanium Client>/extensions/recorder/recorder.db-wal
  <Tanium Client>/extensions/recorder/recorder.auditpipe
  <Tanium Client>/extensions/core/libTaniumPythonCx.so
  <Tanium Client>/extensions/core/libTaniumPythonCx.so.sig
  <Tanium Client>/extensions/libTaniumDEC.so
  <Tanium Client>/extensions/libTaniumDEC.so.sig
  <Tanium Client>/extensions/stream/*.py
  <Tanium Client>/Downloads/Action_nnn/surge-collect1,2
1,2 <Tanium Client>/Downloads/Action_nnn/surge.dat
1 <Tanium Client>/Downloads/Action_nnn/linpmem-<version>.bin
1 <Tanium Client>/Downloads/Action_nnn/taniumfiletransfer
macOS endpoints   <Tanium Client>/TaniumCX
  <Tanium Client>/TaniumSensorDebugger
  <Tanium Client>/Tools/EPI/TaniumExecWrapper
  <Tanium Client>/Tools/IR/TaniumExecWrapper
  <Tanium Client>/Tools/EPI/TaniumEndpointIndex
  <Tanium Client>/Tools/Trace/TaniumTraceWebsocketClient
  <Tanium Client>/Tools/Trace/TaniumExecWrapper
  <Tanium Client>/Tools/Detect3/TaniumDetectEngine
7.2.x clients <Tanium Client>/python27/python
7.4.x clients <Tanium Client>/python38/python
  <Tanium Client>/libTaniumClientExtensions.dylib
  <Tanium Client>/libTaniumClientExtensions.dylib.sig
  <Tanium Client>/extensions/libTaniumThreatResponse.dylib
  <Tanium Client>/extensions/libTaniumThreatResponse.dylib.sig
  <Tanium Client>/extensions/libTaniumRecorder.dylib
  <Tanium Client>/extensions/libTaniumRecorder.dylib.sig
  <Tanium Client>/extensions/recorder/proc.bin
  <Tanium Client>/extensions/recorder/recorder.db
  <Tanium Client>/extensions/recorder/recorder.db-shm
  <Tanium Client>/extensions/recorder/recorder.db-wal
  <Tanium Client>/extensions/recorder/recorder.auditpipe
  <Tanium Client>/extensions/core/libTaniumPythonCx.dylib
  <Tanium Client>/extensions/core/libTaniumPythonCx.dylib.sig
  <Tanium Client>/extensions/stream/*.py
  <Tanium Client>/extensions/libTaniumDEC.dylib
  <Tanium Client>/extensions/libTaniumDEC.dylib.sig
  <Tanium Client>/extensions/libSupportCX.dylib
  <Tanium Client>/extensions/libSupportCX.dylib.sig
1,2 <Tanium Client>/Downloads/Action_nnn/surge-collect
1,2 <Tanium Client>/Downloads/Action_nnn/surge.dat
1 <Tanium Client>/Downloads/Action_nnn/osxpmem.app/osxpmem
1 <Tanium Client>/Downloads/Action_nnn/taniumfiletransfer
1 = Where nnn corresponds to the action ID.

2 = Exception is required if Volexity Surge is used for memory collection.

Table 31:   Threat Response security exclusions
Target Device Notes Process
Tanium Zone Server   <Zone Server>\proxy\node.exe
Windows x86 and x64 endpoints   <Tanium Client>\Tools\EPI\TaniumExecWrapper.exe
  <Tanium Client>\Tools\IR\TaniumExecWrapper.exe
  <Tanium Client>\Tools\IR\TanFileInfo.exe
  <Tanium Client>\Tools\IR\TaniumFileInfo.exe
  <Tanium Client>\Tools\IR\TaniumHandle.exe
  <Tanium Client>\Tools\IR\TanListModules.exe
  <Tanium Client>\Tools\EPI\TaniumEndpointIndex.exe
  <Tanium Client>\Tools\Trace\TaniumTraceWebsocketClient.exe
  <Tanium Client>\Tools\Trace\TaniumTraceWebsocketClient64.exe
  <Tanium Client>\Tools\Trace\TaniumExecWrapper.exe
  <Tanium Client>\Tools\recorder\TaniumRecorderCtl.exe
  <Tanium Client>\Tools\Detect3\TaniumDetectEngine.exe
  <Tanium Client>\extensions\TaniumRecorder.dll
  <Tanium Client>\extensions\TaniumRecorder.dll.sig
  <Tanium Client>\extensions\recorder\proc.bin
  <Tanium Client>\extensions\recorder\recorder.db
  <Tanium Client>\extensions\recorder\recorder.db-shm
  <Tanium Client>\extensions\recorder\recorder.db-wal
  <Tanium Client>\extensions\TaniumThreatResponse.dll
  <Tanium Client>\extensions\TaniumThreatResponse.dll.sig
  <Tanium Client>\extensions\core\libTaniumPythonCx.dll
  <Tanium Client>\extensions\core\libTaniumPythonCx.dll.sig
  <Tanium Client>\TaniumClientExtensions.dll
  <Tanium Client>\TaniumClientExtensions.dll.sig
  <Tanium Client>\Downloads\Action_nnn\TaniumFileTransfer.exe
  <Tanium Client>\Downloads\Action_nnn\Winpmem.gb414603.exe1
  <Tanium Client>\Tools\IR\TaniumPersistenceAnalyzer.exe
  <Tanium Client>\Tools\IR\PowerForensics\PowerForensics.dll
7.4.x clients <Tanium Client>\Python38\TPython.exe
7.4.x clients <Tanium Client>\Python38\*.dll
  <Tanium Client>\TaniumSensorDebugger.exe
  <Tanium Client>\TaniumCX.exe
  <Tanium Client>\extensions\TaniumDEC.dll
  <Tanium Client>\extensions\TaniumDEC.dll.sig
Linux x86 and x64 endpoints   <Tanium Client>/TaniumAuditPipe
  <Tanium Client>/TaniumCX
  <Tanium Client>/TaniumSensorDebugger
  <Tanium Client>/Tools/EPI/TaniumExecWrapper
  <Tanium Client>/Tools/IR/TaniumExecWrapper
  <Tanium Client>/Tools/EPI/TaniumEndpointIndex
  <Tanium Client>/Tools/Trace/TaniumTraceWebsocketClient
  <Tanium Client>/Tools/Trace/TaniumExecWrapper
  <Tanium Client>/Tools/Detect3/TaniumDetectEngine
7.4.x clients <Tanium Client>/python38/python
  <Tanium Client>/libTaniumClientExtensions.so
  <Tanium Client>/libTaniumClientExtensions.so.sig
  <Tanium Client>/extensions/libTaniumThreatResponse.so
  <Tanium Client>/extensions/libTaniumThreatResponse.so.sig
  <Tanium Client>/extensions/libTaniumRecorder.so
  <Tanium Client>/extensions/libTaniumRecorder.dylib.sig
  <Tanium Client>/extensions/recorder/proc.bin
  <Tanium Client>/extensions/recorder/recorder.db
  <Tanium Client>/extensions/recorder/recorder.db-shm
  <Tanium Client>/extensions/recorder/recorder.db-wal
  <Tanium Client>/extensions/recorder/recorder.auditpipe
  <Tanium Client>/extensions/core/libTaniumPythonCx.so
  <Tanium Client>/extensions/core/libTaniumPythonCx.so.sig
  <Tanium Client>/extensions/libTaniumDEC.so
  <Tanium Client>/extensions/libTaniumDEC.so.sig
  <Tanium Client>/Downloads/Action_nnn/surge-collect1,2
1,2 <Tanium Client>/Downloads/Action_nnn/surge.dat
1 <Tanium Client>/Downloads/Action_nnn/linpmem-<version>.bin
1 <Tanium Client>/Downloads/Action_nnn/taniumfiletransfer
macOS endpoints   <Tanium Client>/TaniumCX
  <Tanium Client>/TaniumSensorDebugger
  <Tanium Client>/Tools/EPI/TaniumExecWrapper
  <Tanium Client>/Tools/IR/TaniumExecWrapper
  <Tanium Client>/Tools/EPI/TaniumEndpointIndex
  <Tanium Client>/Tools/Trace/TaniumTraceWebsocketClient
  <Tanium Client>/Tools/Trace/TaniumExecWrapper
  <Tanium Client>/Tools/Detect3/TaniumDetectEngine
7.4.x clients <Tanium Client>/python38/python
  <Tanium Client>/libTaniumClientExtensions.dylib
  <Tanium Client>/libTaniumClientExtensions.dylib.sig
  <Tanium Client>/extensions/libTaniumThreatResponse.dylib
  <Tanium Client>/extensions/libTaniumThreatResponse.dylib.sig
  <Tanium Client>/extensions/libTaniumRecorder.dylib
  <Tanium Client>/extensions/libTaniumRecorder.dylib.sig
  <Tanium Client>/extensions/recorder/proc.bin
  <Tanium Client>/extensions/recorder/recorder.db
  <Tanium Client>/extensions/recorder/recorder.db-shm
  <Tanium Client>/extensions/recorder/recorder.db-wal
  <Tanium Client>/extensions/recorder/recorder.auditpipe
  <Tanium Client>/extensions/core/libTaniumPythonCx.dylib
  <Tanium Client>/extensions/core/libTaniumPythonCx.dylib.sig
  <Tanium Client>/extensions/libTaniumDEC.dylib
  <Tanium Client>/extensions/libTaniumDEC.dylib.sig
1,2 <Tanium Client>/Downloads/Action_nnn/surge-collect
1,2 <Tanium Client>/Downloads/Action_nnn/surge.dat
1 <Tanium Client>/Downloads/Action_nnn/osxpmem.app/osxpmem
1 <Tanium Client>/Downloads/Action_nnn/taniumfiletransfer
1 = Where nnn corresponds to the action ID.

2 = Exception is required if Volexity Surge is used for memory collection.

Trends

Table 32:   Trends security exclusions
Target Device Notes Process
Module Server   <Tanium Module Server>\services\twsm-v1\twsm.exe
  <Tanium Module Server>\services\trends\node_modules\@tanium
\postgresql\lib\win32\bin\postgres.exe
  <Tanium Module Server>\services\trends\node_modules\@tanium
\postgresql\lib\win32\bin\pg_ctl.exe

No additional process exclusions are required.