Reference: Host system security exceptions
Some environments use security software to monitor and block unknown host system processes. Work with your network and security team to whitelist Tanium processes. Define exclusions to allow the Tanium™ platform components to operate smoothly and at optimal performance. Typically, this means configuring the security software to exempt the Tanium™ Client, Tanium™ Server, Tanium™ Module Server, and Tanium™ Zone Server installation directories from real-time inspection as well as setting a policy to ignore I/O from the Tanium binaries.
Table 1 lists Tanium core platform folders that should be excluded from on-access or real-time scans by antivirus or other host-based security applications. The default values are shown. Include subfolders of these locations when you create the exception rules. If you have changed the defaults, create rules based on the actual locations.
If you install Tanium solution modules, there are additional folders to exclude. For a comprehensive list, including solution module requirements, see the Tanium Support Knowledge Base article (login required).
Table 2 lists Tanium Core Platform system processes that must be allowed (not blocked, quarantined, or otherwise processed).
If you install Tanium solution modules, there are additional processes to exclude. For a comprehensive list, including solution module requirements, see the Tanium Support Knowledge Base article (login required).
- If you use Microsoft Group Policy Objects (GPO) or other central management tools to manage host firewalls, you might need to create rules to allow inbound and output TCP traffic across port 17472 on any endpoints to be managed, including the Tanium Server.
- If running McAfee Host Intrusion Prevention System (HIPS), mark the Tanium Client as both "Trusted for Firewall" and "Trusted for IPS", per McAfee KB71704.
- The Tanium Client uses the Windows Update offline scan file, Wsusscn2.cab, to assess computers for installed or missing operating system and application security patches. If your endpoint security solutions scan archive files, refer to the Microsoft KB for information on how to configure those tools to interact appropriately with the Wsusscn2.cab file.
Last updated: 5/22/2018 3:03 PM | Feedback