Other versions

Reference: Host system security exceptions

Some environments use security software to monitor and block unknown host system processes. Work with your network and security team to whitelist Tanium processes. Define exclusions to allow the Tanium™ Core Platform components to operate smoothly and at optimal performance. Typically, this means configuring the security software to exempt the Tanium™ Client, Tanium™ Server, Tanium™ Module Server, and Tanium™ Zone Server installation directories from real-time inspection as well as setting a policy to ignore I/O from the Tanium binaries.

Folders

Table 1 lists Tanium Core Platform folders (default locations) that antivirus or other host-based security applications must exclude from on-access or real-time scans. Include subfolders of these locations when you create the exception rules. If you changed the defaults, create rules based on the actual locations.

Table 1:   Tanium Core Platform folders
Component OS Installation Folder
Tanium Server Windows 64-bit \Program Files\Tanium\Tanium Server\
Tanium Module Server Windows 64-bit \Program Files\Tanium\Tanium Module Server\
Tanium Zone Server / Zone Server Hub
Windows 64-bit \Program Files (x86)\Tanium\Tanium ZoneServer\
Tanium Client Windows 32-bit \Program Files\Tanium\Tanium Client\
Windows 64-bit \Program Files (x86)\Tanium\Tanium Client\
macOS /Library/Tanium/TaniumClient
Linux, UNIX /opt/Tanium/TaniumClient

System processes

Table 2 lists Tanium Core Platform system processes that must be allowed (not blocked, quarantined, or otherwise processed).

Table 2:   Tanium Core Platform processes
Component Process
Tanium Server TaniumReceiver.exe
Tanium Module Server 7za.exe (Windows)
TaniumModuleServer.exe
Tanium Zone Server / Zone Server Hub TaniumZoneServer.exe
Tanium Client
  • All files in the <Tanium_Client_installation_folder>\Tools\StdUtils folder (Windows, macOS, Linux)
  • distribute-tools.sh (macOS, Linux)
  • TaniumClient (macOS, Linux, UNIX)
  • taniumclient (macOS, Linux, UNIX)
  • TaniumClient.exe (Windows)

Notes:

  • If you use Microsoft Group Policy Objects (GPO) or other central management tools to manage host firewalls, you might need to create rules to allow inbound and output TCP traffic across port 17472 on any endpoints to be managed, including the Tanium Server.
  • If running McAfee Host Intrusion Prevention System (HIPS), mark the Tanium Client as both "Trusted for Firewall" and "Trusted for IPS", per McAfee KB71704.
  • The Tanium Client uses the Windows Update offline scan file, Wsusscn2.cab, to assess computers for installed or missing operating system and application security patches. If your endpoint security solutions scan archive files, refer to the Microsoft KB for information on how to configure those tools to interact appropriately with the Wsusscn2.cab file.

Solution module folders and processes

If you install Tanium solution modules, there are additional processes to exclude on the Module Server or Tanium Client. Refer to the solution module documentation for details.

Table 3:   Solution module exclusions
Module Link
Asset User Guide
Comply User Guide
Connect User Guide
Deploy User Guide
Detect User Guide
Discover User Guide
Health Check User Guide
Incident Response User Guide
Integrity Monitor User Guide
Interact The host and network security requirements for the Tanium Core Platform also apply to the Interact module.
Map User Guide
Network Quarantine User Guide
Patch User Guide
Protect User Guide
Reveal User Guide
Threat Response User Guide
Trace User Guide
Trends User Guide

To get a combined reference of Tanium Core Platform and solution module folders and processes on one page, go to the Tanium Support Knowledge Base article (login required).

Last updated: 2/13/2019 2:32 PM | Feedback