I'm looking for directories that should be in our AV exception lists. I've got the directories below...anyone got others they use that I'm missing? We use Vipre, FYI.

 

C:\ProgramData\Dell\KACE

C:\Program Files (x86)\Dell\KACE

C:\Program Files\Dell\KACE

 

Answer Summary:
Cancel
0 Comments   [ + ] Show Comments

Comments

Please log in to comment

Answers

4

I haven't seen any official documenation for whitelisting/exception lists, but here is the list I have put together for 5.3 and above:

Folders that may need to be whitelisted in AV:

C:\Program Files\Dell and C:\Program Files (x86)\Dell
C:\ProgramData\Dell (Vista + Win7 + W2K8)
C:\Documents and Settings\All Users\Dell\KACE (Win XP – W2K – W2K3)
C:\Windows\Temp
C:\WINDOWS\SoftwareDistribution

Files that may need to be whitelisted:

AMPAgent.exe ------------ (Agent Messaging Protocol) is a persistent connection to the appliance using TCP port 52230. It is used for Desktop Alerts, Run-Now scripts, Patching, and Inventory.

AMPKickstart.exe -------- Used to restart the AMP agent service after a crash

AMPTools.exe ----------- Used to restart agent, resetconf, run agent in debug mode, force a reboot etc…

KCopy.exe -------------- Used to download and upload items from and to the kbox (inventory.xml etc.)

KDeploy.exe ------------ Used to deploy software packages, custom inventory etc…

KInventory.exe --------- Used to run inventory (including manually running inventory for troubleshooting purposes)

KLaunch.exe --------- Used to launch applications for scripts and desktop alerts.

KLaunchSvc.exe --------- Deployed on a remote machine to launch applications on the remote machine.

kpatch.exe ------------ Used for patching

KUserAlert.exe --------- Used to display popups, alerts, and message windows created by scripts

runkbot.exe ------------ Used to run built-in and custom scripts such as inventory, managed installs, file syncs, etc...

cabarc.exe ------------- Used for patching (Microsoft utility)

mcescan.exe ------------ Used for patching (Microsoft utility)

qchain.exe ------------- Used for patching (Microsoft utility)

envprep.exe ------------ Used for patching

KBRemoteService.exe ---- Used during installing and uninstalling the agent

KSMeter.exe ------------ Used in software metering

ShortcutCreator.exe ---- Used to create shortcuts by running a script on the Kbox UI

ovaldi.exe ------------- Is an open-source local vulnerability assessment scanner used to scan a computer for vulnerabilities.

kbq2.exe --------------- Used to control network access by the Quarantine Security policy script.

KontainerUpdater.exe --- Used for applying local updates to the Kace product files on a client system.


Process(s) that are always running:

AMPAgent.exe ------------------------ (Agent Messaging Protocol) is a persistent connection to the appliance using TCP port 52230. It is used for Desktop Alerts, Run-Now scripts, Patching, and Inventory

Winvnc.exe - If VNC is installed ---- Used for remote control

Services:
Name: Dell KACE Agent
Filename: AMPAgent.exe

Name: uvnc_service
Filename: WinVNC.exe


Registry Keys that may need to be whitelisted:

HKEY_LOCAL_MACHINE\SOFTWARE\Dell
HKEY_LOCAL_MACHINE\SOFTWARE\Patchlink.com
HKEY_LOCAL_MACHINE\SOFTWARE\Lumension

Answered 01/21/2013 by: jknox
Red Belt

Please log in to comment
Answer this question or Comment on this question for clarity