Kace Directories - For AntiVirus Exceptions
I'm looking for directories that should be in our AV exception lists. I've got the directories below...anyone got others they use that I'm missing? We use Vipre, FYI.
C:\ProgramData\Dell\KACE
C:\Program Files (x86)\Dell\KACE
C:\Program Files\Dell\KACE
Answers (1)
I haven't seen any official documenation for whitelisting/exception lists, but here is the list I have put together for 5.3 and above:
Folders that may need to be whitelisted in AV:
C:\Program Files\Dell and C:\Program Files (x86)\Dell
C:\ProgramData\Dell (Vista + Win7 + W2K8)
C:\Documents and Settings\All Users\Dell\KACE (Win XP – W2K – W2K3)
C:\Windows\Temp
C:\WINDOWS\SoftwareDistribution
Files that may need to be whitelisted:
AMPAgent.exe ------------ (Agent Messaging Protocol) is a persistent connection to the appliance using TCP port 52230. It is used for Desktop Alerts, Run-Now scripts, Patching, and Inventory.
AMPKickstart.exe -------- Used to restart the AMP agent service after a crash
AMPTools.exe ----------- Used to restart agent, resetconf, run agent in debug mode, force a reboot etc…
KCopy.exe -------------- Used to download and upload items from and to the kbox (inventory.xml etc.)
KDeploy.exe ------------ Used to deploy software packages, custom inventory etc…
KInventory.exe --------- Used to run inventory (including manually running inventory for troubleshooting purposes)
KLaunch.exe --------- Used to launch applications for scripts and desktop alerts.
KLaunchSvc.exe --------- Deployed on a remote machine to launch applications on the remote machine.
kpatch.exe ------------ Used for patching
KUserAlert.exe --------- Used to display popups, alerts, and message windows created by scripts
runkbot.exe ------------ Used to run built-in and custom scripts such as inventory, managed installs, file syncs, etc...
cabarc.exe ------------- Used for patching (Microsoft utility)
mcescan.exe ------------ Used for patching (Microsoft utility)
qchain.exe ------------- Used for patching (Microsoft utility)
envprep.exe ------------ Used for patching
KBRemoteService.exe ---- Used during installing and uninstalling the agent
KSMeter.exe ------------ Used in software metering
ShortcutCreator.exe ---- Used to create shortcuts by running a script on the Kbox UI
ovaldi.exe ------------- Is an open-source local vulnerability assessment scanner used to scan a computer for vulnerabilities.
kbq2.exe --------------- Used to control network access by the Quarantine Security policy script.
KontainerUpdater.exe --- Used for applying local updates to the Kace product files on a client system.
Process(s) that are always running:
AMPAgent.exe ------------------------ (Agent Messaging Protocol) is a persistent connection to the appliance using TCP port 52230. It is used for Desktop Alerts, Run-Now scripts, Patching, and Inventory
Winvnc.exe - If VNC is installed ---- Used for remote control
Services:
Name: Dell KACE Agent
Filename: AMPAgent.exe
Name: uvnc_service
Filename: WinVNC.exe
Registry Keys that may need to be whitelisted:
HKEY_LOCAL_MACHINE\SOFTWARE\Dell
HKEY_LOCAL_MACHINE\SOFTWARE\Patchlink.com
HKEY_LOCAL_MACHINE\SOFTWARE\Lumension
