Antivirus Exclusions

For Privilege Manager users, we recommend several anti-virus exclusions to maintain application performance and integrity. These guidelines apply to both real time and on-demand antivirus scanning.

Directories

Exclude these directories from your antivirus filters to ensure Privilege Manager processes will not be blocked (or for a more granular approach to these exclusions, see the Client Item Database and Privilege Manager Application Control Agent Services sections at the end of this article):

Copy
%ProgramData%\Arellia\
%ProgramData%\Application Data\Arellia
%ProgramFiles%\Thycotic\

Exclusions for Web Server

Exclude the following antivirus programs for Privilege Manager's web server, also sometimes TMS:

Temporary ASP.NET Files

Exclude the following directory to prevent degradation in performance and possible unexpected restarts of the Tms and TmsWorker IIS application pools:

%SYSTEMROOT%\Microsoft.NET\Framework64\v4.0.30319\Temporary ASP.NET Files

Exclusions for Database Server

Exclude the following database files.

SQL Server Data Files

These files contain data and typically have the following extensions:

  • .mdf - primary data filegroups
  • .ndf - secondary data filegroups
  • .ldf - transaction log filegroups

SQL Server Backup Files

These files contain the backup files and typically have the following extensions:

  • .bak - database backup files
  • .trn - transaction log backup files

By default, the directories that contain the Data and Backup files are located under C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL.

SQL profiler trace files

These files contain SQL Profiler Trace log data and can be contained in any folder.

They usually have the file extension .trc.

Exclusions for Managed Workstations

Windows Agents

Exclude the following for managed workstations.

Request Run As Administrator Registry Key

Privilege Manager Application Control installs a context menu item that allows executables to be "Request Run as Administrator."

This context menu is added under the following registry key which some antivirus programs incorrectly flag as malware:

HKLM\SOFTWARE\Classes\exefile\Shell

Client Item Database

These directories contain the Delinea Agent client item database and should be excluded from antivirus to prevent corruption:

  • %ProgramData%\Arellia\ClientItems
  • %ProgramData%\Application Data\Arellia

If required, you can further limit this exclusion to all files with the .db and .db-* extensions under this location.

Privilege Manager Application Control Agent Service

Some antivirus products require that the Privilege Manager Application Control service be excluded from tamper protection rules because Application Control manipulates other applications which antivirus products may mistake as malicious.

C:\Program Files\Thycotic\Agents\ApplicationControl\ArelliaACSvc.exe

macOS Agents

Depending on which version of the macOS agent is used, different directories can be excluded.

macOS Agent, version 11.3.3.1 and later

Exclude these directories from your antivirus filters to ensure Privilege Manager processes will not be blocked:

/Library/Application Support/Delinea/Agent
/usr/local/delinea/quarantine (if the quarantine feature is being used)

macOS Agent before version 11.3.3

For older versions of the agent, these directories should be excluded:

/Library/Application Support/Thycotic/Agent/usr/local/thycotic/agent
/usr/local/thycotic/quarantine (if the quarantine feature is being used)