/build/static/layout/Breadcrumb_cap_w.png

Kace Directories - For AntiVirus Exceptions

I'm looking for directories that should be in our AV exception lists. I've got the directories below...anyone got others they use that I'm missing? We use Vipre, FYI.

 

C:\ProgramData\Dell\KACE

C:\Program Files (x86)\Dell\KACE

C:\Program Files\Dell\KACE

 

Asked 11 years ago 10520 views
0 Comments   [ + ] Show comments

Answers (1)

Answer Summary:
Posted by: jknox 11 years ago
Red Belt
4

I haven't seen any official documenation for whitelisting/exception lists, but here is the list I have put together for 5.3 and above:

Folders that may need to be whitelisted in AV:

C:\Program Files\Dell and C:\Program Files (x86)\Dell
C:\ProgramData\Dell (Vista + Win7 + W2K8)
C:\Documents and Settings\All Users\Dell\KACE (Win XP – W2K – W2K3)
C:\Windows\Temp
C:\WINDOWS\SoftwareDistribution

Files that may need to be whitelisted:

AMPAgent.exe ------------ (Agent Messaging Protocol) is a persistent connection to the appliance using TCP port 52230. It is used for Desktop Alerts, Run-Now scripts, Patching, and Inventory.

AMPKickstart.exe -------- Used to restart the AMP agent service after a crash

AMPTools.exe ----------- Used to restart agent, resetconf, run agent in debug mode, force a reboot etc…

KCopy.exe -------------- Used to download and upload items from and to the kbox (inventory.xml etc.)

KDeploy.exe ------------ Used to deploy software packages, custom inventory etc…

KInventory.exe --------- Used to run inventory (including manually running inventory for troubleshooting purposes)

KLaunch.exe --------- Used to launch applications for scripts and desktop alerts.

KLaunchSvc.exe --------- Deployed on a remote machine to launch applications on the remote machine.

kpatch.exe ------------ Used for patching

KUserAlert.exe --------- Used to display popups, alerts, and message windows created by scripts

runkbot.exe ------------ Used to run built-in and custom scripts such as inventory, managed installs, file syncs, etc...

cabarc.exe ------------- Used for patching (Microsoft utility)

mcescan.exe ------------ Used for patching (Microsoft utility)

qchain.exe ------------- Used for patching (Microsoft utility)

envprep.exe ------------ Used for patching

KBRemoteService.exe ---- Used during installing and uninstalling the agent

KSMeter.exe ------------ Used in software metering

ShortcutCreator.exe ---- Used to create shortcuts by running a script on the Kbox UI

ovaldi.exe ------------- Is an open-source local vulnerability assessment scanner used to scan a computer for vulnerabilities.

kbq2.exe --------------- Used to control network access by the Quarantine Security policy script.

KontainerUpdater.exe --- Used for applying local updates to the Kace product files on a client system.


Process(s) that are always running:

AMPAgent.exe ------------------------ (Agent Messaging Protocol) is a persistent connection to the appliance using TCP port 52230. It is used for Desktop Alerts, Run-Now scripts, Patching, and Inventory

Winvnc.exe - If VNC is installed ---- Used for remote control

Services:
Name: Dell KACE Agent
Filename: AMPAgent.exe

Name: uvnc_service
Filename: WinVNC.exe


Registry Keys that may need to be whitelisted:

HKEY_LOCAL_MACHINE\SOFTWARE\Dell
HKEY_LOCAL_MACHINE\SOFTWARE\Patchlink.com
HKEY_LOCAL_MACHINE\SOFTWARE\Lumension

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ