Reputation and Permission Recommendations in VMware Carbon Black Cloud

Summary: When VMware Carbon Black Cloud is running, applications that are run on the endpoints may have requirements to have specific exclusions for anti-virus solutions. Below are the recommendations for Dell developed applications. ...

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

Note:

Affected Products:

  • VMware Carbon Black Cloud
  • Dell Endpoint Security Suite Enterprise
  • Dell Encryption
  • Dell Security Management Server
  • CrowdStrike
  • Secureworks RedCloak
  • Dell Command | Update
  • Dell Update

Table of Contents:

Below are the recommendations for Reputation and Permissions that can be entered with VMware Carbon Black Cloud to ensure proper functionality between VMware Carbon Black and the associated application.

Note:

McAfee Endpoint Security

McAfee Permission Rules

The items below should be added in as permissions with the operation attempt of Performs any Operation with the action of Bypass.

*:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
*:\Program Files*\McAfee\Common Framework\x86\macompatsvc.exe
*:\Program Files*\McAfee\Common Framework\macmnsvc.exe
*:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
*:\Program Files\McAfee\Endpoint Security\Adaptive threat Protection\mfeatp.exe
*:\Program Files*\McAfee\Common Framework\MCTRAY.exe
*:\Program Files\Common Files\McAfee\AVSolution\MCSHIELD.exe
*:\Program Files*\McAfee\Common Framework\UPDATERUI.exe
*:\Program Files\Common Files\McAfee\SystemCore\MFECANARY.exe
*:\Windows\system32\drivers\mfe*
*:\Program Files*\McAfee\Endpoint Security\Threat Prevention\MFEENSPPL.exe
*:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
*:\Program Files\Common Files\McAfee\SystemCore\MFEFIRE.exe
*:\Program Files\McAfee\Endpoint Security\Endpoint Security Platform\MFEESP.exe
*:\ProgramData\McAfee\**
*:\Program Files*\McAfee\Endpoint Security\Endpoint Security Platform\MFECONSOLE.exe
*:\Program Files\McAfee\Endpoint Security\Threat Prevention\MFETP.exe
*:\Program Files*\McAfee\Common Framework\masvc.exe
*:\Program Files\McAfee\Endpoint Security\Firewall\MFEFW.exe
*:\ProgramData\McAfeeTmpInstall_Common\**
*:\ProgramData\McAfeeTmpInstall_Common_Conflict\**
*:\Windows\System32\mfe*
*:\Program Files\Dell\Dell Data Protection\Threat Prevention\*
*:\Program Files\McAfee\Endpoint Security\Endpoint Security Platform\ensmgmt.dll

Back to Top

McAfee Certificate Reputation List

The items below should be added in as reputations with the type of Certs within the Approved List.

Signed by: McAfee Inc. 
        Certificate Authority: VeriSign Class 3 Code Signing 2010 CA

Signed by: McAfee Inc. 
        Certificate Authority: Symantec Class 3 SHA256 Code Signing CA

Signed by: McAfee LLC 
        Certificate Authority: GlobalSign CodeSigning CA - G3

Back to Top

CrowdStrike

CrowdStrike Bypass List

The items below should be added in as permissions with the operation attempt of Performs any Operation with the action of Bypass.

*:\Windows\System32\drivers\Crowdstrike\*
*:\Program Files*\CrowdStrike\CSFalconContainer.exe

Back to Top

CrowdStrike Certificate List

The items below should be added in as reputations with the type of Certs within the Approved List.

Signed by: CrowdStrike Inc. 
        Certificate Authority: DigiCert Assured ID Code Signing CA-1

Signed by: CrowdStrike Inc. 
        Certificate Authority: DigiCert SHA2 Assured ID Code Signing CA

Back to Top

Dell Security Management Server

Dell Security Management Server Bypass Requirements

The items below should be added in as permissions with the operation attempt of Performs any Operation with the action of Bypass.

*:\Program Files*\Dell\postgresql\*\bin\postgres*.exe
*:\Program Files*\Dell\PostgreSQL\*\pgAdmin*\bin\pgAdmin*.exe
*:\Program Files*\Dell\postgresql\postgresql*.exe
*:\Program Files*\Dell\Enterprise Edition\**
*:\Program Files\Dell\postgresql\**\pg_*.exe

Back to Top

Dell Security Management Server Certificate Reputation List Requirements

No reputation modifications are required.

Back to Top

CylancePROTECT

Cylance Bypass Rules

The items below should be added in as permissions with the operation attempt of Performs any Operation with the action of Bypass.

*:\ProgramData\Cylance\Desktop\*
*:\ProgramData\Cylance\Desktop\q\*
*:\Program Files*\Cylance\Desktop\*

Back to Top

Cylance Certificate Reputation List

The items below should be added in as reputations with the type of Certs within the Approved List.

Signed by: Cylance Inc. 
        Certificate Authority: Thawte Code Signing CA - G2

Signed by: Cylance Inc. 
        Certificate Authority: thawte SHA256 Code Signing CA - G2

Signed by: Cylance Inc. 
        Certificate Authority: DigiCert High Assurance Code Signing CA-1

Back to Top

Dell Encryption

Dell Encryption Bypass Requirements

The items below should be added in as permissions with the operation attempt of Performs any Operation with the action of Bypass.

*:\program files*\dell\dell data protection\encryption\**
*:\programdata\dell\dell data protection\**
*:\**\creddb*.cef
*:\**\CEF*.TBD
*:\**\CEF*.SOW
*:\**\CEF*.TMP

Back to Top

Dell Encryption Certificate Reputation List Requirements

No reputation modifications are required.

Back to Top

Windows Defender

Windows Defender Bypass Requirements

The items below should be added in as permissions with the operation attempt of Performs any Operation with the action of Bypass.

**\ProgramData\Microsoft\Windows Defender\**
**\Program Files*\Windows Defender Advanced Threat Protection\**

Back to Top

Secureworks Red Cloak Agent

Secureworks Red Cloak Bypass Requirements

The items below should be added in as permissions with the operation attempt of Performs any Operation with the action of Bypass.

*:\Program Files*\Dell SecureWorks\Red Cloak\authtap*
*:\Program Files*\Dell SecureWorks\Red Cloak\changeling*
*:\Program Files*\Dell SecureWorks\Red Cloak\cyclorama*
*:\Program Files*\Dell SecureWorks\Red Cloak\groundling*
*:\Program Files*\Dell SecureWorks\Red Cloak\inspector*
*:\Program Files*\Dell SecureWorks\Red Cloak\lacuna*
*:\Program Files*\Dell SecureWorks\Red Cloak\procwall*
*:\Program Files*\Dell SecureWorks\Red Cloak\redcloak.exe

Back to Top

BitDefender

BitDefender Bypass Requirements

The items below should be added in as permissions with the operation attempt of Performs any Operation with the action of Bypass.

*:\Program Files\Bitdefender\Endpoint Security\**
*:\ProgramData\Bitdefender\**
*:\Windows\system32\drivers\bddci.sys
*:\Windows\system32\drivers\bdfndisf6.sys

Back to Top

Dell Update, Alienware Update, Dell Command Update, Dell Optimizer, and Dell Precision Optimizer

Dell Update, Alienware Update, and Dell Command Update Bypass List

The items below should be added in as permissions with the operation attempt of Performs any Operation with the action of Bypass.

*:\Windows\Temp\*\sierra_multipnp\**
*:\Windows\Temp\*\idt_x3\**
*:\Windows\Temp\*\wwan_5565_drvr\**
*:\Windows\Temp\*\intel_lom\**
*:\Windows\Temp\*\ddpa\**
*:\Users\*\appdata\local\temp\*\supportassistinstaller.exe
*:\program files\*\dell\updateservice\service\invcol.exe
*:\Windows\temp\temp\btcache\install.exe
*:\Windows\temp\*\intel\dch\fwupdatecmd.exe
*:\Program Files*\Dell\SysMgt\dsia\bin\**
*:\windows\temp\supportassistagent\launcherautoupdate\*

Back to Top

Microsoft Client Applications

Microsoft Teams

The items below should be added in as permissions with the operation attempt of Performs any Operation with the action of Bypass.

*\Users\*\AppData\Local\Microsoft\Teams\current\teams.exe
*:\Users\*\AppData\Local\Microsoft\Teams\update.exe
*:\Users\*\AppData\Local\Microsoft\Teams\stage\squirrel.exe

Back to Top

Microsoft Application Servers

Exchange

The items below should be added in as permissions with the operation attempt of Performs any Operation with the action of Bypass.

*:\Windows\System32\dsamain.exe
*:\Windows\System32\inetinfo.exe
*:\Program Files\Microsoft\Exchange Server\*\Bin\*
*:\Program Files\Microsoft\Exchange Server\*\FIP-FS\Bin\*
*:\Program Files\Microsoft\Exchange Server\*\TransportRoles\agents\Hygiene\*
*:\Program Files\Microsoft\Exchange Server\*\FrontEnd\PopImap\*
*:\Program Files\Microsoft\Exchange Server\*\FrontEnd\CallRouter\*
*:\Program Files\Microsoft\Exchange Server\*\Bin\Search\Ceres\**
*:\Program Files\Microsoft\Exchange Server\*\ClientAccess\Owa\Bin\DocumentViewing\*
Note: The recommendations in the section above are for general environments and may not properly align with your deployment.

Back to Top

SQL

The items below should be added in as permissions with the operation attempt of Performs any Operation with the action of Bypass.

**\*.mdf
**\*.ldf
**\*.ndf
*:\Program Files*\Microsoft SQL Server\**
Note: The recommendations in the section above are for general environments and may not properly align with your deployment.

Back to Top

The items below should be added in as permissions with the operation attempt of Performs any Operation with the action of Bypass.

*:\Windows\SoftwareDistribution\Datastore\*\tmp.edb
*:\Windows\SoftwareDistribution\Datastore\*\Datastore.edb
*:\Windows\NTDS\ntds.dit
*:\Windows\NTDS\ntds.pat
*:\Windows\NTDS\EDB*.log
*:\Windows\NTDS\edb.chk
*:\Windows\NTDS\Res*.log
*:\Windows\NTDS\Ntds*.log
*:\Windows\NTDS\TEMP.edb
Note: The recommendations in the section above are for general environments and may not properly align with your deployment.

Back to Top

Hyper-V

The items below should be added in as permissions with the operation attempt of Performs any Operation with the action of Bypass.

**\*.vhd
**\*.vhdx
**\*.avhd
**\*.avhdx
**\*.vhds
**\*.vhdpmem
**\*.iso
**\*.rct
**\*.vsv
**\*.bin
**\*.vmcx
**\*.vmrs
**\*.vmgs
*:\ProgramData\Microsoft\Windows\Hyper-V\*
*:\Users\Public\Documents\Hyper-V\Virtual Hard Disks\*
*:\ProgramData\Microsoft\Windows\Hyper-V\Snapshots\*
*:\Windows\System32\Vmms.exe
*:\Windows\System32\Vmwp.exe
*:\Windows\System32\Vmsp.exe
*:\Windows\System32\Vmcompute.exe
Note: The recommendations in the section above are for general environments and may not properly align with your deployment.

Back to Top

All Windows Servers

The items below should be added in as permissions with the operation attempt of Performs any Operation with the action of Bypass.

*:\Windows\SoftwareDistribution\Datastore\*\tmp.edb
*:\Windows\SoftwareDistribution\Datastore\*\Datastore.edb
*:\Windows\SoftwareDistribution\Datastore\*\edb.chk
*:\Windows\SoftwareDistribution\Datastore\*\edb\*.log
*:\Windows\SoftwareDistribution\Datastore\*\Edb\*.jrs
*:\Windows\SoftwareDistribution\Datastore\*\Res\*.log
*:\Windows\Security\database\*.chk
*:\Windows\Security\database\*.jrs
*:\Windows\Security\database\*.edb
*:\Windows\Security\database\*.log
*:\Windows\Security\database\*.sdb
*:\Windows\System32\GroupPolicy\Machine\registry.pol
*:\Windows\System32\GroupPolicy\User\registry.pol
*:\Windows\System32\ServerManager.exe
*:\Windows\CCM\SCClient.exe

Back to Top

Note: The recommendations in the section above are for general environments and may not properly align with your deployment.

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Affected Products

Dell Command | Update, CrowdStrike, Dell Encryption, Dell Endpoint Security Suite Enterprise, Dell Update, Secureworks, VMware Carbon Black
Article Properties
Article Number: 000189281
Article Type: How To
Last Modified: 02 Jul 2024
Version:  16
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.