In most cases, your antivirus software will recognize Teramind as legitimate software and not interfere. However, if you encounter a situation where your antivirus is blocking you from installing or updating the Teramind Agent, this guide will help you troubleshoot the issue.

You can download a PDF version of the guide by clicking the button below:

Add the following if Using the Revealed/Visible Agent:

You will need to add the following temporary additional exceptions when installing the Agent remotely (On-Premise) via the Teramind Dashboard:

Some antivirus/firewall blocks certain IPs/ports that Teramind needs to operate. To learn which servers/IPs/ports you need to check and how, check out this article: How to check if Teramind IP addresses/hosts and ports are reachable.

Open Avast Business Antivirus.

From the main window, click the Menu near the top-right corner.

Select Settings from the menu.

Type the following file and folder paths (one at a time), then click Add Exception:

Repeat Step 3 - Step 4 to add all the exceptions.

Teramind Agent should work normally with Avast Business Antivirus now.

Open BitDefender Total Security.

From your BitDefender Total Security main window, click the Protection tab. You will see several tiles.

Click Open under the Antivirus tile.

Click the Settings tab.

Click Manage exceptions.

A Manage exceptions window will pop-up.

On the Manage exceptions window, click the + Add an Exception button.

Enter the first exceptions from the list of exceptions below:

Make sure Antivirus (and all its sub options such as On-access scan) and Online Threat Prevention are turned on.

Click the Save button.

Repeat Step 3 to Step 4 and add all the exceptions one by one.

Close the Manage exceptions window.

Go back to the Protection tab on the main window.

Click Settings under the Firewall tile.

Click the Rules tab.

Make sure the ACCESS option for dwm.exe and svc.exe rules are enabled for Any Network (you can click on a rule to expand/collapse it).

If you do not see the dwm.exe and svc.exe rules, click the Add rule link to add them.

Go back to the Protection tab on the main window.

Click Open under the Advanced Threat Defense tile.

Click the Settings tab.

Click Manage exceptions.

A Manage exceptions window will pop-up.

On the Manage exceptions window, click the + Add an Exception button.

Enter the first exceptions from the list of exceptions below:

Make sure Advanced Threat Defense (and all its sub options) is turned on.

Click the Save button.

Teramind Agent should work normally with Bitdefender Total Security now.

Open ESET Endpoint Security.

From the main window, click the SETUP menu.

Select Computer from the Setup screen.

Click the Cog Wheel icon at the right side of the item named Real-time file system protection.

From the pull-down menu, select Edit exclusions…

Click the Add button to add the following paths to the Exclusions list:

Click the Save button when done.

Teramind Agent should work normally with ESET Endpoint Security now.

For instructions on how to add exclusion, please check out ESET’s documentation.

You will also need to create an exclusion by Detection Name. To learn how to create such an exclusion, please check out this section of the ESET documentation.

Please use these exclusions:

For instructions on how to add exclusion, please check out ESET’s documentation.

Teramind is whitelisted on Kaspersky, so you shouldn’t need to use any exclusions. However, if you still encounter any issues, try the following:

Open Kaspersky Endpoint Security.

Click the Settings button on the main window.

On the Setting screen, select General Settings from the list of items on the left of the screen.

Select Exclusions under it.

Click the Settings button on the right side of Scan exclusions and trusted zone section.

On the Trusted zone screen, select the Scan exclusions tab

Click the Add button.

On the Scan exclusion pop-up window, turn on the File or folder item on the Properties section.

Under the Scan exclusion description… section, click the select file or folder… link.

Enter the following exclusion:

Enable the Include subfolders option.

Click the OK button to add the item.

Click OK again to close the Scan exclusion window and return to the Trusted zone screen.

Repeat Step 3 to Step 5 above to add the rest of the exclusions from the list below:

Click the OK button to return to the Settings window.

Click the Save button to save your changes.

Teramind Agent should work normally with Kaspersky Endpoint Security now.

Teramind is whitelisted on McAfee, so you shouldn’t need to use any exclusions. However, if you still encounter any issues, try the following:

McAfee Endpoint Security shouldn’t cause any issue when installing the Teramind Agent. However, when updating the agent it might throw up an event exception like this screen. To fix this issue, follow the steps below.

Open McAfee Endpoint Security.

From the main window, click the Status tab.

Select the THREAT PREVENTION option.

Click the Show Advanced button near the top-right corner.

Scroll down until you can see the EXPLOIT PREVENTION option.

Click the EXPLOIT PREVENTION option.

Click the Add button under Exclusions. The Edit Exclusion window will pop-up.

Under type, select File – Process – Registry. Add the following in the File name or path… field:

Repeat Step 4 to Step 5 to add the rest of the exceptions:

Open the Sophos Home antivirus.

From the main window, click the Settings button. This will open a browser window and you will be taken to the cloud.sophos website.

Select the PROTECTION tab.

On the Exceptions section, add the following paths:

Teramind Agent should work normally with Sophos Home now.

Teramind is already signed with Microsoft and as such, Teramind Agent is excluded from the Windows Defender’s latest detection list. However, to avoid potential issues we still recommend you add the following exception.

This will help with most of the issues you may encounter with the Teramind Agent installations or updates. Also, if you notice very high CPU and memory usage by Windows Defender on the Windows Task Manager, then adding the exclusion should solve the problem.

Windows Defender is part of Windows Security in the newer versions of Windows. To go to the Defender’s settings directly, open Virus & threat protection from the Windows Start menu.

Click Manage settings under Virus and threat protection settings.

Click Manage settings under Virus and threat protection settings.

On the Exclusions window, click the + Add an exclusion button and select the File option. Add the following path:

Repeat the step and add the following path:

Click the + Add an exclusion button for a third time but this time select the Folder option. Add the following folder:

On older version of Windows Defender, you might see warnings or get blocked when installing or updating the Teramind Agent. You can follow the instructions below to solve these issues. If you still need help, contact us at: [email protected].

If you see an Trojan warning/error message, "This program is dangerous and executes commands from an attacker.". Usually it shows ProtocolFilters.dll as the affected items, but it can get triggered for other files too:

It means that you have an older malware definition, or a previous copy of the definition being cached by Windows.

Please follow the steps below to clear cached detection and obtain the latest malware definitions:

Type command in the Windows Search Bar. The Command Prompt app should show up on the Windows Menu.

Select the Run as administrator option on the right panel of the menu.

On the command prompt, Type cd c:\Program Files\Windows Defender and press Enter.

Type MpCmdRun.exe -removedefinitions -dynamicsignatures and press Enter. Windows will remove the dynamic signature.

Type MpCmdRun.exe -SignatureUpdate and press Enter. Windows will update your virus definition with the latest signature.

If Windows Defender has already blocked an existing Teramind Agent, you need to restore it. To do so, follow these instructions:

Click the Protection history link on the Virus & threat protection screen.

If you see any Teramind Agent related files (such as tmfsdrv2.sys or tm_filter.sys) or folders (such as {4cec2908-5ce4-48f0-a717-8fc833d8017a}) under the All recent items list, then select those items.

Click the Actions button and select the appropriate action such as Restore to restore the selected files and folder(s).

We haven’t encountered any AV issues in Mac so far. But in case you face any issues, here are the locations of files/extensions you can use to consider for manual exclusion:

The System Extensions Paths:

Network Extension Paths:

Endpoint Security Extension Paths:

Revealed Agent Path

The following executables should be whitelisted in your EDR:

All these files are located in the following folder: C:\ProgramData\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\<agent version>\<package id>\.

For example:

Please note that <package id> remains the same across all Agent versions. Confirm the correct <package id> and include it in your exceptions. The <agent version> will vary with each Agent update.

It is recommended to use a wildcard (*) in place of <agent version> to align with your EDR exclusion best practices and accommodate future updates.

For example:

Your EDR may allow you to use wildcards for the file names.

For example:

Some EDRs also allow you to exclude an entire folder. For those EDRs, you can use something like this: