Generally, your antivirus/EDR program will recognize Teramind software without issues. However, if your antivirus blocks the Teramind Agent installation or updates, this guide helps you fix that.

If you still encounter any issues after following this guide, please contact us at [email protected] and a support engineer will help you troubleshoot the problem.

You can download a PDF version of the guide by clicking the button below:

You will need to add the following temporary additional exceptions when installing the Agent remotely (On-Premise) via the Teramind Dashboard:

To make sure Teramind works smoothly, some antivirus/firewall settings need to be checked. Check out this Knowledge Base article to verify the necessary IPs/ports are reachable.

Open Avast Business Antivirus.

Click the Menu at the top right.

Select Settings.

Select the General tab.

Select Exceptions.

Click the ADD EXCEPTION button.

Enter the following file and folder paths one at a time, and click Add Exception:

Repeat Step 3 - Step 4 until all the exceptions are added.

Open BitDefender Total Security.

Go to the Protection tab and click Open under the Antivirus tile.

Click the Settings tab, then Manage exceptions.

In the Manage exceptions window, click + Add an Exception.

Enter each of the following paths and ensure Antivirus and Online Threat Prevention are turned on, then click Save:

Repeat Step 3 to Step 4 until all the exceptions are added.

Close the Manage exceptions window.

Go back to the Protection tab and click Settings under the Firewall tile.

Click the Rules tab.

Make sure the ACCESS option for dwm.exe and svc.exe rules are enabled for Any Network (you can click a rule to expand/collapse it).

If not present, click the Add rule link to add them.

Go back to the Protection tab and click Open under the Advanced Threat Defense tile.

Click the Settings tab and then Manage exceptions.

In the Manage exceptions window, click the + Add an Exception button.

Enter the first exception from the list below:

Make sure Advanced Threat Defense (and all its sub options) is turned on.

Click the Save button.

Repeat Step 9 to Step 10 until all the exceptions are added.

For CrowdStrike Falcon EDR, you will need to add two exclusions. Follow the steps below to add them.

Log into your Flacon Endpoint Security console (for example: https://falcon.crowdstrike.com/).

Open the main menu by clicking the Hamburger icon at the top-left corner.

Select Endpoint security > Exclusions.

Choose an option for the hosts. You can either select All hosts or Group of hosts.

Click the NEXT button.

In the Exclusions screen, click any of the Create exclusion buttons.

Under EXCLUDED FROM, turn on the Detections and preventions option.

In the EXCLUSION PATTERN field, enter the following exclusion:

Then, click the CREATE EXCLUSION button. The exclusion will be added and you will be taken back to the Exclusion screen.

In the Exclusions screen, click the Create exclusion button again.

Under EXCLUDED FROM, turn on the Detections and preventions option.

In the EXCLUSION PATTERN field, enter the following exclusion:

Then, click the CREATE EXCLUSION button.

Open ESET Endpoint Security.

Select Computer from the Setup screen.

Click the Cog Wheel next to Real-time file system protection and select Edit exclusions… from the pull-down menu.

Click the Add button to add the following paths to the Detection exclusions list:

Click the Save button when done.

Setting up Teramind with ESET Cloud Protect is straightforward if you add a few simple exceptions. This will help make sure Teramind and ESET Cloud Protect work together without any conflicts.

Here are the necessary exceptions:

For detailed instructions on adding these exceptions, please refer to ESET's own help guide. You can find it here: ESET’s documentation.

You will also need to create an exclusion based on the Detection Name. To learn how to create this kind of exclusion, check out this section of the ESET documentation.

If you’re using ESET LiveGuard, you’ll want to add these same exceptions to ensure Teramind runs smoothly:

For specific instructions on adding exclusions in ESET LiveGuard, please check out ESET’s documentation here: ESET’s documentation.

Teramind is already on Kaspersky's approved list, so you probably won’t need to make any changes. But, if you run into any problems, here's what you can do:

Open Kaspersky Endpoint Security.

Click the Settings button.

In the Setting screen, choose General Settings from the list on the left side.

Select Exclusions under it.

Click the Settings button on the right side of the Scan exclusions and trusted zone section.

This will take you to the Trusted zone screen.

In the Trusted zone screen, select the Scan exclusions tab.

Click the Add button.

This will open the Scan exclusion window.

In the Scan exclusion pop-up window, turn on File or folder in the Properties section.

Under the Scan exclusion description section, click the select file or folder… link.

Enter the following exclusion:

Enable the Include subfolders option.

Click OK to add the item.

Click OK again to close the Scan exclusion window and return to the Trusted zone screen.

Repeat Step 3 to Step 5 above to add the rest of the exclusions from the list below:

Click OK to return to the Settings window.

Click the Save button to save your changes.

Teramind is on McAfee's approved list, so you usually won't need to make any changes. But, if you still run into any issues, give this a try:

McAfee Endpoint Security usually works well when you install the Teramind Agent. However, when updating the Agent, you might see an event exception. The following instructions will help you fix that issue.

Open McAfee Endpoint Security.

From the main window, click the Status tab.

Select the THREAT PREVENTION option.

This will take you to the Settings panel.

Click the Show Advanced button near the top-right corner.

Scroll down until you find the EXPLOIT PREVENTION option.

Click the EXPLOIT PREVENTION option.

Click the Add button under Exclusions. The Edit Exclusion window will pop-up.

Under Type, select File – Process – Registry.

Add the following in the File name or path… field:

Repeat Step 4 to Step 5 to add the rest of the exceptions:

Log into your Sophos Central portal (e.g., https://central.sophos.com/).

Select My Products > General Settings.

Under the General section, click the Global Exclusions link.

Click the Add Exclusion button in the Global Exclusions screen.

In the Add Exclusion pop-up window, select File or folder (Windows) from the EXCLUSION TYPE pull-down menu.

Enter the following exclusion in the VALUE field:

Select Real-time and scheduled from the ACTIVE FOR pull-down menu.

Click the Add Another button and add the following two exclusions one by one:

Click the Save button to save the exclusions.

Open Sophos Home.

From the main window, click the Settings button. This will open a browser window and you will be taken to the cloud.sophos website.

Select the PROTECTION tab.

Under the Exceptions section, add the following paths:

Teramind is already signed with Microsoft, which means the Teramind Agent is usually excluded from Windows Defender's latest detection list. However, just to be safe and avoid any potential issues, we still recommend adding the following exceptions.

Adding these exceptions will help with most problems you might run into when installing or updating the Teramind Agent. Also, if you notice Windows Defender using a lot of CPU and memory in the Windows Task Manager, then adding the exclusion should help solve that problem too.

Windows Defender is now part of Windows Security in newer versions of Windows. To go directly to Defender's settings, open Virus & threat protection from the Windows Start menu.

Click Manage settings under Virus and threat protection settings.

Scroll until you can find the Exclusions section.

Click Add or remove exclusions under Exclusions.

In the Exclusions window, click the + Add an exclusion button and select the File option. Add the following path:

Repeat the step and add the following path:

Click the + Add an exclusion button for a third time but this time select the Folder option. Add the following folder:

On older versions of Windows Defender, you might see warnings or get blocked when installing or updating the Teramind Agent. You can follow the instructions below to solve these issues. If you still need help, contact our support team at: [email protected].

If you see a Trojan warning/error message, "This program is dangerous and executes commands from an attacker." It usually shows ProtocolFilters.dll as the affected item, but it can get triggered for other files too. It means that you have an older malware definition, or a previous copy of the definition being cached by Windows:

Please follow these steps to clear cached detection and obtain the latest malware definitions:

Type command in the Windows Search Bar. The Command Prompt app should show up on the Windows Menu.

Select the Run as administrator option on the right panel of the menu.

On the command prompt, Type cd c:\Program Files\Windows Defender and press Enter.

Type MpCmdRun.exe -removedefinitions -dynamicsignatures and press Enter. Windows will remove the dynamic signature.

Type MpCmdRun.exe -SignatureUpdate and press Enter. Windows will update your virus definition with the latest signature.

If Windows Defender has already blocked an existing Teramind Agent, you need to restore it. To do so, follow these instructions:

Click the Protection history link in the Virus & threat protection screen.

If you see any Teramind Agent related files (such as tmfsdrv2.sys or tm_filter.sys) or folders (such as {4cec2908-5ce4-48f0-a717-8fc833d8017a}) under the All recent items list, then select those items.

Click the Actions button and select the appropriate action such as Restore to restore the selected files and folder(s).

So far, we haven't seen many AV issues on macOS. But, if you run into any, here are the locations of files/extensions you can use for manual exclusion:

These executables should be whitelisted in your EDR solution:

All these files are located in the following folder: C:\ProgramData\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\<agent version>\<package id>\.

For example:

Note: The <package id> remains the same across all Agent versions. Confirm the correct <package id> and include it in your exceptions. The <agent version> will vary with each Agent update.

Recommendation: It's best to use a wildcard (*) in place of <agent version> to align with your EDR exclusion best practices and accommodate future updates.

For example:

Your EDR may also allow you to use wildcards for the file names.

For example:

Some EDRs also allow you to exclude an entire folder. For those EDRs, you can use something like this: