Antivirus Configuration Overview
In most cases, your antivirus software will recognize Teramind as legitimate software and not interfere. However, if you encounter a situation where your antivirus is blocking you from installing or updating the Teramind Agent, this guide will help you troubleshoot the issue.
You can download a PDF version of the guide by clicking the button below:
Main Exceptions
Add to Both Cloud and On-Premise Deployments:
c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}c:\windows\system32\drivers\tmfsdrv2.sys
c:\windows\system32\drivers\tm_filter.sys
Add the following if Using the Revealed/Visible Agent:
c:\ProgramData\Teramind Agent
Disable any network and web filtering/inspection modules in your antivirus program. These modules may interfere with Teramind and cause connectivity problems on the users' computers. They might also make some Teramind features not work properly.
Temporary Exceptions
Add to Both Cloud and On-Premise Deployments:
c:\windows\system32\drivers\set*.tmp
c:\windows\temp\*.tmp
c:\windows\installer\*.*
In most cases you can remove the temporary exception after installing the Agent. However, if you have a Cloud deployment and auto-update enabled, then we suggest you keep the exceptions. Otherwise, the AV might block the update package from installing.
Add to On-Premise Deployments Only:
You will need to add the following temporary additional exceptions when installing the Agent remotely (On-Premise) via the Teramind Dashboard:
%windir%\*.exe
Remove these exceptions once the Agent installation/update is done.
If you already have the Teramind Agent installed, after adding the exceptions, please remove the Agent and reinstall it.
Checking Server IP Addresses and Ports
Some antivirus/firewall blocks certain IPs/ports that Teramind needs to operate. To learn which servers/IPs/ports you need to check and how, check out this article: How to check if Teramind IP addresses/hosts and ports are reachable.
Avast Business Antivirus
Step 1: Accessing the Menu
Open Avast Business Antivirus.
From the main window, click the Menu near the top-right corner.
Step 2: Accessing the Settings
Select Settings from the menu.
Step 3: Accessing the General Exceptions Settings
Step 4: Adding the Exceptions
Type the following file and folder paths (one at a time), then click Add Exception:
c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}\c:\windows\system32\drivers\tmfsdrv2.sys
c:\windows\system32\drivers\tm_filter.sys
Teramind Agent should work normally with Avast Business Antivirus now.
BitDefender Total Security
Step 1: Accessing the Antivirus Settings
Open BitDefender Total Security.
From your BitDefender Total Security main window, click the Protection tab. You will see several tiles.
Click Open under the Antivirus tile.
Step 2: Managing the Antivirus Exceptions
Click the Settings tab.
Click Manage exceptions.
A Manage exceptions window will pop-up.
Step 3: Adding the Antivirus Exceptions
On the Manage exceptions window, click the + Add an Exception button.
Step 4: Changing the Antivirus Exceptions Options
Enter the first exceptions from the list of exceptions below:
c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}\c:\windows\system32\drivers\tmfsdrv2.sys
c:\windows\system32\drivers\tm_filter.sys
Make sure Antivirus (and all its sub options such as On-access scan) and Online Threat Prevention are turned on.
Click the Save button.
Close the Manage exceptions window.
The above settings should be enough for the Teramind Revealed Agent to work properly. However, if you have a Hidden Agent installed, please follow the additional steps below.
Step 5: Accessing the Firewall Settings
Go back to the Protection tab on the main window.
Click Settings under the Firewall tile.
Step 6: Adding the Firewall Rules
Click the Rules tab.
Make sure the ACCESS option for dwm.exe and svc.exe rules are enabled for Any Network (you can click on a rule to expand/collapse it).
If you do not see the dwm.exe and svc.exe rules, click the Add rule link to add them.
Step 7: Accessing the Advanced Threat Defense Settings
Go back to the Protection tab on the main window.
Click Open under the Advanced Threat Defense tile.
Step 8: Managing the Advanced Threat Defense Exceptions
Click the Settings tab.
Click Manage exceptions.
A Manage exceptions window will pop-up.
Step 9: Adding the Advanced Threat Defense Exceptions
On the Manage exceptions window, click the + Add an Exception button.
Step 10: Changing the Advanced Threat Defense Options
Enter the first exceptions from the list of exceptions below:
c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}\<agent ver>\{04287722-eb08-4929-bef0-cc1a76cbff1b}\svc.exec:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}\<agent ver>\{04287722-eb08-4929-bef0-cc1a76cbff1b}\dwm.exeNote:
Please replace <agent ver> with your with your own Agent version. For example, 0.1.255. You can check for the Agent version from your Teramind Dashboard. Select the COMPUTERS menu then click a computer's name. You can see the Agent version and type.
Make sure Advanced Threat Defense (and all its sub options) is turned on.
Click the Save button.
Teramind Agent should work normally with Bitdefender Total Security now.
ESET Endpoint Security
Step 1: Accessing the Setup Menu
Open ESET Endpoint Security.
From the main window, click the SETUP menu.
Select Computer from the Setup screen.
Step 2: Accessing the Exclusions Settings
Click the Cog Wheel 
icon at the right side of the item named Real-time file system protection.
From the pull-down menu, select Edit exclusions…
Step 3: Adding the Exclusions
Click the Add button to add the following paths to the Exclusions list:
c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}\c:\windows\system32\drivers\tmfsdrv2.sys
c:\windows\system32\drivers\tm_filter.sys
c:\documents and settings\All Users\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\*c:\Users\All Users\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\*c:\documents and settings\All Users\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\*\*\*.dllc:\Users\All Users\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\*\*\*.dllc:\ProgramData\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\*\*\*.dllClick the Save button when done.
Teramind Agent should work normally with ESET Endpoint Security now.
ESET Cloud Protect
Please use these exclusions:
c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}c:\windows\system32\drivers\tmfsdrv2.sys
c:\windows\system32\drivers\tm_filter.sys
c:\ProgramData\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\*\*\*.dllFor instructions on how to add exclusion, please check out ESET’s documentation.
You will also need to create an exclusion by Detection Name. To learn how to create such an exclusion, please check out this section of the ESET documentation.
ESET LiveGuard
Please use these exclusions:
c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}c:\windows\system32\drivers\tmfsdrv2.sys
c:\windows\system32\drivers\tm_filter.sys
c:\ProgramData\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\*\*\*.dllFor instructions on how to add exclusion, please check out ESET’s documentation.
Kaspersky Endpoint Security
Teramind is whitelisted on Kaspersky, so you shouldn’t need to use any exclusions. However, if you still encounter any issues, try the following:
Step 1: Accessing the Settings
Open Kaspersky Endpoint Security.
Click the Settings button on the main window.
Step 2: Accessing the Trusted Zone Settings
On the Setting screen, select General Settings from the list of items on the left of the screen.
Select Exclusions under it.
Click the Settings button on the right side of Scan exclusions and trusted zone section.
Step 3: Adding the First Scan Exclusion
On the Trusted zone screen, select the Scan exclusions tab
Click the Add button.
Step 4: Configuring the Scan Exclusion
On the Scan exclusion pop-up window, turn on the File or folder item on the Properties section.
Under the Scan exclusion description… section, click the select file or folder… link.
Step 5: Adding the Files and Folders
Enter the following exclusion:
c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}\Enable the Include subfolders option.
Click the OK button to add the item.
Click OK again to close the Scan exclusion window and return to the Trusted zone screen.
Step 6: Adding the Remaining Scan Exclusions
c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}\c:\windows\system32\drivers\tmfsdrv2.sys
c:\windows\system32\drivers\tm_filter.sys
Click the OK button to return to the Settings window.
Step 7: Saving Your Changes
Click the Save button to save your changes.
Teramind Agent should work normally with Kaspersky Endpoint Security now.
McAfee Endpoint Security
Teramind is whitelisted on McAfee, so you shouldn’t need to use any exclusions. However, if you still encounter any issues, try the following:
Threat Exceptions When Updating the Teramind Agent
McAfee Endpoint Security shouldn’t cause any issue when installing the Teramind Agent. However, when updating the agent it might throw up an event exception like this screen. To fix this issue, follow the steps below.
Step 1: Accessing the Threat Prevention Settings
Open McAfee Endpoint Security.
From the main window, click the Status tab.
Select the THREAT PREVENTION option.
Step 2: Accessing the Advanced Settings
Click the Show Advanced button near the top-right corner.
Step 3: Accessing the Exploit Prevention Option
Scroll down until you can see the EXPLOIT PREVENTION option.
Click the EXPLOIT PREVENTION option.
Step 4: Adding an Exclusion
Click the Add button under Exclusions. The Edit Exclusion window will pop-up.
Step 5: Editing the Exclusion
Under type, select File – Process – Registry. Add the following in the File name or path… field:
c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}\
c:\windows\system32\drivers\tmfsdrv2.sys
c:\windows\system32\drivers\tm_filter.sys
Sophos Home
Step 1: Accessing the Settings
Open the Sophos Home antivirus.
From the main window, click the Settings button. This will open a browser window and you will be taken to the cloud.sophos website.
Step 2: Accessing the Protection Settings
Select the PROTECTION tab.
Step 3: Adding the Exceptions
On the Exceptions section, add the following paths:
c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}\c:\windows\system32\drivers\tmfsdrv2.sys
c:\windows\system32\drivers\tm_filter.sys
Teramind Agent should work normally with Sophos Home now.
Windows Defender
Teramind is already signed with Microsoft and as such, Teramind Agent is excluded from the Windows Defender’s latest detection list. However, to avoid potential issues we still recommend you add the following exception.
This will help with most of the issues you may encounter with the Teramind Agent installations or updates. Also, if you notice very high CPU and memory usage by Windows Defender on the Windows Task Manager, then adding the exclusion should solve the problem.
Step 1: Accessing the Windows Virus & Threat Protection Settings
Windows Defender is part of Windows Security in the newer versions of Windows. To go to the Defender’s settings directly, open Virus & threat protection from the Windows Start menu.
Step 2: Accessing the Settings Screen
Click Manage settings under Virus and threat protection settings.
Step 3: Accessing the Exclusions Screen
Click Manage settings under Virus and threat protection settings.
Step 3: Adding the Exclusions
On the Exclusions window, click the + Add an exclusion button and select the File option. Add the following path:
c:\windows\system32\drivers\tmfsdrv2.sys
Repeat the step and add the following path:
c:\windows\system32\drivers\tm_filter.sys
Click the + Add an exclusion button for a third time but this time select the Folder option. Add the following folder:
c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}\
Solving Issues with Older Virus Definitions
On older version of Windows Defender, you might see warnings or get blocked when installing or updating the Teramind Agent. You can follow the instructions below to solve these issues. If you still need help, contact us at: [email protected].
If you see an Trojan warning/error message, "This program is dangerous and executes commands from an attacker.". Usually it shows ProtocolFilters.dll as the affected items, but it can get triggered for other files too:
It means that you have an older malware definition, or a previous copy of the definition being cached by Windows.
Please follow the steps below to clear cached detection and obtain the latest malware definitions:
Step 1: Accessing the Command Prompt
Type command in the Windows Search Bar. The Command Prompt app should show up on the Windows Menu.
Select the Run as administrator option on the right panel of the menu.
Step 2: Updating the Virus Signatures
On the command prompt, Type cd c:\Program Files\Windows Defender and press Enter.
Type MpCmdRun.exe -removedefinitions -dynamicsignatures and press Enter. Windows will remove the dynamic signature.
Type MpCmdRun.exe -SignatureUpdate and press Enter. Windows will update your virus definition with the latest signature.
Restoring a Quarantined Agent
If Windows Defender has already blocked an existing Teramind Agent, you need to restore it. To do so, follow these instructions:
Step 1: Accessing the History Settings
Click the Protection history link on the Virus & threat protection screen.
Step 2: Viewing the Quarantine Items
If you see any Teramind Agent related files (such as tmfsdrv2.sys or tm_filter.sys) or folders (such as {4cec2908-5ce4-48f0-a717-8fc833d8017a}) under the All recent items list, then select those items.
Click the Actions button and select the appropriate action such as Restore to restore the selected files and folder(s).
If none of these methods works, please contact our support team at [email protected].
Other Antivirus Software
Antivirus / Issue | Resolution |
Avast Free Antivirus Detects Teramind Agent .exe installer and .dwm. |
|
Avast EndPoint Protection Suite Detects Teramind Agent. |
|
AVG Antivirus Free Detects Teramind Agent .exe installer and. dwm. |
|
Panda Antivirus Pro Detects Teramind Agent, installation fails. |
c:\windows\system32\drivers\tmfsdrv2.sys c:\windows\system32\drivers\tm_filter.sys |
BitDefender Total Security Detects Teramind Agent, installation fails (Access Denied message). |
c:\windows\system32\drivers\tmfsdrv2.sys c:\windows\system32\drivers\tm_filter.sys |
Comodo Antivirus Installation fails (Access Denied message). |
|
BullGuard Antivirus Installation fails. |
c:\users\username\appdata\*.* c:\windows\*.* |
Quick Heal Total Security Installation fails. |
c:\windows\system32\drivers\tmfsdrv2.sys c:\windows\system32\drivers\tm_filter.sys c:\users\username\appdata\*.* c:\users\username\downloads\tera*.exe c:\windows\*.* |
Traps Advanced Endpoint Protection Possible installation issues. |
|
Vipre Installation fails. |
|
macOS Exclusions
We haven’t encountered any AV issues in Mac so far. But in case you face any issues, here are the locations of files/extensions you can use to consider for manual exclusion:
The System Extensions Paths:
/Applications/.NetApp.app
/Applications/.NetApp.app/Contents/MacOS/NetApp
Network Extension Paths:
/Applications/.NetApp.app/Contents/Library/SystemExtensions/com.teramind.networkextension.systemextension
/Applications/.NetApp.app/Contents/Library/SystemExtensions/com.teramind.networkextension.systemextension/Contents/MacOS/com.teramind.networkextension
Endpoint Security Extension Paths:
/Applications/.NetApp.app/Contents/Library/SystemExtensions/com.teramind.systemextension.endpointsecurity.systemextension
/Applications/.NetApp.app/Contents/Library/SystemExtensions/com.teramind.systemextension.endpointsecurity.systemextension/Contents/MacOS/com.teramind.systemextension.endpointsecurity
Revealed Agent Path
/usr/local/teramind/agent/bin/System Monitoring.app/Contents/MacOS/Teramind Agent
Endpoint Detection and Response (EDR) Solutions
The following executables should be whitelisted in your EDR:
dwm.exe
mtm.exe
mtm64.exe
svc.exe
nsxpsrenderer.exe
All these files are located in C:\ProgramData\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\<agent version>\<package id>\. Note that, <package id> is the same for each agent version, so please check which one you have and add that to the exceptions.