Antivirus Configuration Overview
In most cases, your antivirus software will recognize Teramind as legitimate software and not interfere. However, if you encounter a situation where your antivirus is blocking you from installing or updating the Teramind Agent, this guide will help you troubleshoot the issue.
You can also download a PDF version of the guide by clicking the button below:
Download the Antivirus Configuration Guide
Adding Exceptions
Main Exceptions (Both Cloud and On-Premise Deployments):
c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}
c:\windows\system32\drivers\tmfsdrv2.sys
c:\windows\system32\drivers\tm_filter.sys
c:\ProgramData\Teramind Agent (if using the Revealed/Visible Agent)
i
|
Disable any network and web filtering/inspection modules in your antivirus program. These modules may interfere with Teramind and cause connectivity problems on the users' computers. They might also make some Teramind features not working properly. |
Temporary Exceptions (Both Cloud and On-Premise Deployments):
c:\windows\system32\drivers\set*.tmp
c:\windows\temp\*.tmp
c:\windows\installer\*.*
i
|
Remove these exceptions once the Agent installation/update is done. |
Temporary Exceptions (On-Premise Deployment only):
You need to add the following temporary additional exceptions when installing the Agent remotely (On-Premise) via the Teramind Dashboard:
%windir%\*.exe
i
|
Remove these exceptions once the Agent installation/update is done. |
i
|
If you already have the Teramind Agent installed, after adding the exceptions, please remove the Agent and reinstall it. |
Checking Server IP Addresses and Ports
Some antivirus/firewall blocks certain IPs/ports that Teramind needs to operate. To learn which servers/IPs/ports you need to check and how, check out this article: How to check if Teramind IP addresses/hosts and ports are reachable.
Avast Business Antivirus
Step 1: Accessing the Menu
Open Avast Business Antivirus.
From the main window, click the Menu near the top-right corner.
Step 2: Accessing the Settings
Select Settings from the menu.
Step 3: Accessing the General Exceptions Settings
Step 4: Adding the Exceptions
Type the following file and folder paths (one at a time), then click Add Exception:
c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}\
c:\windows\system32\drivers\tmfsdrv2.sys
c:\windows\system32\drivers\tm_filter.sys
Repeat Step 3 - Step 4 to add all the exceptions.
Avast Business Antivirus should now work normally with Teramind.
BitDefender Total Security
Step 1: Accessing the Antivirus Settings
Open BitDefender Total Security.
From your BitDefender Total Security main window, click the Protection tab. You will see several tiles.
Click Open under the Antivirus tile.
Step 2: Managing the Antivirus Exceptions
Click the Settings tab.
Click Manage exceptions.
A Manage exceptions window will pop-up.
Step 3: Adding the Antivirus Exceptions
On the Manage exceptions window, click the + Add an Exception button.
Step 4: Changing the Antivirus Exceptions Options
Enter the first exceptions from the list of exceptions below:
c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}\
c:\windows\system32\drivers\tmfsdrv2.sys
c:\windows\system32\drivers\tm_filter.sys
Make sure Antivirus (and all its sub options such as On-access scan) and Online Threat Prevention are turned on.
Click the Save button.
Repeat Step 3 to Step 4 and add all the exceptions one by one.
Close the Manage exceptions window.
i
|
The above settings should be enough for the Teramind Revealed Agent to work properly. However, if you have a Hidden Agent installed, please follow the additional steps below. |
Step 5: Accessing the Firewall Settings
Go back to the Protection tab on the main window.
Click Settings under the Firewall tile.
Step 6: Adding the Firewall Rules
Click the Rules tab.
Make sure the ACCESS option for dwm.exe
and svc.exe
rules are enabled for Any Network (you can click on a rule to expand/collapse it).
If you do not see the dwm.exe and svc.exe rules, click the Add rule link to add them.
Step 7: Accessing the Advanced Threat Defense Settings
Go back to the Protection tab on the main window.
Click Open under the Advanced Threat Defense tile.
Step 8: Managing the Advanced Threat Defense Exceptions
Click the Settings tab.
Click Manage exceptions.
A Manage exceptions window will pop-up.
Step 9: Adding the Advanced Threat Defense Exceptions
On the Manage exceptions window, click the + Add an Exception button.
Step 10: Changing the Advanced Threat Defense Options
Enter the first exceptions from the list of exceptions below:
c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}\0.1.255\{04287722-eb08-4929-bef0-cc1a76cbff1b}\svc.exe
c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}\0.1.255\{04287722-eb08-4929-bef0-cc1a76cbff1b}\dwm.exe
i
|
Note: you will need to replace 0.1.255 with your own Agent version. You can check for your agent folder by going to the C:\ProgramData\{4CEC2908-5CE4-48F0-A717-8FC833D8017A} directory. You can also check for the agent version from the Teramind dashboard. Select the COMPUTERS menu then click a computer's name. You can see the Agent version and type.
|
Make sure Advanced Threat Defense (and all its sub options) is turned on.
Click the Save button.
Bitdefender Total Security should now work normally with Teramind.
ESET Endpoint Security
Step 1: Accessing the Setup Menu
Open ESET Endpoint Security.
From the main window, click the SETUP menu.
Select Computer from the Setup screen.
Step 2: Accessing the Exclusions Settings
Click the Cog Wheel icon at the right side of the item named Real-time file system protection.
From the pull-down menu, select Edit exclusions…
Step 3: Adding the Exclusions
Click the Add button to add the following paths to the Exclusions list:
c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}\
c:\windows\system32\drivers\tmfsdrv2.sys
c:\windows\system32\drivers\tm_filter.sys
c:\documents and settings\All Users\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\*
c:\Users\All Users\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\*
c:\documents and settings\All Users\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\*\*\*.dll
c:\Users\All Users\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\*\*\*.dll
c:\ProgramData\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\*\*\*.dll
Click the Save button when done.
ESET Endpoint Security should now work normally with Teramind.
ESET Cloud Protect
Please use these exclusions:
c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}
c:\windows\system32\drivers\tmfsdrv2.sys
c:\windows\system32\drivers\tm_filter.sys
c:\ProgramData\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\*\*\*.dll
For instructions on how to add exclusion, please check out ESET’s documentation.
You will also need to create an exclusion by Detection Name. To learn how to create such an exclusion, please check out this section of the ESET documentation.
ESET LiveGuard
Please use these exclusions:
c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}
c:\windows\system32\drivers\tmfsdrv2.sys
c:\windows\system32\drivers\tm_filter.sys
c:\ProgramData\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\*\*\*.dll
For instructions on how to add exclusion, please check out ESET’s documentation.
Kaspersky Endpoint Security
Teramind is whitelisted on Kaspersky, so you shouldn’t need to use any exclusions. However, if you still encounter any issues, try the following:
Step 1: Accessing the Settings
Open Kaspersky Endpoint Security.
Click the Settings button on the main window.
Step 2: Accessing the Trusted Zone Settings
On the Setting screen, select General Settings from the list of items on the left of the screen.
Select Exclusions under it.
Click the Settings button on the right side of Scan exclusions and trusted zone section.
Step 3: Adding the First Scan Exclusion
On the Trusted zone screen, select the Scan exclusions tab
Click the Add button.
Step 4: Configuring the Scan Exclusion
On the Scan exclusion pop-up window, turn on the File or folder item on the Properties section.
Under the Scan exclusion description… section, click the select file or folder… link.
Step 5: Adding the Files and Folders
Enter the following exclusion:
c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}\
Enable the Include subfolders option.
Click the OK button to add the item.
Click OK again to close the Scan exclusion window and return to the Trusted zone screen.
Step 6: Adding Rest of the Scan Exclusions
Repeat Step 3 to Step 5 above to add the rest of the exclusions from the list below:
c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}\
c:\windows\system32\drivers\tmfsdrv2.sys
c:\windows\system32\drivers\tm_filter.sys
Click the OK button to return to the Settings window.
Step 7: Saving Your Changes
Click the Save button to save your changes.
Kaspersky Endpoint Security should now work normally with Teramind.
McAfee Endpoint Security
Teramind is whitelisted on McAfee, so you shouldn’t need to use any exclusions. However, if you still encounter any issues, try the following:
Threat Exceptions When Updating the Teramind Agent
McAfee Endpoint Security shouldn’t cause any issue when installing the Teramind Agent. However, when updating the agent it might throw up an event exception like this screen. To fix this issue, follow the steps below.
Step 1: Accessing the Threat Prevention Settings
Open McAfee Endpoint Security.
From the main window, click the Status tab.
Select the THREAT PREVENTION option.
Step 2: Accessing the Advanced Settings
Click the Show Advanced button near the top-right corner.
Step 3: Accessing the Exploit Prevention Option
Scroll down until you can see the EXPLOIT PREVENTION option.
Click the EXPLOIT PREVENTION option.
Step 4: Adding an Exclusion
Click the Add button under Exclusions. The Edit Exclusion window will pop-up.
Step 5: Editing the Exclusion
Under type, select File – Process – Registry. Add the following in the File name or path… field:
c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}\
Repeat Step 4 to Step 5 to add the rest of the exceptions:
c:\windows\system32\drivers\tmfsdrv2.sys
c:\windows\system32\drivers\tm_filter.sys
Sophos Home
Step 1: Accessing the Settings
Open the Sophos Home antivirus.
From the main window, click the Settings button. This will open a browser window and you will be taken to the cloud.sophos
website.
Step 2: Accessing the Protection Settings
Select the PROTECTION tab.
Step 3: Adding the Exceptions
On the Exceptions section, add the following paths:
c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}\
c:\windows\system32\drivers\tmfsdrv2.sys
c:\windows\system32\drivers\tm_filter.sys
Sophos Home should now work normally with Teramind.
Windows Defender
Teramind is already signed with Microsoft and as such, Teramind Agent is excluded from the Windows Defender’s latest detection list. You shouldn’t have any problem using it. However, if you have an older version of Windows Defender, you might see warnings or get blocked when installing or updating the Teramind Agent. You can follow the instructions below to solve these issues.
Solving Issues with Older Virus Definitions
If you see an Trojan warning/error message, "This program is dangerous and executes commands from an attacker.". Usually it shows ProtocolFilters.dll as the affected items, but it can get triggered for other files too:
It means that you have an older malware definition, or a previous copy of the definition being cached by Windows.
Please follow the steps below to clear cached detection and obtain the latest malware definitions:
Step 1: Accessing the Command Prompt
Type command
in the Windows Search Bar. The Command Prompt app should show up on the Windows Menu.
Select the Run as administrator option on the right panel of the menu.
Step 2: Updating the Virus Signatures
On the command prompt, Type cd c:\Program Files\Windows Defender
and press Enter.
Type MpCmdRun.exe -removedefinitions -dynamicsignatures
and press Enter. Windows will remove the dynamic signature.
Type MpCmdRun.exe -SignatureUpdate
and press Enter. Windows will update your virus definition with the latest signature.
Solving Computer Slowdown and Other Issues
Adding the following exclusions will help with most of the issues you may encounter with the Teramind Agent installations or updates. Also, if you notice very high CPU and memory usage by Windows Defender on the Windows Task Manager, then adding the exclusion should solve the problem.
Step 1: Accessing the Antivirus Settings
Open Windows Defender. Click the Settings tab.
Step 2: Accessing the Exclusion Settings
On the Settings window, click the Windows Defender tab.
Under the Exclusions section, click the Add an exclusion link.
Step 3: Adding the Exclusions
On the Add an exclusion window, use the + Exclude a file button to add the following paths:
c:\windows\system32\drivers\tmfsdrv2.sys
c:\windows\system32\drivers\tm_filter.sys
Use the + Exclude a folder button to add the following folder:
c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}\
Restoring a Quarantined Agent
If Windows Defender has already blocked an existing Teramind Agent, you need to restore it. To do so, follow these instructions:
Step 1: Accessing the History Settings
Open Windows Defender. Click the History tab.
Step 2: Viewing the Quarantine Items
On the History tab, select the Quarantined items option. Click the View details button.
Step 3: Restoring the Quarantined Teramind Files & Folders
If you see any Teramind Agent related files (such as tmfsdrv2.sys
or tm_filter.sys
) or folders (such as {4cec2908-5ce4-48f0-a717-8fc833d8017a}
) under the Detected item list, then select those items.
Click the Restore button to restore the selected files and folder(s).
i
|
If none of these methods works, please contact our support team at support@teramind.co. |
Other Antivirus Software
Antivirus | Issue | Resolution |
Avast Free Antivirus | Detects Teramind Agent .exe installer and .dwm. |
|
Avast EndPoint Protection Suite | Detects Teramind Agent. |
|
AVG Antivirus Free | Detects Teramind Agent .exe installer and. dwm. |
|
Panda Antivirus Pro | Detects Teramind Agent, installation fails. |
c:\windows\system32\drivers\tmfsdrv2.sys c:\windows\system32\drivers\tm_filter.sys |
BitDefender Total Security | Detects Teramind Agent, installation fails (Access Denied message). |
c:\windows\system32\drivers\tmfsdrv2.sys c:\windows\system32\drivers\tm_filter.sys |
Comodo Antivirus | Installation fails (Access Denied message). |
|
BullGuard Antivirus | Installation fails. |
c:\users\username\appdata\*.* c:\windows\*.* |
Quick Heal Total Security | Installation fails. |
c:\windows\system32\drivers\tmfsdrv2.sys c:\windows\system32\drivers\tm_filter.sys c:\users\username\appdata\*.* c:\users\username\downloads\tera*.exe c:\windows\*.* |
Traps Advanced Endpoint Protection | Possible installation issues. |
|
Vipre | Installation fails. |
|
Endpoint Detection and Response (EDR) Solutions
The following executables should be whitelisted in your EDR:
dwm.exe
mtm.exe
mtm64.exe
svc.exe
nsxpsrenderer.exe
All these files are located in C:\ProgramData\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\<agent
version>\<package id>\
. Note that, <package id>
is the same for each agent version, so please check which one you have and add that to the exceptions.