Antivirus Configuration Guide

Antivirus Configuration Overview

In most cases, your antivirus software will recognize Teramind as legitimate software and not interfere. However, if you encounter a situation where your antivirus is blocking you from installing or updating the Teramind Agent, this guide will help you troubleshoot the issue.

You can also download a PDF version of the guide by clicking the button below:

 

Download the Antivirus Configuration Guide

General Exceptions

Main Exceptions (Both Cloud and On-Premise Deployments):

c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}
c:\windows\system32\drivers\tmfsdrv2.sys
c:\windows\system32\drivers\tm_filter.sys

Temporary Exceptions (Both Cloud and On-Premise Deployments):

c:\windows\system32\drivers\set*.tmp
c:\windows\temp\*.tmp
c:\windows\installer\*.*
i
Remove these exceptions once the Agent installation/update is done.

Temporary Exceptions (On-Premise Deployment only):

You need to add the following temporary additional exceptions when installing the Agent remotely (On-Premise) via the Teramind Dashboard:

%windir%\*.exe
i
Remove these exceptions once the Agent installation/update is done.

 

i
If you already have the Teramind Agent installed, after adding the exceptions, please remove the Agent and reinstall it.

Checking Server IP Addresses and Ports

Some antivirus/firewall blocks certain IPs/ports that Teramind needs to operate. To learn which servers/IPs/ports you need to check and how, check out this article: How to check if Teramind IP addresses/hosts and ports are reachable.

Avast Business Antivirus

Step 1: Accessing the Menu

mceclip0__1_.png

Open Avast Business Antivirus.

From the main window, click the Menu near the top-right corner.

Step 2: Accessing the Settings

mceclip1.png

Select Settings from the menu.

Step 3: Accessing the General Exceptions Settings

mceclip2.png

Step 4: Adding the Exceptions

mceclip3.png

Type the following file and folder paths (one at a time), then click Add Exception:

c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}\
c:\windows\system32\drivers\tmfsdrv2.sys
c:\windows\system32\drivers\tm_filter.sys

Repeat Step 3 - Step 4 to add all the exceptions.

Avast Business Antivirus should now work normally with Teramind.

BitDefender Total Security

Step 1: Accessing the Antivirus Settings

mceclip0.png

Open BitDefender Total Security.

From your BitDefender Total Security main window, click the Protection tab. You will see several tiles.

Click Open under the Antivirus tile.

Step 2: Managing the Antivirus Exceptions

mceclip1__1_.png

Click the Settings tab.

Click Manage exceptions.

A Manage exceptions window will pop-up.

Step 3: Adding the Antivirus Exceptions

mceclip2__1_.png

On the Manage exceptions window, click the + Add an Exception button.

Step 4: Changing the Antivirus Exceptions Options

mceclip3__1_.png

Enter the first exceptions from the list of exceptions below:

c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}\
c:\windows\system32\drivers\tmfsdrv2.sys
c:\windows\system32\drivers\tm_filter.sys

Make sure Antivirus (and all its sub options such as On-access scan) and Online Threat Prevention are turned on.

Click the Save button.

Repeat Step 3 to Step 4 and add all the exceptions one by one.

Close the Manage exceptions window.

i
The above settings should be enough for the Teramind Revealed Agent to work properly. However, if you have a Hidden Agent installed, please follow the additional steps below.

Step 5: Accessing the Firewall Settings

mceclip4.png

Go back to the Protection tab on the main window.

Click Settings under the Firewall tile.

Step 6: Adding the Firewall Rules

mceclip5.png

Click the Rules tab.

Make sure the ACCESS option for dwm.exe and svc.exe rules are enabled for Any Network (you can click on a rule to expand/collapse it).

If you do not see the dwm.exe and svc.exe rules, click the Add rule link to add them.

Step 7: Accessing the Advanced Threat Defense Settings

mceclip6.png

Go back to the Protection tab on the main window.

Click Open under the Advanced Threat Defense tile.

Step 8: Managing the Advanced Threat Defense Exceptions

mceclip7.png

Click the Settings tab.

Click Manage exceptions.

A Manage exceptions window will pop-up.

Step 9: Adding the Advanced Threat Defense Exceptions

mceclip8.png

On the Manage exceptions window, click the + Add an Exception button.

Step 10: Changing the Advanced Threat Defense Options

mceclip9.png

Enter the first exceptions from the list of exceptions below:

c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}\0.1.255\{04287722-eb08-4929-bef0-cc1a76cbff1b}\svc.exe
c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}\0.1.255\{04287722-eb08-4929-bef0-cc1a76cbff1b}\dwm.exe
i
Note:
you will need to replace 0.1.255 with your own Agent version. You can check for your agent folder by going to the C:\ProgramData\{4CEC2908-5CE4-48F0-A717-8FC833D8017A} directory. You can also check for the agent version from the Teramind dashboard. Select the COMPUTERS menu then click a computer's name. You can see the Agent version and type. 

Make sure Advanced Threat Defense (and all its sub options) is turned on.

Click the Save button.

Bitdefender Total Security should now work normally with Teramind.

ESET Endpoint Security

Step 1: Accessing the Setup Menu

image-507.png

Open ESET Endpoint Security.

From the main window, click the SETUP menu.

Select Computer from the Setup screen.

Step 2: Accessing the Exclusions Settings

mceclip0__2_.png

Click the Cog Wheel mceclip1__2_.png icon at the right side of the item named Real-time file system protection.

From the pull-down menu, select Edit exclusions…

Step 3: Adding the Exclusions

mceclip2__2_.png

Click the Add button to add the following paths to the Exclusions list:

c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}\
c:\windows\system32\drivers\tmfsdrv2.sys
c:\windows\system32\drivers\tm_filter.sys

Click the Save button when done.

ESET Endpoint Security should now work normally with Teramind.

Kaspersky Endpoint Security

Step 1: Accessing the Settings

image-510.png

Open Kaspersky Endpoint Security.

Click the Settings button on the main window.

Step 2: Accessing the Trusted Zone Settings

image-511.png

On the Setting screen, select General Settings from the list of items on the left of the screen.

Select Exclusions under it.

Click the Settings button on the right side of Scan exclusions and trusted zone section.

Step 3: Adding the First Scan Exclusion

image-513.png

On the Trusted zone screen, select the Scan exclusions tab

Click the Add button.

Step 4: Configuring the Scan Exclusion

image-515.png

On the Scan exclusion pop-up window, turn on the File or folder item on the Properties section.

Under the Scan exclusion description… section, click the select file or folder… link.

Step 5: Adding the Files and Folders

image-516.png

Enter the following exclusion:

c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}\

Enable the Include subfolders option.

Click the OK button to add the item.

Click OK again to close the Scan exclusion window and return to the Trusted zone screen.

Step 6: Adding Rest of the Scan Exclusions

image-517.png

Repeat Step 3 to Step 5 above to add the rest of the exclusions from the list below:

c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}\
c:\windows\system32\drivers\tmfsdrv2.sys
c:\windows\system32\drivers\tm_filter.sys

Click the OK button to return to the Settings window.

Step 7: Saving Your Changes

image-518.png

Click the Save button to save your changes.

Kaspersky Endpoint Security should now work normally with Teramind.

McAfee Endpoint Security

Threat Exceptions When Updating the Teramind Agent

image-522.png

McAfee Endpoint Security shouldn’t cause any issue when installing the Teramind Agent. However, when updating the agent it might throw up an event exception like this screen. To fix this issue, follow the steps below.

Step 1: Accessing the Threat Prevention Settings

image-523.png

Open McAfee Endpoint Security.

From the main window, click the Status tab.

Select the THREAT PREVENTION option.

Step 2: Accessing the Advanced Settings

image-524.png

Click the Show Advanced button near the top-right corner.

Step 3: Accessing the Exploit Prevention Option

image-525.png

Scroll down until you can see the EXPLOIT PREVENTION option.

Click the EXPLOIT PREVENTION option.

Step 4: Adding an Exclusion

image-526.png

Click the Add button under Exclusions. The Edit Exclusion window will pop-up.

Step 5: Editing the Exclusion

image-527.png

Under type, select File – Process – Registry. Add the following in the File name or path… field:

c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}\

Repeat Step 4 to Step 5 to add the rest of the exceptions:

c:\windows\system32\drivers\tmfsdrv2.sys
c:\windows\system32\drivers\tm_filter.sys

Sophos Home

Step 1: Accessing the Settings

mceclip0__3_.png

Open the Sophos Home antivirus.

From the main window, click the Settings button. This will open a browser window and you will be taken to the cloud.sophos website.

Step 2: Accessing the Protection Settings

image-1__1_.png

Select the PROTECTION tab.

Step 3: Adding the Exceptions

image-2__1_.png

On the Exceptions section, add the following paths:

c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}\
c:\windows\system32\drivers\tmfsdrv2.sys
c:\windows\system32\drivers\tm_filter.sys

Sophos Home should now work normally with Teramind.

Windows Defender

Teramind is already signed with Microsoft and as such, Teramind Agent is excluded from the Windows Defender’s latest detection list. You shouldn’t have any problem using it. However, if you have an older version of Windows Defender, you might see warnings or get blocked when installing or updating the Teramind Agent. You can follow the instructions below to solve these issues. 

Solving Issues with Older Virus Definitions

If you see an error message like the one below, it means that you have an older malware definition, or a previous copy of the definition being cached by Windows.

image-4__1_.png

Please follow the steps below to clear cached detection and obtain the latest malware definitions:

Step 1: Accessing the Command Prompt

image-5.png

Type command in the Windows Search Bar. The Command Prompt app should show up on the Windows Menu.

Select the Run as administrator option on the right panel of the menu.

Step 2: Updating the Virus Signatures

image-6__1_.png

On the command prompt, Type cd c:\Program Files\Windows Defender and press Enter.

Type MpCmdRun.exe -removedefinitions -dynamicsignatures and press Enter. Windows will remove the dynamic signature.

Type MpCmdRun.exe -SignatureUpdate and press Enter. Windows will update your virus definition with the latest signature.

Solving Computer Slowdown and Other Issues

Adding the following exclusions will help with most of the issues you may encounter with the Teramind Agent installations or updates. Also, if you notice very high CPU and memory usage by Windows Defender on the Windows Task Manager, then adding the exclusion should solve the problem.

Step 1: Accessing the Antivirus Settings

image-7.png

Open Windows Defender. Click the Settings tab.

Step 2: Accessing the Exclusion Settings

image-6__2_.png

On the Settings window, click the Windows Defender tab.

Under the Exclusions section, click the Add an exclusion link.

Step 3: Adding the Exclusions

image-8__1_.png

On the Add an exclusion window, use the + Exclude a file button to add the following paths:

c:\windows\system32\drivers\tmfsdrv2.sys
c:\windows\system32\drivers\tm_filter.sys

Use the + Exclude a folder button to add the following folder:

c:\programdata\{4cec2908-5ce4-48f0-a717-8fc833d8017a}\

 

Restoring a Quarantined Agent

If Windows Defender has already blocked an existing Teramind Agent, you need to restore it. To do so, follow these instructions:

Step 1: Accessing the History Settings

image-9.png

Open Windows Defender. Click the History tab.

Step 2: Viewing the Quarantine Items

image-10.png

On the History tab, select the Quarantined items option. Click the View details button.

Step 3: Restoring the Quarantined Teramind Files & Folders

image-11.png

If you see any Teramind Agent related files (such as tmfsdrv2.sys or tm_filter.sys) or folders (such as {4cec2908-5ce4-48f0-a717-8fc833d8017a}) under the Detected item list, then select those items.

Click the Restore button to restore the selected files and folder(s).

i
If none of these methods works, please contact our support team at support@teramind.co.

Other Antivirus Software

Antivirus Issue Resolution
Avast Free Antivirus 2016 Detects Teramind Agent .exe installer and .dwm.
  • .dwm – disable Behaviour Shield
  • Installer – repeat installation
Avast EndPoint Protection Suite Detects Teramind Agent.
  • Continue execution
AVG Antivirus Free Detects Teramind Agent .exe installer and. dwm.
  • .dwm – disable Behaviour Shield
  • Installer – repeat installation
Panda Antivirus Pro Detects Teramind Agent, installation fails.
  • Add the following exceptions:
c:\windows\system32\drivers\tmfsdrv2.sys
c:\windows\system32\drivers\tm_filter.sys
BitDefender Total Security 2018 Detects Teramind Agent, installation fails (Access Denied message).
  • Disable BitDefender Shield
  • Add the following exceptions:
c:\windows\system32\drivers\tmfsdrv2.sys
c:\windows\system32\drivers\tm_filter.sys
Comodo Antivirus 10 Installation fails (Access Denied message).
BullGuard Antivirus Installation fails.
  • Add the exceptions listed on the General Exceptions section.
  • Disable Scan Files
  • Add the following exceptions:
c:\users\username\appdata\*.*
c:\windows\*.*
Quick Heal Total Security Installation fails.
  • Add the following exceptions:
c:\windows\system32\drivers\tmfsdrv2.sys
c:\windows\system32\drivers\tm_filter.sys
c:\users\username\appdata\*.*
c:\users\username\downloads\tera*.exe
c:\windows\*.*
Traps Advanced Endpoint Protection Possible installation issues.
Vipre Installation fails.
  • Disable Advanced Active Protection.

Endpoint Detection and Response (EDR) Solutions

The following executables should be whitelisted in your EDR:

dwm.exe
mtm.exe
mtm64.exe
svc.exe
nsxpsrenderer.exe

All these files are located in C:\ProgramData\{4CEC2908-5CE4-48F0-A717-8FC833D8017A}\<agent version>\<package id>\. Note that, <package id> is the same for each agent version, so please check which one you have and add that to the exceptions.

Was this article helpful?
0 out of 0 found this helpful