Antivirus Exclusions

Share your tips or issues concerning the WAPT Console or WAPT Agent here
Forum Rules
Community Forum Rules
* English support on www.reddit.com/r/wapt
* French community support is available on this forum
* Please prefix the topic title with [RESOLVED] if it is resolved.
* Please do not edit a topic that is tagged [RESOLVED]. Open a new topic referencing the old one.
* Specify the installed WAPT version, full version, and build number (2.2.1.11957 / 2.2.2.12337 / etc.) as well as the Enterprise/Discovery edition.
* Versions 1.8.2 and earlier are no longer supported. The only questions accepted regarding version 1.8.2 are related to upgrading to a supported version (2.1, 2.2, etc.).
* Specify the server OS (Linux/Windows) and version (Debian Buster/Bullseye - CentOS 7 - Windows Server 2012/2016/2019).
* Specify the OS of the administration/package creation machine and the machine with the problematic agent, if applicable (Windows 7/10/11/Debian 11/etc.).
* Avoid asking multiple questions when opening a topic, otherwise it may be ignored. If there are multiple topics, open separate topics, preferably one after the other and not all at the same time (i.e., do not spam the forum).
* Include code snippets, screenshots, and other images directly in the post. Links to Pastebin, Bitly, and other third-party sites will be systematically removed.
* As with any community forum, support is provided voluntarily by members. If you require commercial support, you can contact Tranquil IT's sales department at 02.40.97.57.55
Locked
User avatar
agauvrit
WAPT Expert
Messages: 238
Registration: Nov 17, 2016 - 10:25
Location: Nantes
Contact :
Contact agauvrit

March 27, 2018 - 10:29

Good morning,

We have observed that the Antivirus solutions installed at our clients' sites tend to prevent the WAPT agent or WAPT Setup installer from functioning correctly.

We have listed some paths to include in the exclusion paths of your Antivirus management console:

Code: Select all

"C:\Program Files (x86)\wapt\waptservice\win32\nssm.exe"
"C:\Program Files (x86)\wapt\waptservice\win64\nssm.exe"
"C:\Program Files (x86)\wapt\waptagent.exe"
"C:\Program Files (x86)\wapt\waptconsole.exe"
"C:\Program Files (x86)\wapt\waptexit.exe"

"C:\wapt\waptservice\win32\nssm.exe"
"C:\wapt\waptservice\win64\nssm.exe"
"C:\wapt\waptagent.exe"
"C:\wapt\waptconsole.exe"
"C:\wapt\waptexit.exe"
We would also like you to contribute to this exclusion list via this topic.

If you have encountered the problem and have found working exclusion paths for the agent/agent installation, please feel free to reply to this message.

Sincerely,

Alexander
High
User avatar
Alesk
Messages: 14
Registration: Apr 11, 2018 - 09:07

April 11, 2018 - 2:40 PM

Hello,

Referring to the morning post titled "WAPT 1.5 vs Antivirus" viewtopic.php?f=10&t=1134, here are the elements we have integrated to unlock the situation on a Trend Micro Officescan XG.

# Detection 1: The detected malware is Mal_Mlwr-13 https://www.trendmicro.com/vinfo/us/thr ... al_Mlwr-13
Solution: https://success.trendmicro.com/solution/000019446 to be applied to all scans on Scan Exclusion List (Directories) c:\wapt


# Detection 2: Unauthorized file encryption C:\Windows\Temp\is-L7N1A.tmp\waptagent.tmp (triggered by "c:\windows\temp\waptagent.exe")
Solution: http://docs.trendmicro.com/en-us/enterp ... ing-1.aspx on c:\windows\temp\waptagent.exe

# Detection 3: waptconsole.exe
Solution: http://docs.trendmicro.com/all/ent/offi ... -List.html to be applied to all workstations on c:\wapt\waptconsole.exe
High
Minus
Messages: 13
Registration: August 2, 2019 - 9:05 AM

August 2, 2019 - 09:12

Hello,

on Node32, during agent installation via GPO:

Object URI: file:///C:/Program Files (x86)/wapt/waptservice/win32/is-2ISAL.tmp
Threat name: Win32/NSSM.D
Process name: C:\Windows\Temp\is-0INQQ.tmp\waptagent.tmp

Therefore, the threat was simply excluded.
High
Locked

Return to "WAPT usage (Console, Agent) / WAPT usage (Console, Agent)"


  • To go further with WAPT