Lumension® KnowledgeBase

Article Number:
829

Date Created:
06/22/2012

Last Updated:
12/13/2016

Article Type:
How-To Procedures

Recommended Anti-Malware exclusions for Lumension Endpoint Security Products

Description

Product:

L.E.M.S.S.

Versions:

Lumension Endpoint Management and Security Suite (LEMSS) 7.x and 8.0
Lumension Patch and Remediation (LPR) module 7.x and 8.0
Lumension Application Control (LAC) 7.x and 8.0

Summary:

This article provides a summary of files that should be excluded from your Anti-Malware Policies to improve performance on the endpoint without sacrificing security.

Details

LEMSS 8.0

Endpoint exclusions

Product / Module

LEMSS 8.0 File Path and File

File Responsibility

LEMSS Agent

<installPath>\Lumension\LEMSSAgent\00\LMAGENT.EXE

<installPath>\Lumension\LEMSSAgent\01\LMAGENT.EXE
 

Core Agent that is used for communication and file downloads.


Post-Vista Endpoints - ProgramData\Lumension\LEMSSAgent\Logs\EPSDriver.log

Pre-Vista Endpoints - Documents and Settings\All Users\Application Data\Lumension\LEMSSAgent\Logs\EPSDriver.log
 

Driver logging

Patch and Remediation

<installPath>\Lumension\LEMSSAgent\00\patch\GRAVITIXSERVICE.EXE

<installPath>\Lumension\LEMSSAgent\01\patch\GRAVITIXSERVICE.EXE

Module used for patch downloads and installations.

<installPath>\Lumension\LEMSSAgent\00\patch\DAGENT.EXE

<installPath>\Lumension\LEMSSAgent\01\patch\DAGENT.EXE

Module used to scan the HDD for missing security updates based on our standard content architecture.

<installPath>\Lumension\LEMSSAgent\00\patch \LM.DETECTION.EXE

<installPath>\Lumension\LEMSSAgent\01\patch \LM.DETECTION.EXE

3rd Generation module used to scan the HDD for missing security updates based on our New Content Architecture v3.

Application Control

<installPath>\Lumension\LEMSSAgent\00\APPCONTROLSCAN.EXE

<installPath>\Lumension\LEMSSAgent\01\APPCONTROLSCAN.EXE

Used to scan the HDD to create the initial whitelist.

Device Control %WINDIR%\Sxdata Used for DC policy-files and events/shadowing log storage

Server exclusions

Product / Module

LEMSS 8.0 file

File Responsibility

LEMSS Server

LM.EDS.EXE

Security and lockdown end-point manager.

DISTRIBUTION.REPLICATION.
CLIENT.SERVICE.EXE

Used to sync with GSS and download manager.

SQLSERVR.EXE

Microsoft SQL Database Service.  See KB309422 for recommendations from Microsoft.

W3WP.EXE

Microsoft IIS Worker Process.

LEMSS 7.x

Endpoint exclusions 

Product / Module

LEMSS 7.x File Path and File

File Responsibility

LEMSS Agent

<installPath>\Lumension\LEMSSAgent\LMAGENT.EXE

Core Agent that is used for communication and file downloads.

Patch and Remediation

<installPath>\Lumension\Patch Agent\GRAVITIXSERVICE.EXE

Module used for patch downloads and installations.

<installPath>\Lumension\Patch Agent\DAGENT.EXE

Module used to scan the HDD for missing security updates based on our standard content architecture.

<installPath>\Lumension\Patch Agent\LM.DETECTION.EXE

3rd Generation module used to scan the HDD for missing security updates based on our New Content Architecture v3.

Application Control

<installPath>\Lumension\LEMSSAgent\APPCONTROLSCAN.EXE

Used to scan the HDD to create the initial whitelist.

Server exclusions

Product / Module

LEMSS 7.x File

File Responsibility

LEMSS Server

LM.EDS.EXE

Security and lockdown end-point manager.

DISTRIBUTION.REPLICATION.
CLIENT.SERVICE.EXE

Used to sync with GSS and download manager.

SQLSERVR.EXE

Microsoft SQL Database Service.  See KB309422 for recommendations from Microsoft.

W3WP.EXE

Microsoft IIS Worker Process.

 

ADDITIONAL RESOURCES

Windows Anti-Virus Exclusion List (en-US)
Virus scanning recommendations for Enterprise computers that are running currently supported versions of Windows

12345678910
Current rating: 3.6