- 25 Aug 2025
- 1 Minute to read
- Print
- DarkLight
- PDF
Exclusion Guide for Third-Party AV/EDR Solutions
- Updated on 25 Aug 2025
- 1 Minute to read
- Print
- DarkLight
- PDF
About this Article
This guide provides the required exclusions to ensure interoperability between the Virsec Security Platform (VSP) and third-party antivirus (AV) and endpoint detection and response (EDR) solutions. Proper exclusions prevent performance issues, false positives, and conflicts that can reduce overall security effectiveness.
Why Exclusions Are Important
Running multiple security tools without exclusions can cause:
Performance degradation due to redundant scanning.
False positives or blocking of legitimate VSP processes.
Reduced security effectiveness if products interfere with each other.
Mutual exclusions are an industry-standard best practice to maintain stability and ensure each security product functions as intended.
Why Both Folder and Process Exclusions Are Needed
Folder exclusions ensure that all files within VSP directories—including temporary files, logs, and supporting binaries—are not scanned or quarantined. This prevents performance bottlenecks and avoids accidental blocking of essential components.
Process exclusions ensure that VSP executables can run without interference from AV/EDR behavioral or heuristic engines. These engines often monitor process activity, which can lead to false positives if not excluded.
If your AV/EDR solution supports child process inheritance, enable it when configuring process exclusions. This ensures that any subprocesses spawned by VSP executables are also trusted.
General Guidance
Apply exclusions in all relevant modules (e.g., AV, EDR, Behavioral Protection).
Ensure exclusions propagate across all policies in your environment.
Consult your AV/EDR vendor for specific implementation steps.
Disclaimer
For product-specific instructions, consult your AV/EDR vendor documentation.
Required Exclusions
Windows
Folder Exclusions
(Include all subfolders)
C:\ProgramData\Virsec\
C:\ProgramData\vspcpm\
C:\Program Files (x86)\Virsec\
C:\Program Files (x86)\vspcpm\
Process Allow-Listing
(Include full path + process name + child inheritance)
VSP (Virsec Security Platform) Probe Exclusions
C:\Program Files (x86)\Virsec\bin\deobfusc.exe
C:\Program Files (x86)\Virsec\bin\fde.exe
C:\Program Files (x86)\Virsec\bin\filesysmonitor.exe
C:\Program Files (x86)\Virsec\bin\fsr.exe
C:\Program Files (x86)\Virsec\bin\hmm.exe
C:\Program Files (x86)\Virsec\bin\obfusc.exe
C:\Program Files (x86)\Virsec\bin\vIPC-server.exe
C:\Program Files (x86)\Virsec\bin\vsp-cli.exe
C:\Program Files (x86)\Virsec\bin\vsp-manager.exe
C:\Program Files (x86)\Virsec\bin\vsp-mem-assist.exe
C:\Program Files (x86)\Virsec\bin\vsp-rmp.exe
C:\Program Files (x86)\Virsec\bin\vsp-watchdog.exe
C:\Program Files (x86)\Virsec\bin\vsp_ipmlogger_svc.exe
C:\Program Files (x86)\Virsec\bin\vsp_vsp_svc.exe
C:\Program Files (x86)\Virsec\bin\web-assist.exe
CPM (Central Probe Management) Exclusions
C:\Program Files (x86)\vspcpm\bin\cpmjavaruntime\bin\java.exe
C:\Program Files (x86)\vspcpm\bin\cpmjavaruntime\bin\vsp_cpm_svc.exe
C:\Program Files (x86)\vspcpm\bin\cpmjavaruntime\bin\vsp_cpm_svc_config.exe
C:\Program Files (x86)\vspcpm\bin\cpmjavaruntime\bin\vsp_cpm_svc_control.exe
C:\Program Files (x86)\vspcpm\bin\cpmjavaruntime\bin\uninstall_password_ui.exe
CPM Installer Exclusions
(Use full path where CPM is installed or deployed from. If detection still occurs, ensure child process certutil.exe is excluded)
<Installer Location>\CPM_Installer.bat
Driver Exclusions
C:\Windows\System32\drivers\VirsecKernelMonitor.sys
C:\Windows\System32\drivers\ipm.sys
Linux
Folder Exclusions
(include all sub-folders)
/opt/virsec/
/opt/vspcpm/
/var/vspcpm/
/var/virsec/