Exclusion Guide for Third-Party AV/EDR Solutions

About this Article

This guide provides the required exclusions to ensure interoperability between the Virsec Security Platform (VSP) and third-party antivirus (AV) and endpoint detection and response (EDR) solutions. Proper exclusions prevent performance issues, false positives, and conflicts that can reduce overall security effectiveness.

Why Exclusions Are Important

Running multiple security tools without exclusions can cause:

• Performance degradation due to redundant scanning.

• False positives or blocking of legitimate VSP processes.

• Reduced security effectiveness if products interfere with each other.

Mutual exclusions are an industry-standard best practice to maintain stability and ensure each security product functions as intended.

Why Both Folder and Process Exclusions Are Needed

• Folder exclusions ensure that all files within VSP directories—including temporary files, logs, and supporting binaries—are not scanned or quarantined. This prevents performance bottlenecks and avoids accidental blocking of essential components.

• Process exclusions ensure that VSP executables can run without interference from AV/EDR behavioral or heuristic engines. These engines often monitor process activity, which can lead to false positives if not excluded.

• If your AV/EDR solution supports child process inheritance, enable it when configuring process exclusions. This ensures that any subprocesses spawned by VSP executables are also trusted.

General Guidance

• Apply exclusions in all relevant modules (e.g., AV, EDR, Behavioral Protection).

• Ensure exclusions propagate across all policies in your environment.

• Consult your AV/EDR vendor for specific implementation steps.

Disclaimer

For product-specific instructions, consult your AV/EDR vendor documentation.

Required Exclusions

Windows

Folder Exclusions

(Include all subfolders)  

C:\ProgramData\Virsec\ 
C:\ProgramData\vspcpm\ 
C:\Program Files (x86)\Virsec\ 
C:\Program Files (x86)\vspcpm\

Process Allow-Listing

(Include full path + process name + child inheritance)  

VSP (Virsec Security Platform) Probe Exclusions

C:\Program Files (x86)\Virsec\bin\deobfusc.exe 
C:\Program Files (x86)\Virsec\bin\fde.exe 
C:\Program Files (x86)\Virsec\bin\filesysmonitor.exe 
C:\Program Files (x86)\Virsec\bin\fsr.exe 
C:\Program Files (x86)\Virsec\bin\hmm.exe 
C:\Program Files (x86)\Virsec\bin\obfusc.exe 
C:\Program Files (x86)\Virsec\bin\vIPC-server.exe 
C:\Program Files (x86)\Virsec\bin\vsp-cli.exe 
C:\Program Files (x86)\Virsec\bin\vsp-manager.exe 
C:\Program Files (x86)\Virsec\bin\vsp-mem-assist.exe 
C:\Program Files (x86)\Virsec\bin\vsp-rmp.exe 
C:\Program Files (x86)\Virsec\bin\vsp-watchdog.exe 
C:\Program Files (x86)\Virsec\bin\vsp_ipmlogger_svc.exe 
C:\Program Files (x86)\Virsec\bin\vsp_vsp_svc.exe 
C:\Program Files (x86)\Virsec\bin\web-assist.exe

C:\Program Files (x86)\vspcpm\bin\cpmjavaruntime\bin\java.exe
C:\Program Files (x86)\vspcpm\bin\cpmjavaruntime\bin\vsp_cpm_svc.exe
C:\Program Files (x86)\vspcpm\bin\cpmjavaruntime\bin\vsp_cpm_svc_config.exe
C:\Program Files (x86)\vspcpm\bin\cpmjavaruntime\bin\vsp_cpm_svc_control.exe
C:\Program Files (x86)\vspcpm\bin\cpmjavaruntime\bin\uninstall_password_ui.exe

CPM Installer Exclusions
(Use full path where CPM is installed or deployed from. If detection still occurs, ensure child process certutil.exe is excluded)

<Installer Location>\CPM_Installer.bat

Driver Exclusions

C:\Windows\System32\drivers\VirsecKernelMonitor.sys 
C:\Windows\System32\drivers\ipm.sys

Linux

Folder Exclusions

(include all sub-folders)

/opt/virsec/ 
/opt/vspcpm/ 
/var/vspcpm/ 
/var/virsec/