Applies to: Windows Agent Version 10.x
Article No: 16200988873111
As part of the Microsoft Security suite on Windows operating systems, Windows Defender (Virus & threat protection) may detect a Vision and quarantine files as a "threat." If Microsoft Security Virus & Threat protection is active, you can prevent interference with downloading and installing the agent by following these instructions. We recommend installing it on a test machine before deploying it to the network.
- Unblock the installer file.
Before delivering the VisionInstaller.exe or .msi file to an endpoint device, right-click on the file and select Properties. Check Unblock (if the checkbox appears) at the bottom of the General panel. You can use the same "unblocked" file at each Windows endpoint.
- Log in as Administrator and open Windows Security.
Your organization may control who can change these settings.
Select Virus & threat protection from the left menu, and click on Manage settings under "Virus & threat protection settings."
- Select "Add or remove exclusions".
- Start by excluding processes.
Open the Add an Exclusion menu and select Process. Windows Security allows you to enter process names that do not yet exist on the system.
Enter the Vision processes one at a time.
Processes to enter are:
- Create the agent folders.
Windows Security allows you to exclude folders only by selecting ones that exist. Because the folders you need to exclude don't exist yet, create them in the endpoint's Windows directory (requires elevated permissions). Creating these folders does not affect the agent installation:
- Return to Windows Security and exclude these folders.
Select Add an exclusion again, this time selecting Folder from the dropdown.
Browse to and select one folder, and then browse to and select the next. Your exclusions are now complete.
- Download and run the VisionInstaller file.
If the installer file is unblocked and the process is excluded, there should be no interference. Double-click the file to run the installation. After a few seconds, the device restarts. You can check the (now hidden) winipbin folder by accessing \\localhost\C$\Windows.
- The device should appear in Admin > Endpoint Agents.
The agent immediately attempts to contact the server. When an end user logs in, move them to a licensed Group to begin capturing activity.
If you experience additional difficulty with Windows Security / Microsoft Defender, contact Support.