Applies to: Windows Agent Version 10.x
Article No: 25485062846103
Veriato Insider Risk Management
If any of your endpoints use the Microsoft Security Defender antivirus solution, and you are not centrally managing antivirus, a PowerShell Script facilitates entering exclusions.
NOTE: This information is provided as-is without warranty. Security programs update, and updates to the script may not be supported. The script was created for your convenience and has had limited testing, although that testing has been successful.
A managed antivirus solution is preferable
We recommend using a centrally managed antivirus solution to simplify and streamline the configuration of exclusions, ongoing device management, and detection awareness.
Exclusions for unmanaged Windows Defender
If endpoints use unmanaged, Windows Defender (Windows Security) on Windows 10 or 11 may quarantine files. For antivirus protection, we have provided a PowerShell script to facilitate adding exclusions for all temporary files, installed files, and processes that might be detected during installation. Follow these instructions for each Windows device:
-
Download a provided .zip file.
Click here to download Veriato_Defender_Exclusions_Powershell.zip.
Use the .zip file and your downloaded .exe or .msi Windows Agent Installer to set exclusions and install the agent on each endpoint device. -
Extract the ZIP file.
Extraction results in 4 files. Keep all files in one folder.-
Veriato_Client_Exclusions.txt
This text file contains the necessary Windows Agent exclusions, one per line. In addition to the recommended folder exclusions, this list contains any folder or file that could be detected. -
Veriato_processes.txt
A text file that contains the processes that will be used to install the agent and the processes remaining after installation that run the agent. -
Veriato_Client_Exclusions_Add.ps1
The PowerShell script adds the folder and file exclusions from Veriato_Client_Exclusions.txt and Veriato_processes.txt to appropriate sections of Windows Security "Exclusions." The script also temporarily disables "real-time protection" to allow the installation of the agent recorder. -
Veriato_Client_Exclusions_Remove.ps1
This PowerShell script removes the agent recorder exclusions from Windows Defender. -
Veriato_Exclusions_Defender_Instructions.pdf
(A copy of these instructions.)
-
Veriato_Client_Exclusions.txt
-
Open an administrative (elevated) command prompt.
Navigate to the folder where the four extracted files are located.
-
At the command prompt, enter the following:
powershell.exe -noprofile -executionpolicy bypass -file .\Veriato_Client_Exclusions_Add.ps1
The script adds the exclusions and temporarily disables Real-Time protection.
-
If you wish, check the exclusions.
Find exclusions in Windows Security > Virus & threat protection > Add or remove exclusions.
The exclusions may appear as File or Folder exclusions. When examining the registry location where these exclusions are stored, there seems to be no difference between file and folder exclusions.
-
Install the Windows Agent.
Download the Windows Agent from your app console (Admin > Download Agents) and use the downloaded installer to install the agent as you normally would. Installation restarts the device. Windows Defender should re-enable its real-time protection automatically (in Windows Security, Check Virus & Threat Protection Settings > Manage settings.)
-
Remove the .zip and script files.
Be sure to remove all files you brought to the computer.
Remove exclusions from Windows Defender
To remove the exclusion, return to the endpoint with the Vision_Client_Exclusions_Defender.zip file. Extract the file and use the extracted Vision_Client_Exclusions_Remove.ps1 script to remove exclusions:
-
Open an elevated command prompt.
Navigate to the folder where the files are extracted. -
At the command prompt, enter the following:
powershell.exe -noprofile -executionpolicy bypass -file .\Veriato_Client_Exclusions_Remove.ps1
Contents of the Exclusions .txt files
The following exclusions have been tested with Microsoft Windows Defender on Windows OS 10 and 11.
Veriato Folder/File Exclusions
VisionInstaller.exe
C:\Windows\SysWOW64\winipdat
C:\Windows\System32\winipdat
C:\Windows\winipbin
C:\Windows\winipbin-install
C:\Windows\winipbin-install\Admin.exe
C:\Windows\winipbin-install\bootstrap.exe
C:\Windows\winipbin-install\Config.txt
C:\Windows\winipbin-install\crbundl\crx618031\icons\icon16.png
C:\Windows\winipbin-install\crbundl\crx618031\manifest.json
C:\Windows\winipbin-install\crbundl\crx618031\src\bg\spbackground.js
C:\Windows\winipbin-install\crbundl\crx618031\src\content\spcontent.js
C:\Windows\winipbin-install\crbundl\crx618031\src\content\splocal.js
C:\Windows\winipbin-install\crbundl\crx89312\icons\icon16.png
C:\Windows\winipbin-install\crbundl\crx89312\manifest.json
C:\Windows\winipbin-install\crbundl\crx89312\src\bg\spbackground.js
C:\Windows\winipbin-install\crbundl\crx89312\src\content\spcontent.js
C:\Windows\winipbin-install\crbundl\crx89312\src\content\splocal.js
C:\Windows\winipbin-install\crbundl\crxsource.zip
C:\Windows\winipbin-install\MSVxRsc.dll
C:\Windows\winipbin-install\ra.dll
C:\Windows\winipbin-install\spsetup.exe
C:\Windows\winipbin-install\spsetup.log
C:\Windows\winipbin-install\SPSetup64.exe
C:\Windows\winipbin-install\SPSetup64.log
C:\Windows\winipbin-install\SPSetupWin.exe
C:\Windows\winipbin-install\SR_TmpRun.ini
C:\Windows\winipbin-install\UUU4BAA.tmp
C:\Windows\winipbin-install\UUU5530.tmp
C:\Windows\winipbin-install\UUU5551.tmp
C:\Windows\Temp\winipbin-install\_msfile*.inf
C:\Windows\winipbin\bissima.dll
C:\Windows\winipbin\bissimo.dll
C:\Windows\winipbin\cmproxfr.dll
C:\Windows\winipbin\dosudweb32.dll
C:\Windows\winipbin\eanipw.dll
C:\Windows\winipbin\hdaocogema.dll
C:\Windows\winipbin\jlyfftin.dll
C:\Windows\winipbin\lrdfcndr.dll
C:\Windows\winipbin\mossimo.dll
C:\Windows\winipbin\mrstch.exe
C:\Windows\winipbin\mxcrsc32.exe
C:\Windows\winipbin\prsthasn.exe
C:\Windows\winipbin\quasima.dll
C:\Windows\winipbin\quasimo.dll
C:\Windows\winipbin\rcxaemap.dll
C:\Windows\winipbin\support.crx
C:\Windows\winipbin\support.xml
C:\Windows\winipbin\supportch.crx
C:\Windows\winipbin\supportch.xml
C:\Windows\winipbin\supported.appx
C:\Windows\winipbin\supportf.xpi
C:\Windows\winipbin\svrltmgr.dll
C:\Windows\winipbin\svrltmgr64.dll
C:\Windows\winipbin\svrltwp.dll
C:\Windows\winipbin\svrltwp64.dll
C:\Windows\winipbin\vdorctrl.dll
C:\Windows\winipbin\wdwwsm.dll
C:\Windows\winipbin\wesnthelf.dll
C:\Windows\winipbin\wlcnthr.exe
C:\Windows\winipbin\wzodlg32.dll
C:\Windows\winipbin\yamjrd.dll
C:\Windows\winipbin\zrgrshwin.dll
C:\Windows\SysWOW64\winipdat\kyqdhy.db
C:\Windows\SysWOW64\winipdat\queue.db
C:\Windows\SysWOW64\winipdat\rhlth.dat
C:\Windows\SysWOW64\winipdat\winipdat.log
C:\Windows\System32\winipdat\kyqdhy.db
C:\Windows\System32\winipdat\queue.db
C:\Windows\System32\winipdat\rhlth.dat
C:\Windows\System32\winipdat\winipdat.log
Veriato Processes
mrstch.exe
mxcrsc32.exe
wlcnthr.exe
Admin.exe
SPSetupWin.exe
Preinstaller.exe
spsetup.exe
spsetup64.exe
SDFMigrator.exe
Updated: 08/07/2024