Skip to content

Antivirus

They are usually fraught with false-positives because we live in a world of complex greys, not black and white.

At the moment, Microsoft Windows Defender thinks a go executable with virtually nothing in it is the "Trojan:Win32/Wacatac.B!ml" virus https://old.reddit.com/r/golang/comments/s1bh01/goexecutables_and_windows_defender/.

At Tactical we recommend:

Be aware there is also a powershell script to add TRMM exclusions specific to Windows Defender.

Note

If you need to use 3rd party AV, add the necessary exclusions (see below for examples) and submit the exes as safe.

Bitdefender Gravityzone

Admin URL: https://cloud.gravityzone.bitdefender.com/

To exclude the Tactical and MeshCentral agents, go to Policies > {policy name} > Antimalware > Settings > Custom Exclusions.

Antimalware Settings

Add the following exclusions. The ATS/IDS module does not support file exclusions, only folder exclusions.

File Excluded Items Modules Notes
Folder C:\ProgramData\TacticalRMM\ On-demand, On-Access, ATC/IDS All TRMM scripts are saved here to run
Folder %ProgramFiles%\Mesh Agent\ On-demand, On-Access, ATC/IDS Excludes Mesh Agent from ATC/IDS
Folder %ProgramFiles%\TacticalAgent\ On-demand, On-Access, ATC/IDS Excludes TacticalAgent from ATC/IDS
Process %ProgramFiles%\Mesh Agent\MeshAgent.exe On-Access, ATC/IDS Excludes Mesh Agent service (process) from ATC/IDS
Process %ProgramFiles%\TacticalAgent\tacticalrmm.exe On-Access, ATC/IDS Excludes tacticalrmm service (process) from ATC/IDS
File %ProgramFiles%\Mesh Agent\MeshAgent.exe On-demand, On-Access This may not be needed since the entire folder is excluded
File %ProgramFiles%\TacticalAgent\tacticalrmm.exe On-demand, On-Access This may not be needed since the entire folder is excluded

Antimalware Exclusions

To exclude URLs: Policies > {policy name} > Network Protection > Content Control > Settings > Exclusions

Web Exclusions

Web Exclusions

Webroot

Admin URL:

Web Exclusions

Web Exclusions

Web Exclusions

Web Exclusions

Sophos

Sophos Central Admin

Go To Global Settings > General > Global Exclusions > Add Exclusion

Agent Exclusions

Agent Exclusions

Agent Exclusions

Agent Exclusions

Agent Exclusions

Sophos XG Firewall

Agent Exclusions

Log into Sophos Central Admin:

Admin URL: https://cloud.sophos.com/

Log into the Sophos XG Firewall.

Go To System > Hosts and services > FQDN Host Group and create a new group.

FW Exclusions

Go To System > Hosts and services > FQDN Host.

Create the following 3 hosts and add each to your FQDN host group.

  • api.yourdomain.com
  • mesh.yourdomain.com
  • rmm.yourdomain.com (Optional if you want your client to have GUI access to Tactical RMM)

FW Exclusions

FW Exclusions

Go To Hosts and services > Services and create the following services:

  • Name: Tactical-Service-443
    • Protocol: TCP
    • Source port: 1:65535
    • Destination port: 443

FW Exclusions

FW Exclusions

Go To Hosts and services > Service group and create the following service group:

FW Exclusions

Go To Protect > Rules and policies and add a firewall rule:

  • Rule name: Tactical Rule
  • Rule position: Top
  • Source zones: LAN
  • Source networks: ANY
  • Destination zones: WAN
  • Destination networks: Your FQDN Host Group
  • Services: Tactical Services

FW Exclusions

FW Exclusions

Optionally select Log Firewall Traffic checkbox for troubleshooting.

ESET ESMC Console

There are two spots:

  1. In the Detection Engine > Performance Exclusions.
  2. Web Access Protection > URL Address Management.

Web Exclusions

Web Exclusions

Web Exclusions

Web Exclusions

Web Exclusions