Endpoint allowlisting and antivirus considerations for the Endpoint Security agent

SECURITY Service account or administrator-level rights on the target endpoint

To enable real-time security scanning, Datto EDR has several binaries that you'll need to allowlist for execution in the security tools on your target endpoints. You can implement the exclusions by hash or by file and path.

This article describes the files you'll need to add to your exception policies. To learn about networking requirements for the Endpoint Security agent, refer to Endpoint firewall and networking requirements for the Endpoint Security agent.

NOTE Executable and antivirus allowlisting is not necessary for macOS systems.

Installation and agent executables

Add the following paths to your security allowlists.

Platform	Path
Windows	%SystemDrive%\Program Files\Infocyte\Agent\agent.exe
Linux	opt/infocyte/agent/agent.exe
RMM	%SystemDrive%\ProgramData\CentraStage\AEMAgent\RMM.AdvancedThreatDetection\agent.exe

NOTE You can allowlist the executables by hash if your antivirus solution supports doing so. You can find a list of hashes in your EDR instance at > Organizations > select an organization > select a location > > Download Agent.

Agent application folder

While rare, you may find that you need to allowlist the agent application folder in your antivirus solution. You can allowlist the following directories or use the hashes found under the download section to specify the specific files.

Platform	Path
Windows	%SystemDrive%\Program Files\Infocyte\Agent
Linux	opt/infocyte/

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.