Endpoint allowlisting and antivirus considerations for the Endpoint Security agent

PERMISSIONS Service account or administrator-level rights on the target endpoint

To enable real-time security scanning, Datto EDR has several binaries that you'll need to allowlist for execution in the security tools on your target endpoints. You can implement the exclusions by hash or by file and path.

In general, it is not recommended to run multiple security products that perform the same function on the same device. For example, as a best practice, do not run Bitdefender alongside Datto AV since both provide antivirus protection.

You can, however, run security products that serve different purposes on the same endpoint. To prevent conflicts, ensure that all authorized security products are properly allowlisted in their respective portals. This prevents the tools from scanning legitimate security processes and interfering with their operation.

This article describes the files you'll need to add to your exception policies. To learn about networking requirements for the Endpoint Security agent, refer to Endpoint firewall and networking requirements for the Endpoint Security agent.

Installation and agent executables

Add the following paths to your security allowlists.

NOTE For customers utilizing Datto RMM and Datto EDR, you will need to allowlist both agent paths listed in this table as Datto RMM now deploys EDR its in traditional directory. For more informationabout this change refer to the RMM 13.9 release notes.

Platform	Path
Windows	%SystemDrive%\Program Files\Infocyte\Agent\agent.exe Datto RMM customers: %SystemDrive%\ProgramData\CentraStage\AEMAgent\ RMM.AdvancedThreatDetection\agent.exe
Linux	Opt/infocyte/agent/agent.exe Datto RMM customers: /usr/local/share/CentraStage/AEMAgent/RMM.AdvancedThreatDetection/ agent.exe
macOS	/usr/local/infocyte/agent/agent.exe Datto RMM customers: /usr/local/share/CentraStage/AEMAgent/RMM.AdvancedThreatDetection/ agent.exe
RMM	%SystemDrive%\ProgramData\CentraStage\AEMAgent\ RMM.AdvancedThreatDetection\agent.exe AND %SystemDrive%\Program Files\Infocyte\Agent\agent.exe

NOTE You can allowlist the executables by hash if your antivirus solution supports doing so. You can find a list of hashes in your EDR instance at > Organizations > select an organization > select a location > > Download Agent.

Agent application folder

NOTE For customers utilizing Datto RMM and Datto EDR, you will need to allowlist both agent paths listed in this table as Datto RMM now deploys EDR its in traditional directory. For more information about this change refer to the RMM 13.9 release notes.

While rare, you may find that you need to allowlist the agent application folder in your antivirus solution. You can allowlist the following directories or use the hashes found under the download section to specify the specific files.

Platform	Path
Windows	%SystemDrive%\Program Files\Infocyte\Agent Datto RMM customers: %SystemDrive%\ProgramData\CentraStage\AEMAgent\ RMM.AdvancedThreatDetection\
Linux	/opt/infocyte/agent Datto RMM customers: /usr/local/share/CentraStage/AEMAgent/RMM.AdvancedThreatDetection
macOS	/usr/local/infocyte/agent Datto RMM customers: /usr/local/share/CentraStage/AEMAgent/RMM.AdvancedThreatDetection/

Revision	Date
Updated platform paths.	7/8/25
Added paragraphs about running multiple security products.	10/7/25

	Need help? Submit a Kaseya Helpdesk request.
	Want to talk about it? Head over to Kaseya Community.
	Have a new feature idea? Visit the Kaseya Ideas portal.
	Provide feedback for the Documentation team.