AntiVirus Exclusions For Patch Deployments

Version 6

    Purpose

     

    This document lists the file directories and specific executable that may be blocked by Anti Virus applications.

     

    When these are blocked, patches often remain stuck in a Scheduled or Executing status, and machines may fail to reboot after deployment. On your console, Anti Virus interference can cause instability, unexpected behavior, and database connection issues.

     

    Resolution

     

    Console Files(located in C:\Program Files\LANDESK\Shavlik Protect)

     

    • ST.Protect.exe
    • HFCLI.exe
    • ST.TaskScheduler.exe
    • ST.ServiceHost.exe
    • ST.TaskHost.exe

     

    Console Directories

    • C:\ProgramData\Landesk\Shavlik Protect

      C:\Program Files\LANDESK\Shavlik Protect

     

    Agentless Deployments - On Client Machines

     

    • STDeploy.exe
    • STSchedEx.exe
    • STScheduleview.exe
    • SafeReboot.exe
    • CL5.exe
    • C:\Windows\ProPatches
    • Any patch specific services(Windows update service, adobe updater, etc.)

     

    Agent-Based Deployments - On Client Machines

     

    • STAgentUI.exe
    • STAgent.exe
    • STPatch.exe
    • STDispatch.exe
    • C:\Program Files (x86)\LANDESK\Shavlik Protect Agent
    • C:\ProgramData\Landesk\Shavlik Protect

     

    Additional Information

     

    Most AV won't block things like the STAgentUI.exe. For agents, technically any of the files in C:\Program Files (x86)\LANDESK\Shavlik Protect Agent can be used, so we provide the most heavily used executable for scanning and patching. Asset scanning and A/V operations processed by agents use additional executable files that may need to be white listed.

     

    Affected Product(s)

     

    Protect 9.x