Antivirus Exclusions For Patch Deployments

Version 7

    Purpose

     

    This document lists the file directories and specific executable that may be blocked by antivirus applications.

     

    When these are blocked, patches often remain stuck in a Scheduled or Executing status, and machines may fail to reboot after deployment. On your console, antivirus interference can cause instability, unexpected behavior, and database connection issues.

     

    Resolution

     

    Console Files(located in C:\Program Files\LANDESK\Shavlik Protect)

     

    • ST.Protect.exe
    • HFCLI.exe
    • ST.TaskScheduler.exe
    • ST.ServiceHost.exe
    • ST.TaskHost.exe

     

    Console Directories

    • C:\ProgramData\Landesk\Shavlik Protect

      C:\Program Files\LANDESK\Shavlik Protect

     

    Agentless Deployments - On Client Machines

     

    • STDeploy.exe
    • STSchedEx.exe
    • STScheduleview.exe
    • SafeReboot.exe
    • CL5.exe
    • C:\Windows\ProPatches
    • Any patch specific services(Windows update service, adobe updater, etc.)

     

    Agent-Based Deployments - On Client Machines

     

    • STAgentUI.exe
    • STAgent.exe
    • STPatch.exe
    • STDispatch.exe
    • C:\Program Files (x86)\LANDESK\Shavlik Protect Agent
    • C:\ProgramData\Landesk\Shavlik Protect

     

    Additional Information

     

    Most AV won't block things like the STAgentUI.exe. For agents, technically any of the files in C:\Program Files (x86)\LANDESK\Shavlik Protect Agent can be used, so we provide the most heavily used executable for scanning and patching. Asset scanning and A/V operations processed by agents use additional executable files that may need to be white listed.

     

    Affected Product(s)

     

    Protect 9.x

    Ivanti Patch for Windows Servers 9.3+