Antivirus Exclusions For Patch Deployments

Version 7



    This document lists the file directories and specific executable that may be blocked by antivirus applications.


    When these are blocked, patches often remain stuck in a Scheduled or Executing status, and machines may fail to reboot after deployment. On your console, antivirus interference can cause instability, unexpected behavior, and database connection issues.




    Console Files(located in C:\Program Files\LANDESK\Shavlik Protect)


    • ST.Protect.exe
    • HFCLI.exe
    • ST.TaskScheduler.exe
    • ST.ServiceHost.exe
    • ST.TaskHost.exe


    Console Directories

    • C:\ProgramData\Landesk\Shavlik Protect

      C:\Program Files\LANDESK\Shavlik Protect


    Agentless Deployments - On Client Machines


    • STDeploy.exe
    • STSchedEx.exe
    • STScheduleview.exe
    • SafeReboot.exe
    • CL5.exe
    • C:\Windows\ProPatches
    • Any patch specific services(Windows update service, adobe updater, etc.)


    Agent-Based Deployments - On Client Machines


    • STAgentUI.exe
    • STAgent.exe
    • STPatch.exe
    • STDispatch.exe
    • C:\Program Files (x86)\LANDESK\Shavlik Protect Agent
    • C:\ProgramData\Landesk\Shavlik Protect


    Additional Information


    Most AV won't block things like the STAgentUI.exe. For agents, technically any of the files in C:\Program Files (x86)\LANDESK\Shavlik Protect Agent can be used, so we provide the most heavily used executable for scanning and patching. Asset scanning and A/V operations processed by agents use additional executable files that may need to be white listed.


    Affected Product(s)


    Protect 9.x

    Ivanti Patch for Windows Servers 9.3+