How to set up exceptions for Safetica Client in your antivirus
To maintain proper functioning of Safetica Client, you may need to whitelist certain files, folders, and URLs in your antivirus software.
Information in this article applies to Safetica ONE 10 or older.
To ensure full compatibility and avoid possible conflict, we highly recommend keeping your system and antivirus software up to date and manually setting exceptions for the Safetica folders, processes, and URLs mentioned below.
In this article, you will learn more about:
- Exceptions for Safetica services
- Exceptions for files and folders
- Exceptions for URLs
-
Exceptions we recommend adding to Sentinel ONE when MS Teams does not launch correctly
- What to do when setting exceptions does not help
Here you can find how to set the exceptions mentioned in this article in selected antivirus software:
Exceptions for Safetica services
If you are getting suspicious operations alerts from your antivirus regarding Safetica services such as STCservice.exe, STContentservice.exe, STEventservice.exe, or STAservice.exe, you can set them as allowed.
Exceptions for files and folders
Set these exceptions in your antivirus software:
For all systems:
| General format | Windows format |
|
%programfiles%\Safetica\ |
C:\Program Files\Safetica\ |
|
%programdata%\Safetica Client Services\ |
C:\ProgramData\Safetica Client Services\ |
|
%programdata%\STEventService\ |
C:\ProgramData\STEventService\ |
|
%programdata%\Installer\ |
C:\ProgramData\Installer\ |
|
%systemroot%\Temp\install_update.bat |
C:\Windows\Temp\install_update.bat |
|
%systemroot%\Temp\InstallLogs\ |
C:\Windows\Temp\InstallLogs\ |
|
%systemroot%\System32\drivers\dc2drv.sys |
C:\Windows\System32\drivers\dc2drv.sys |
| %systemroot%\System32\drivers\fltenum.dll | C:\Windows\System32\drivers\fltenum.dll |
We are aware that exceptions for the %systemroot%\Temp folder are considered bad practice, but they are necessary for our existing product architecture.
For 64-bit systems:
| General format | Windows format |
|
%systemroot%\SysWOW64\STAgent.dll |
C:\Windows\SysWOW64\STAgent.dll |
|
%systemroot%\SysWOW64\STEventService.exe |
C:\Windows\SysWOW64\STEventService.exe |
|
%systemroot%\SysWOW64\AgentConnectorProxy\ |
C:\Windows\SysWOW64\AgentConnectorProxy\ |
| %systemroot%\SysWOW64\STInstallAgent.dll | C:\Windows\SysWOW64\STInstallAgent.dll |
For 32-bit systems:
| General format | Windows format |
|
%systemroot%\System32\STAgent.dll |
C:\Windows\System32\STAgent.dll |
|
%systemroot%\System32\STEventService.exe |
C:\Windows\System32\STEventService.exe |
|
%systemroot%\System32\AgentConnectorProxy\ |
C:\Windows\System32\AgentConnectorProxy\ |
| %systemroot%\System32\STInstallAgent.dll | C:\Windows\System32\STInstallAgent.dll |
Exceptions for URLs
Set the following exceptions in your antivirus or firewall:
For Safetica NXT:
| Reason for exception | URL |
| Connecting endpoints to NXT |
https://apim-saas-endpoint-pr-001.azure-api.net https://nxt-endpoint-api.safetica.com/ https://stsaasupdaterpr001.blob.core.windows.net/endpoint-binaries |
For endpoints:
| Reason for exception | URL |
| Sending statistics from endpoints | diagnostics.safetica.com |
| Sending statistics from endpoints | http://link.safetica.com/Telemetry/ |
For Safetica ONE:
| Reason for exception | URL |
| Product updates | https://getupdate.safetica.com |
| Definition updates |
http://s3.amazonaws.com/SES5_AWE_DB (for Safetica 10.3 and older) definitions.safetica.com (for Safetica 10.4+) |
| Updates of website and application categories | https://cloudapi.safetica.com |
| Sending statistics from endpoints | http://link.safetica.com/Telemetry/ |
For WebSafetica:
| Reason for exception | URL |
| MDM communication | https://mguard.safetica.com/ |
| MDM communication | https://mguard2.safetica.com/ |
Exceptions we recommend adding to Sentinel ONE when MS Teams does not launch correctly
For Safetica:
| Value | Mode |
| C:\Windows\System32\drivers\dc2drv.sys | Interoperability |
| C:\Windows\SysWOW64\STEventService.exe | Interoperability |
| C:\Program Files\Safetica Management Service\ | Interoperability |
| C:\Program files\Safetica\ | Interoperability |
For MS Teams:
| Value | Mode |
| \Device\HarddiskVolume*\Program File*\Teams Installer\Teams.exe | Interoperability |
| \Device\HarddiskVolume*\Users\*\AppData\Local\Microsoft\Teams\Update.exe | Interoperability |
| \Device\HarddiskVolume*\Users\*\AppData\Local\Microsoft\Teams\current\Teams.exe | Interoperability |
What to do when setting exceptions does not help
If setting exceptions for folders, processes, or URLs in your antivirus or firewall does not solve your issue, please contact Safetica Support and submit the following information:
- The exact name and edition of your antivirus software - including the management console, endpoint application, etc.
- The version of your antivirus software.
- Screenshots and logs from your antivirus software from when the issue was detected or manifested itself.
- Export of your antivirus settings so that we can try reproducing the issue.
- The version of Safetica you are using.
- Logs from Safetica - STool etc.
- Your Safetica settings - DLP policies, Web control settings, etc.
- Issue description and how it manifests itself (e.g. a notification about something being detected, some files are deleted, etc.)
- Exact description of what the issue causes - whether injecting stops working, webpages can't load, DLP does not work, etc.