Skip to content
Contact us Customer portal Sign in
  • There are no suggestions because the search field is empty.

How to set up exceptions for Safetica Client in your antivirus

To maintain the proper functioning of Safetica Client, you may need to whitelist certain files, folders, and URLs in your antivirus software.

 

To ensure full compatibility and avoid possible conflict, we highly recommend keeping your system and antivirus software up to date and manually setting exceptions for the Safetica folders, processes, and URLs mentioned below.

In this article, you will learn more about:

Here you can find how to set the exceptions mentioned in this article in selected antivirus software:

 

 


Exceptions for Safetica services

If you are getting suspicious operations alerts from your antivirus regarding Safetica services such as STCservice.exe, STContentservice.exe, STEventservice.exe, or STAservice.exe, you can set them as allowed.

 

 


Exceptions for files and folders

💻Safetica On-Prem only: Set these exceptions in your antivirus software for Safetica server:

General format Windows format

%programdata%\OneConsole

C:\ProgramData\OneConsole

%programdata%\Safetica Management Service

C:\ProgramData\Safetica Management Service

%programdata%\STEventService\

C:\ProgramData\STEventService\

%programfiles%\Safetica Management Console

C:\Program Files\Safetica Management Console

%programfiles%\Safetica Management Service

C:\Program Files\Safetica Management Service

%programfiles%\Safetica Server

C:\Program Files\Safetica Server

 

🪟Windows devices: Set these exceptions in your antivirus software for Safetica Client:

General format Windows format

%programfiles%\Safetica\

C:\Program Files\Safetica\

%programdata%\Safetica Client Service\

C:\ProgramData\Safetica Client Service\

%programdata%\STEventService\

C:\ProgramData\STEventService\

%programdata%\Installers\

C:\ProgramData\Installers\

%systemroot%\System32\drivers\dc2drv.sys

C:\Windows\System32\drivers\dc2drv.sys
%systemroot%\System32\drivers\fltenum.dll C:\Windows\System32\drivers\fltenum.dll
%systemroot%\SysWOW64\STAgent.dll C:\Windows\SysWOW64\STAgent.dll

%systemroot%\SysWOW64\STEventService.exe

 C:\Windows\SysWOW64\STEventService.exe
%systemroot%\SysWOW64\STInstallAgent.dll C:\Windows\SysWOW64\STInstallAgent.dll

✨Safetica Platform only:

%systemroot%\SysWOW64\AgentConnectorProxy\

C:\Windows\SysWOW64\AgentConnectorProxy\ 

Only Safetica 11.21 and older:

%systemroot%\Temp\install_update.bat

 

C:\Windows\Temp\install_update.bat

Only Safetica 11.21 and older:

%systemroot%\Temp\vcredist_x64.exe

 

C:\Windows\Temp\vcredist_x64.exe

Only Safetica 11.21 and older:

%systemroot%\Temp\vcredist_x86.exe

 

C:\Windows\Temp\vcredist_x86.exe

Only Safetica 11.21 and older:

%systemroot%\Temp\InstallLogs\

 

C:\Windows\Temp\InstallLogs\

 

🍏macOS devices: Set these exceptions in your antivirus software for Safetica Client:

Path
/Library/Application Support/Safetica

 

 


Exceptions for URLs

Set the following exceptions in your antivirus or firewall:

Reason for exception URL

💻Communication for Safetica On-Prem

 *.safetica.com
✨Connecting devices to Safetica Platform

The list of URLs to allow in your antivirus/firewall can be found here.

 

 


Exceptions we recommend adding to Sentinel ONE if you are experiencing issues

For Safetica:

Value Mode
C:\Windows\System32\drivers\dc2drv.sys Performance
C:\Windows\SysWOW64\STEventService.exe Performance
C:\Windows\SysWOW64\stagent.dll Performance
C:\Windows\SysWOW64\AgentConnectorProxy Performance
C:\Program Files\Safetica Management Service\ Performance
C:\Program files\Safetica\ Performance

 

For MS Teams:

Value Mode
\Device\HarddiskVolume*\Program File*\Teams Installer\Teams.exe Performance
\Device\HarddiskVolume*\Users\*\AppData\Local\Microsoft\Teams\Update.exe Performance
\Device\HarddiskVolume*\Users\*\AppData\Local\Microsoft\Teams\current\Teams.exe Performance

 

🍏 macOS: SentinelOne falsely flags Safetica Client update as a threat

On macOS, SentinelOne's Behavioral AI engine can flag the Safetica Client's update installer as a potential threat. This is a false positive. The detection is a Dynamic / Behavioral AI alert with an Undefined verdict, which means no malware signature matched. The engine reacted heuristically to the normal install-time activity of a security agent updating itself.

The flagged files are the legitimate Safetica Client update signed with Safetica's Apple Developer ID and notarized by Apple. You can confirm the package is authentic on the device and then add an exclusion so SentinelOne stops alerting on future updates.

What the SentinelOne alert flags

  • dw-temp.<random>.pkg files are the Safetica Client update installer, downloaded by our agent into /Library/Application Support/Safetica/ and installed via Apple's standard /usr/sbin/installer. The random characters are just a temporary-file suffix, and the file size exactly matches the full Safetica Client installer.
  • The shove process is Apple's own PackageKit installer helper, not a Safetica file.
  • backgroundtaskmanagementd is a macOS system daemon, not a Safetica file. It appears only because it registers the launch services that the installer adds.
  • Behavioral indicators such as installing launch daemons, importing a certificate, and running as root are the expected, required actions of an endpoint DLP agent updating itself.

✍️ The installer package also includes an appended Safetica configuration section that the Safetica Client reads to connect to your Safetica Server. This is expected, is added by your Safetica Server for your environment, and does not affect the Apple signature or notarization.

How to verify the installer package is genuine

You can verify that any flagged .pkg is the authentic directly on the device:

  1. Open Terminal on the macOS device.
  2. Check the code-signing certificate by running: pkgutil --check-signature "<path to .pkg>".
  3. Check notarization and Gatekeeper acceptance by running: spctl -a -vvv -t install "<path to .pkg>".

✍️ For a genuine Safetica package, these commands confirm:

  • Status: signed by a developer certificate issued by Apple for distribution.
  • Notarization: trusted by the Apple notary service.
  • Certificate chain: Developer ID Installer: Safetica Technologies s.r.o (BY965YU8ZP) → Apple Root CA.
  • spctl: accepted, source = Notarized Developer ID.

✍️ The agent verifies the Developer ID signature and the Apple trust chain on every package it downloads, and refuses and deletes anything that fails - so packages are guaranteed authentic before they run. The install directory is writable only by root.

How to stop the false alerts in SentinelOne

❗For the exact steps for creating exclusions, please refer to SentinelOne documentation.

Once you have confirmed the package is genuine, add an exclusion in SentinelOne so its Behavioral AI engine stops flagging future Safetica updates. Use a certificate-based exclusion rather than a file hash - a certificate-based rule stays valid across all future updates, whereas a file-hash rule covers only the current installer version.

  1. Create an exclusion in your SentinelOne management console, based on the software's code-signing certificate.
  2. Set the certificate identity to Safetica's Apple Developer ID: Safetica Technologies s.r.o, Team ID BY965YU8ZP.
  3. Scope the exclusion to the Safetica install directory: /Library/Application Support/Safetica/.
  4. Save the exclusion.

❗The certificate exclusion runs in Performance Focus mode (monitoring disabled for the signed processes, not just alerts suppressed), which is why you should scope it to /Library/Application Support/Safetica/

❗ We are glad to provide the full code-signing details and join a SentinelOne support case with you to have the signed packages recognized.

 

 


Exceptions we recommend adding to ESET if you are experiencing issues 

Add the following exclusions for Safetica into Policy Settings > Protections > Real-time File System Protection > Process exclusions

 

 C:\Program Files\Safetica\STCservice.exe 

 C:\Program Files\Safetica\netcore\STContentservice.exe 

✍️Here you can find how to set the exceptions mentioned in this article in ESET PROTECT.

 

 

 

What to do when setting exceptions does not help

If setting exceptions for folders, processes, or URLs in your antivirus or firewall does not solve your issue, please contact Safetica Support and submit the following information:

  1. The exact name and edition of your antivirus software - including the management console, endpoint application, etc.
  2. The version of your antivirus software.
  3. Screenshots and logs from your antivirus software from when the issue was detected or manifested itself.
  4. Export of your antivirus settings so that we can try reproducing the issue.
  5. The version of Safetica you are using.
  6. Logs from Safetica - STool etc.
  7. Your Safetica settings - data policies settings, website policies settings, etc.
  8. Issue description and how it manifests itself (e.g. a notification about something being detected, some files are deleted, etc.)
  9. Exact description of what the issue causes - whether injecting stops working, webpages can't load, DLP does not work, etc.