- Elastic Cloud Serverless
- Elasticsearch
- Elastic Observability
- Get started
- Observability overview
- Elastic Observability Serverless billing dimensions
- Create an Observability project
- Quickstart: Monitor hosts with Elastic Agent
- Quickstart: Monitor your Kubernetes cluster with Elastic Agent
- Quickstart: Monitor hosts with OpenTelemetry
- Quickstart: Unified Kubernetes Observability with Elastic Distributions of OpenTelemetry (EDOT)
- Quickstart: Collect data with AWS Firehose
- Get started with dashboards
- Applications and services
- Application performance monitoring (APM)
- Get started with traces and APM
- Learn about data types
- Collect application data
- View and analyze data
- Act on data
- Use APM securely
- Reduce storage
- Managed intake service event API
- Troubleshooting
- Synthetic monitoring
- Get started
- Scripting browser monitors
- Configure lightweight monitors
- Manage monitors
- Work with params and secrets
- Analyze monitor data
- Monitor resources on private networks
- Use the CLI
- Configure a Synthetics project
- Multifactor Authentication for browser monitors
- Configure Synthetics settings
- Grant users access to secured resources
- Manage data retention
- Scale and architect a deployment
- Synthetics Encryption and Security
- Troubleshooting
- Application performance monitoring (APM)
- Infrastructure and hosts
- Logs
- Inventory
- Incident management
- Data set quality
- Observability AI Assistant
- Machine learning
- Reference
- Get started
- Elastic Security
- Elastic Security overview
- Security billing dimensions
- Create a Security project
- Elastic Security requirements
- Elastic Security UI
- AI for Security
- Ingest data
- Configure endpoint protection with Elastic Defend
- Manage Elastic Defend
- Endpoints
- Policies
- Trusted applications
- Event filters
- Host isolation exceptions
- Blocklist
- Optimize Elastic Defend
- Event capture and Elastic Defend
- Endpoint protection rules
- Identify antivirus software on your hosts
- Allowlist Elastic Endpoint in third-party antivirus apps
- Elastic Endpoint self-protection features
- Elastic Endpoint command reference
- Endpoint response actions
- Cloud Security
- Explore your data
- Dashboards
- Detection engine overview
- Rules
- Alerts
- Advanced Entity Analytics
- Investigation tools
- Asset management
- Manage settings
- Troubleshooting
- Manage your project
- Changelog
Allowlist Elastic Endpoint in third-party antivirus apps
editAllowlist Elastic Endpoint in third-party antivirus apps
editIf you use other antivirus (AV) software along with Elastic Defend, you may need to add the other system as a trusted application in the Elastic Security app. Refer to Trusted applications for more information.
Third-party antivirus (AV) applications may identify the expected behavior of Elastic Endpoint—the installed component that performs Elastic Defend’s threat monitoring and prevention—as a potential threat. Add Elastic Endpoint’s digital signatures and file paths to your AV software’s allowlist to ensure Elastic Endpoint continues to function as intended. We recommend you allowlist both the file paths and digital signatures, if applicable.
Your AV software may refer to allowlisted processes as process exclusions, ignored processes, or trusted processes. It is important to note that file, folder, and path-based exclusions/exceptions are distinct from trusted applications and will not achieve the same result. This page explains how to ignore actions taken by processes, not how to ignore the files that spawned those processes.
Allowlist Elastic Endpoint on Windows
editFile paths:
-
ELAM driver:
c:\Windows\system32\drivers\elastic-endpoint-driver.sys -
Driver:
c:\Windows\system32\drivers\ElasticElam.sys -
Executable:
c:\Program Files\Elastic\Endpoint\elastic-endpoint.exeThe executable runs as
elastic-endpoint.exe.
Digital signatures:
-
Elasticsearch, Inc. -
Elasticsearch B.V.
For additional information about allowlisting on Windows, refer to Trusting Elastic Defend in other software.
Allowlist Elastic Endpoint on macOS
editFile paths:
-
System extension (recursive directory structure):
/Applications/ElasticEndpoint.app/The system extension runs as
co.elastic.systemextension. -
Executable:
/Library/Elastic/Endpoint/elastic-endpoint.app/Contents/MacOS/elastic-endpointThe executable runs as
elastic-endpoint.
Digital signatures:
-
Authority/Developer ID Application:
Elasticsearch, Inc (2BT3HPN62Z) -
Team ID:
2BT3HPN62Z
Allowlist Elastic Endpoint on Linux
editFile path:
-
Executable:
/opt/Elastic/Endpoint/elastic-endpointThe executable runs as
elastic-endpoint.
On this page