Infocyte: Exclusions

Description

Anti-Virus Exclusions

There are several binaries that should be allowed for execution by other security tool on targeted endpoints. You can do so by hash (found on the Download page within the Admin Panel) or by file and path.

With the release of the Real-Time Security features in Infocyte the whitelisted files have changed.

The following paths and files will be used by Infocyte during installation and production:

Windows

  • C:\windows\temp\Infocyte.exe
  • C:\Program Files\Infocyte\Agent

Linux

  •  /tmp/infocyte.exe
  •  /opt/infocyte/agent

Agent Whitelisting

While rare, some AV engines may require the Agent Application folder to be whitelisted in Agent based deployments of Infocyte. You can whitelist the following directories or use the hashes found under the download section to specify the specific files.

Windows:

  • C:\program files\infocyte\agent

Linux:  

  • /opt/infocyte/

Whitelisting by Hash

You can whitelist in your AV by hash as well assuming it supports this. Our hashes can always be found in the "/admin/downloads" page of your Infocyte console.

Endpoint to Cloud:

  • For each agent deployed in your environment, bidirectional communication from TCP port 443 to the URL for your instance must be permitted.
  • Infocyte IP Addresses to allow:
    • 3.221.153.58
    • 3.227.41.20
    • 3.229.46.33
    • 35.171.204.49
    • 52.200.73.72
    • 52.87.145.239
  • dl.infocyte.com (Amazon CloudFront, IP Range can vary based on location. Recommended for optimal performance)
  • *.infocyte.com- This communication is secured with TLS 1.2/1.3 (HTTPS) and applies to both agents and agentless (temporary agents). If you are on a network with SSL Inspection/Decryption you might need to bypass decryption for your instance <CNAME>.infocyte.com, and dl.infocyte.com.
  • Required ports for communication with EDR cloud infrastructure
    Image
  • Brokers communication with EDR cloud infrastructure; can alternatively allowlist *.es.datto.net
    Image
  • Amazon S3 webhosts for Datto EDR cloud infrastructure
    Image

 

Additional Exclusions on an as needed basis

  • .infocyte.com
  • hunt-saas-surveys.s3.amazonaws.com
  • hunt-saas-surveys.s3.us-east-1.amazonaws.com
  • infocyte-downloads.s3.us-east-1.amazonaws.com

Related Articles

  • CS : Child CID Provisioning
    Read More
  • Cylance - Uninstalling Agent
    Read More
  • Cylance - Support Collection Tool
    Read More

Categories

Managed Security Services
Infocyte
not finding your answers?
Ask the Community
was this article helpful?
YesNo