Creating exclusions/exception rules for Binalyze AIR Responder on EPP and EDR Solutions

It’s common for Anti-virus, EPP, and EDR (Endpoint Detection and Response) solutions to utilize exception rules in order to avoid unintentionally blocking important files or activities necessary for normal business operations.

These rules act as exclusions, allowing specific files, processes, or activities to bypass the security software's detection or blocking mechanisms. This is necessary in cases such as false-positive alerts triggered by (a) a legitimate application that may resemble malware or (b) a critical system file that is falsely flagged as malicious by security software.

To ensure proper functionality, Binalyze AIR responder uses distinct executables for different tasks, all of which must be excluded by associated security solutions. Binalyze offers folder-level exception rules exclusively for the Binalyze AIR responder folder since different security solutions have varying exception mechanisms. See below for the operating system-specific full paths to the Binalyze AIR responder folders.

Microsoft Windows

Binalyze AIR Responder Folder

C:\Program Files (x86)\Binalyze\AIR\agent\*

Binalyze AIR Watchdog Folder:

C:\ProgramData\.binalyze-air/*

or

%ProgramData%\.binalyze-air*

Linux

Binalyze AIR Responder Folder

/opt/binalyze/air/agent/*

Binalyze AIR Watchdog Folder

/usr/share/.binalyze-air/*

macOS

Binalyze AIR Responder Folder

/opt/binalyze/air/agent/*

Binalyze AIR Watchdog Folder

/usr/local/share/.binalyze-air/*