Creating exclusions/exception rules for Binalyze AIR Responder on EPP and EDR Solutions
It’s common for anti-virus, EPP, and EDR (Endpoint Detection and Response) solutions to utilize exception rules to avoid unintentionally blocking important files or activities necessary for normal business operations.
These rules act as exclusions, allowing specific files, processes, or activities to bypass the security software's detection or blocking mechanisms. This is necessary in cases such as false-positive alerts triggered by (a) a legitimate application that may resemble malware or (b) a critical system file that is falsely flagged as malicious by security software.
To ensure proper functionality, the Binalyze AIR responder uses distinct executables for different tasks, all of which must be excluded by associated security solutions. Binalyze offers folder-level exception rules exclusively for the Binalyze AIR responder folder since different security solutions have varying exception mechanisms. See below for the operating system-specific full paths to the Binalyze AIR responder folders.
Windows
Folders to Exclude:
C:\Program Files (x86)\Binalyze\AIR\agent\
C:\ProgramData.binalyze-air
Binaries to Exclude:
C:\Program Files (x86)\Binalyze\AIR\agent\AIR.exe
C:\Program Files (x86)\Binalyze\AIR\agent\DRONE.exe
C:\Program Files (x86)\Binalyze\AIR\agent\TACTICAL.exe
%ProgramData%.binalyze-air\WATCHDOG.exe
C:\Program Files (x86)\Binalyze\AIR\agent\utils\curl.exe
C:\Program Files (x86)\Binalyze\AIR\agent\utils\osqueryi.exe
Linux
Folders to Exclude:
Binaries to Exclude:
/opt/binalyze/air/agent/air
/opt/binalyze/air/agent/drone
/opt/binalyze/air/agent/tactical
/opt/binalyze/air/agent/utils/osqueryi
/opt/binalyze/air/agent/utils/curl
/usr/share/.binalyze-air/watchdog
macOS
Folders to Exclude:
Binaries to Exclude:
/opt/binalyze/air/agent/air
/opt/binalyze/air/agent/drone
/opt/binalyze/air/agent/tactical
/opt/binalyze/air/agent/utils/osqueryi
/opt/binalyze/air/agent/utils/curl
/usr/share/.binalyze-air/watchdog
Last updated