Trendmicro Exlusions

Sysmon processes “C:\Windows\cyrthwinsys.exe" ve "C:\Program Files\THApplications\cyrthwinsys.exe" must be excluded for real-time scanning in Trenmicro settings.

Cause:

"Windows Server freezes after enabling Anti-Malware module in Cloud One - Workload Security"

Windows freezes after enabling the Anti-Malware module. The issue seems to be caused by an interoperability issue between Microsoft System Monitor (Sysmon) and Trend Micro Deep Security Agent (DSA)."

The exclusion needs to be done from Trendmicro and in the CyberCyte Platform.

TrendMicro

It is also suggested to add the following exclusions in the Process Image File list

Mandatory

C:\Windows\sysmon64.exe
C:\Windows\sysmon.exe
C:\Windows\cyrthwinsys.exe

Optional

Autorunsc Tool

C:\Program Files\ICSFAgentService\files\ps\sysinternals\autorunsc64.exe

Sigcheck Tool

C:\Program Files\ICSFAgentService\files\ps\sysinternals\sigcheck64_v2.90.exe

Sysmon Executable

C:\Windows\cyrthwinsys.exe

Sysmon Executable

C:\Program Files\THApplications\cyrthwinsys.exe

Sysmon Executable

C:\Program Files\THApplications\ Sysmon64.exe

Below are example screenshots:

CyberCyte

In Sysmon polices, the tag for Trendmicro should be added to Exlusion Rules from Policy Settings accessed from Rules and Policies -> Policy Management -> Policesi. Example screenshot is provided below:

PreviousAgent-Based On-Premises Deployment NextTroubleshooting

Last updated 19 days ago

Was this helpful?