# Trendmicro Exlusions

&#x20;

Sysmon processes “C:\Windows\cyrthwinsys.exe" ve "C:\Program Files\THApplications\cyrthwinsys.exe" must be excluded for real-time scanning in Trenmicro settings.

&#x20;**Cause:**

"Windows Server freezes after enabling Anti-Malware module in Cloud One - Workload Security"

Windows freezes after enabling the Anti-Malware module. The issue seems to be caused by an interoperability issue between Microsoft System Monitor (Sysmon) and Trend Micro Deep Security Agent (DSA)."

<https://success.trendmicro.com/dcx/s/solution/000294699?language=en_US>

&#x20;The exclusion needs to be done from Trendmicro and in the CyberCyte Platform.

### TrendMicro

It is also suggested to add the following exclusions in the Process Image File list

#### Mandatory

* C:\Windows\sysmon64.exe
* C:\Windows\sysmon.exe
* C:\Windows\cyrthwinsys.exe

#### Optional

| Autorunsc Tool    | C:\Program Files\ICSFAgentService\files\ps\sysinternals\autorunsc64.exe       |
| ----------------- | ----------------------------------------------------------------------------- |
| Sigcheck Tool     | C:\Program Files\ICSFAgentService\files\ps\sysinternals\sigcheck64\_v2.90.exe |
| Sysmon Executable | C:\Windows\cyrthwinsys.exe                                                    |
| Sysmon Executable | C:\Program Files\THApplications\cyrthwinsys.exe                               |
| Sysmon Executable | C:\Program Files\THApplications\ Sysmon64.exe                                 |

Below are  example screenshots: &#x20;

![](blob:https://app.gitbook.com/0b9a50f4-b4fd-4f11-8c02-2576d25aa853)

&#x20;

![](blob:https://app.gitbook.com/29b5c1f1-b8d0-40f8-9a91-b0096835d336)

![](blob:https://app.gitbook.com/53284cc4-4796-41d6-a8e6-ce0ff176b0c9)

&#x20;

![](blob:https://app.gitbook.com/9d9bcfd6-b656-48b2-b9b8-cd33847d2f20)

CyberCyte

&#x20;In Sysmon polices, the tag for Trendmicro should be added to Exlusion Rules from Policy Settings accessed from Rules and Policies -> Policy Management -> Policesi. Example screenshot is provided below:

<figure><img src="/files/ilMJsRhE6bWjOF3g6LKS" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/04vlxh2YC8HwV0eEd9ym" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cloudcyte.com/pre-requirements-and-initialization-of-the-platform/access-and-exlusion-requirements/trendmicro-exlusions.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.