product
service
- Simple Security Consulting [Consulting]
- Splunk SOAR Automation Assessment Service [Consulting]
- Dashboard/SPL Creation Pack [Implementation/Building Support]
- Version upgrade service [implementation and construction support]
- Splunk Premium Apps construction support service [implementation and construction support]
- Splunk Security Log Analysis Start Package [Original App/Service]
- Splunk × CrowdStrike Falcon Insight, Macnica Original App [Original App/Service]
- Government uniform standard compatible App [Original App/Service]
- Smart Security Monitoring App [Original App/Service]
- Splunk × LANSCOPE Original App [Original App/Service]
- Security Monitoring App for Box [Original App/Service]
- Cloud Security Monitoring App [Original App/Service]
- SIEM Operation Monitoring Service [Original App/Service]
- List of services
- Macnica Premium Support for Splunk (utilization support, version upgrade monitoring)
- Macnica Premium Support for Splunk Skill Up Package
Specifications/Technical Information
Application for evaluation machine
- FAQ
About processes and directories excluded from scanning by antivirus products
- release date
- 2016.11.14
- last updated
- 2024-03-04
- version
- Splunk Enterprise 9.1.2
- Overview
- This section describes the processes and directories that are excluded from scanning by antivirus products.
- Reference information
- content
-
If you run Splunk on a host with an antivirus product installed, we strongly recommend that you exclude all Splunk processes and the Splunk installation directory from scanning.
The processes and directories excluded from scanning are listed below.
Excluded processes
-------------
Unix/Linux
-------------
bloom
btool
btprobe
bzip2
cherryd
classify
exporttool
locktest
locktool
node
python*
splunk
splunkd
splunkmon
tsidxprobe
tsidxprobe_plo
walklex
-------------
Windows
-------------
splunk-admon.exe
splunk-compresstool.exe
splunk-MonitorNoHandle.exe
splunk-netmon.exe
splunk-optimize-lex.exe
splunk-optimize.exe
splunk-perfmon.exe
splunk-regmon.exe
splunk-winevtlog.exe
splunk-winhostinfo.exe
splunk-winprintmon.exe
splunk-wmi.exe
splunk.exe
splunkd.exeExcluded directory
- For Splunk Enterprise
- All directories under $SPLUNK_HOME
- All directories under $SPLUNK_DB
*If you have set a destination directory for each index in the indexes.conf file, be sure to exclude that directory as well.
*$SPLUNK_HOME is the installation directory. By default, it is as follows:
<Linux>
/opt/splunk
<Windows>
C:\Program Files\Splunk
*$SPLUNK_DB refers to the directory where Splunk index data is stored, and the default is as follows.
<Linux>
/opt/splunk/var/lib/splunk
<Windows>
C:\Program Files\Splunk\var\lib\splunk
- For Splunk universal forwarder
- All directories under $SPLUNK_HOME
- Directory under /Applications/splunkforwarder (for OS X)
*$SPLUNK_HOME refers to the Splunk installation directory, which is as follows by default.
<Linux>
/opt/splunkforwarder
<Windows>
C:\Program Files\SplunkUniversalForwarder
that's all
In charge of Macnica Splunk Co., Ltd.
- TEL:045-476-2010
- E-mail:splunk-sales@macnica.co.jp
Mon-Fri 8:45-17:30