Processes and directories excluded from scanning by antivirus products

Security business menu

Security business
HOME

To be elected
cause

Service

Handling Manufacturer

Examples/reports/
Blog/Glossary

Seminar/
video on demand

TOP

Products/Services

Specifications/Technical Information

Specifications/Technical Information

solution

solution

User stories

support

Seminar content

Evaluation machine application/FAQ

Application for evaluation machine
- Splunk Evaluation Download
FAQ

Document request

inquiry

Event/Seminar

video on demand

About processes and directories excluded from scanning by antivirus products

release date: 2016.11.14

last updated: 2024-03-04

version: Splunk Enterprise 9.1.2

Overview: This section describes the processes and directories that are excluded from scanning by antivirus products.

Reference information

https://docs.splunk.com/Documentation/Splunk/9.1.2/ReleaseNotes/RunningSplunkalongsideWindowsantivirusproducts

content

If you run Splunk on a host with an antivirus product installed, we strongly recommend that you exclude all Splunk processes and the Splunk installation directory from scanning.

The processes and directories excluded from scanning are listed below.

Excluded processes

-------------
Unix/Linux
-------------
bloom
btool
btprobe
bzip2
cherryd
classify
exporttool
locktest
locktool
node
python*
splunk
splunkd
splunkmon
tsidxprobe
tsidxprobe_plo
walklex

-------------
Windows
-------------
splunk-admon.exe
splunk-compresstool.exe
splunk-MonitorNoHandle.exe
splunk-netmon.exe
splunk-optimize-lex.exe
splunk-optimize.exe
splunk-perfmon.exe
splunk-regmon.exe
splunk-winevtlog.exe
splunk-winhostinfo.exe
splunk-winprintmon.exe
splunk-wmi.exe
splunk.exe
splunkd.exe

Excluded directory

For Splunk Enterprise

All directories under $SPLUNK_HOME
All directories under $SPLUNK_DB

*If you have set a destination directory for each index in the indexes.conf file, be sure to exclude that directory as well.

*$SPLUNK_HOME is the installation directory. By default, it is as follows:

<Linux>

/opt/splunk

C:\Program Files\Splunk

*$SPLUNK_DB refers to the directory where Splunk index data is stored, and the default is as follows.

<Linux>

/opt/splunk/var/lib/splunk

C:\Program Files\Splunk\var\lib\splunk

For Splunk universal forwarder

All directories under $SPLUNK_HOME
Directory under /Applications/splunkforwarder (for OS X)

*$SPLUNK_HOME refers to the Splunk installation directory, which is as follows by default.

<Linux>

/opt/splunkforwarder

C:\Program Files\SplunkUniversalForwarder

that's all

to previous page

In charge of Macnica Splunk Co., Ltd.

inquiry Document request

TEL：045-476-2010
E-mail：splunk-sales@macnica.co.jp

Weekdays: 9:00-17:00

Site Search