Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New page about allowlisting Elastic Endpoint in 3rd-party AV software #4439

Merged
merged 7 commits into from
Dec 21, 2023
Merged

New page about allowlisting Elastic Endpoint in 3rd-party AV software #4439

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
9ce16d1
Adds new page about allowlisting Elastic Endpoint
benironside Dec 9, 2023
3cf9d95
Update docs/management/admin/allowlist-endpoint-3rd-party-av.asciidoc
benironside Dec 11, 2023
903d60b
Update docs/management/admin/allowlist-endpoint-3rd-party-av.asciidoc
benironside Dec 11, 2023
09f6518
incorporates feedback
benironside Dec 13, 2023
218d4d6
Merge branch 'main' into 3535-allowlist-endpoint-in-3rd-party-AV-apps
benironside Dec 13, 2023
4e0061e
incorporates Gabriel Landau's feedback
benironside Dec 20, 2023
6d3f5fb
Merge branch 'main' into 3535-allowlist-endpoint-in-3rd-party-AV-apps
benironside Dec 20, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 53 additions & 0 deletions docs/management/admin/allowlist-endpoint-3rd-party-av.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
[[allowlist-endpoint-3rd-party-av-apps]]
= Allowlist Elastic Endpoint in third-party antivirus apps

Third-party antivirus (AV) applications may identify the expected behavior of {elastic-endpoint} as a potential threat. Add {elastic-endpoint}'s digital signatures and file paths to your AV software's allowlist to ensure {elastic-endpoint} continues to function as intended.

NOTE: Your AV software may refer to allowlisted processes as process exclusions, ignored processes, or trusted processes.

NOTE: We recommend you allowlist both the file paths and digital signatures, if applicable.
benironside marked this conversation as resolved.
Show resolved Hide resolved

[discrete]
benironside marked this conversation as resolved.
Show resolved Hide resolved
== Allowlist {elastic-endpoint} on Windows

File paths:

* ELAM driver: `c:\Windows\system32\drivers\elastic-endpoint-driver.sys (ELAM driver)`
benironside marked this conversation as resolved.
Show resolved Hide resolved
* Driver: `c:\Windows\system32\drivers\ElasticElam.sys`
* Executable: `c:\Program Files\Elastic\Endpoint\elastic-endpoint.exe`
+
NOTE: The executable runs as `elastic-endpoint.exe`
benironside marked this conversation as resolved.
Show resolved Hide resolved

Digital signatures:

* `Elasticsearch, Inc.`
* `Elasticsearch B.V.`

For additional information about allowlisting on Windows, refer to https://github.com/elastic/endpoint/blob/main/PerformanceIssues-Windows.md#trusting-elastic-defend-in-other-software[Trusting Elastic Defend in other software].

[discrete]
benironside marked this conversation as resolved.
Show resolved Hide resolved
== Allowlist {elastic-endpoint} on macOS

File paths:

* System extension (recursive directory structure): `/Applications/ElasticEndpoint.app/`
+
NOTE: The system extension runs as `co.elastic.systemextension`.

* Executable: `/Library/Elastic/Endpoint/elastic-endpoint`
benironside marked this conversation as resolved.
Show resolved Hide resolved
+
NOTE: The executable runs as `elastic-endpoint.exe`.
benironside marked this conversation as resolved.
Show resolved Hide resolved

Digital signatures:

* Authority/Developer ID Application: `Elasticsearch, Inc (2BT3HPN62Z)`
* Team ID: `2BT3HPN62Z`

[discrete]
benironside marked this conversation as resolved.
Show resolved Hide resolved
== Allowlist {elastic-endpoint} on Linux

File path:

* Executable: `/opt/Elastic/Endpoint/elastic-endpoint`
+
NOTE: The executable runs as `elastic-endpoint`
benironside marked this conversation as resolved.
Show resolved Hide resolved
1 change: 1 addition & 0 deletions docs/management/manage-intro.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,3 +15,4 @@ include::{security-docs-root}/docs/management/admin/event-filters.asciidoc[level
include::{security-docs-root}/docs/management/admin/host-isolation-exceptions.asciidoc[leveloffset=+1]
include::{security-docs-root}/docs/management/admin/blocklist.asciidoc[leveloffset=+1]
include::{security-docs-root}/docs/management/admin/endpoint-artifacts.asciidoc[leveloffset=+1]
include::{security-docs-root}/docs/management/admin/allowlist-endpoint-3rd-party-av.asciidoc[leveloffset=+1]