Antivirus Exclusions

Showing results for 
Search instead for 
Do you mean 
Participant II
Posts: 2
Registered: ‎10-22-2017
#1 of 4 1,074
Accepted Solution

Antivirus Exclusions

Hi All,


I'm running Centrify Privilege Access version 18.10 on-premise in Win Server 2016 with Trend Micro AntiVirus installed on both Servers. I've noticed a slowness in CPS performance and decided to deactivate the AntiVirus for a while and the slowness faded!


Anyone knows what the Directory exclusions to include in Trend Micro? instead of just excluding the whole Centrify Directory in Program Files and Program Data.


PS: I'm new to Centrify :)




Centrify Guru I
Posts: 2,459
Registered: ‎07-26-2012
#2 of 4 1,069

Re: Antivirus Exclusions



This is a great question.

Note that the PAS setup script will automatically add the exclusions for Windows Defender.


Ideally you'd exclude the location of the database and transaction log.  (Defaults to \ProgramData\Centrify\Centrify Identity Platform in the Data and Logs folders respectively); however these locations will change in a clustered scenario.


I'd also exclude the scripts folder.


I see this post has been escalated too, so you'll get a more detailed answer from them.



Want to learn more about practical Centrify examples? Check out my blog at
Follow Centrify:
Participant II
Posts: 2
Registered: ‎10-22-2017
#3 of 4 1,065

Re: Antivirus Exclusions

Thanks Robertson,

I did that for the moment till we receive some detailed answer.
Posts: 3
Registered: ‎12-17-2018
#4 of 4 1,008

Re: Antivirus Exclusions

Regarding how to configure TrendMicro, please see the steps below you can follow for excluding both connector and cloud paths from Trend Micro's scanning.

For the Connector:

  1. In the policy for the machine running the connector I added "C:\Program Files\Centrify" to the Approved Program List under Exceptions.

For the cloud/portal:

  1. Under Global settings --> Approved/Blocked Settings add https://<opieportalurl>/* to the Approved URLs

The portal url exclusion should be done at the global level and pushed to all agents running so that wherever this portal is accessed from if an agent is running on that machine it will be excluded from scanning.