Which directories and files do I need to allow-list for the SMA Agent? (4272244)

Which directories and files do I need to allow-list for the SMA Agent?

Sometimes Anti-Virus software may scan KACE Systems Management Appliance (SMA) executables or files in directories and tag them as threats.

This article explains which executables/files, directories, and registry keys need to be Allow Listed in order for the SMA Agent to work properly.

A. Directories that must be Allow-Listed in any antivirus solution.

All versions:

• C:\ProgramData\Quest\Kace - Configuration and log files are located here
• C:\Windows\System32\KUsrInit.exe - Allows execution of managed installations and scripts at login or boot up.
• C:\Windows\Temp - Used to store temp files to run agent tasks (for example dklF794.tmp this may vary).
• C:\Windows\System32\cscript.exe - Deployment scripts are written in VBScript and used during the deployment of patches

From version 14.0 and above (64-bit):

• C:\Program Files\Quest\Kace - This is where KACE executables reside.

From version 13.2 and below (32-bit):

• C:\Program Files (x86)\Quest\Kace - This is where KACE executables reside.

 

B. Detail of Executable files on agent folders:

ProgramFiles folder:

• AMPTools.exe: Can be manually run on CMD for different actions.
• AMPWatchDog.exe: Ensures the agent is unstuck when necessary.
• Inventory.exe: Inventory process.
• KacePatch.exe: Handles SMA tasks such as scanning and deploying patch payloads.
• KCopy.exe: Copies dependencies to their specified location for Scripts/Managed Installs.
• KDeploy.exe: Deploys packages to devices.
• KInventory.exe: Inventory process.
• klog.exe: Enables agent logging
• KMenu.exe: System Tray icon, for inventory, snoozing, etc.
• konea.exe: Persistent connection to SMA.
• KPlugins.exe: background agent tasks.
• KSchedulerSvc.exe: Handles Offline KScripts
• kstatus.exe: Can be manually on CMD run to obtain: Agent Version, Hostname, KUID, and if it's running & connected to the SMA.
• KSWMeterSvc.exe: Handles metering.
• KUserAlert.exe: Window that appears for deploying patches, and snoozing notifications.
• kwol.exe: Handles Wake-on-LAN
• runkbot.exe: Runs scripts. Can be manually used for running a specific script on demand.

ProgramData folder:

• C:\ProgramData\Quest\KACE\modules\clientidentifier\clientidentifier.exe - Correctly identifies a device when browsing through the SMA's WebUI.
• C:\ProgramData\Quest\KACE\modules\detex\detex.exe - Allows for Detached Execution to run, so that agent disconnects won't interrupt an ongoing task.

C. Other observations

While PowerShell is not required for the agent to perform it's core tasks, it's required for some inventory collection. More info here. If PowerShell is blocked, it can cause the agent to stall and need to be restarted to continue processing tasks.

D. Vendor-specific information

The following have been found with customers using these products, and have been confirmed by our support staff to resolve issues. Do note that these may change as the third-party products are updated or changed:

• Sophos: Adding a Global Exclusion of Exclude folder from ransomware protection: C:\Program Files (x86)\Quest\KACE
• Cylance: Disabling memory protection.