Rapid7 Agent (Insight Agent) requirements - endpoint protection software exclusion
Copy link

⚠️

Endpoint Protection with Next-Generation Antivirus

This article does not apply if you use Rapid7’s Next-Generation Antivirus add-on, as it is designed to function alongside the Rapid7 Agent (Insight Agent). View the Next-Generation Antivirus requirements.

Endpoint Protection Software is an umbrella of applications that can be deployed on assets to detect and block malicious activity from both trusted and untrusted applications.

Endpoint security applications (such as McAfee Threat Intelligence Exchange, CylancePROTECT, Carbon Black, and others) may flag, block, or delete the Rapid7 Agent (Insight Agent) from your assets depending on your detection and response settings. To prevent this and ensure the successful operation of the Rapid7 Agent (Insight Agent), you have to allowlist the Agent in the Endpoint Protection Platform you have deployed in your environment.

Allowlist the Rapid7 Agent (Insight Agent) within your Endpoint Protection Software
Copy link

To allowlist the Rapid7 Agent (Insight Agent), navigate to your Endpoint Protection Platform and set up a path exclusion rule for the agent directory.

Your rule must accommodate all subdirectories contained in the agent installation path. The following paths show default agent installation locations by operating system:

  • Windows - C:\Program Files\Rapid7\Insight Agent\
  • Mac and Linux - /opt/rapid7/ir_agent/

How to allowlist Rapid7 Agent (Insight Agent) in Carbon Black

  1. Log into the Carbon Black Cloud Console and create a new Application Policy specifically for the Rapid7 Agent (Insight Agent).
  2. Ensure the new application path to the policy points to the correct installation location and includes all subdirectories. By default, the agent is installed under the following directories:
    • Windows - C:\Program Files\Rapid7\Insight Agent\
    • Mac and Linux - /opt/rapid7/ir_agent/
  3. After adding the Agent path, configure the Policy to bypass the Rapid7 Agent (Insight Agent) directory altogether.

For more details, consult Carbon Black documentation.

How to allowlist Rapid7 Agent (Insight Agent) in CylancePROTECT

  1. Login into the CylancePROTECT Console and configure the Protection Settings for the devices you want to deploy the Agent to.
  2. Ensure the new protection settings folder exclusion points to the correct installation location and includes all subdirectories. By default, the agent is installed under the following directories:
    • Windows - C:\Program Files\Rapid7\Insight Agent\
    • Mac and Linux - /opt/rapid7/ir_agent/

For more details, consult CylancePROTECT documentation.