Insight Agent requirements - endpoint protection software exclusion

Endpoint Protection with Next-Generation Antivirus

This article does not apply if you use Rapid7's Next-Generation Antivirus add-on, as it is designed to function alongside the Insight Agent. View the Next-Generation Antivirus requirements.

Endpoint Protection Software is an umbrella of applications that can be deployed on assets to detect and block malicious activity from both trusted and untrusted applications.

Endpoint security applications (such as McAfee Threat Intelligence Exchange, CylancePROTECT, Carbon Black, and others) may flag, block, or delete the Insight Agent from your assets depending on your detection and response settings. To prevent this and ensure the successful operation of the Insight Agent, you have to allowlist the Agent in the Endpoint Protection Platform you have deployed in your environment.

Allowlist the Insight Agent within your Endpoint Protection Software

To allowlist the Insight Agent, navigate to your Endpoint Protection Platform and set up a path exclusion rule for the agent directory.

Your rule must accommodate all subdirectories contained in the agent installation path. The following paths show default agent installation locations by operating system:

  • Windows - C:\Program Files\Rapid7\Insight Agent\
  • Mac and Linux - /opt/rapid7/ir_agent/
How to allowlist Insight Agent in Carbon Black
  1. Log into the Carbon Black Cloud Console and create a new Application Policy specifically for the Insight Agent.
  2. Ensure the new application path to the policy points to the correct installation location and includes all subdirectories. By default, the agent is installed under the following directories:
    • Windows - C:\Program Files\Rapid7\Insight Agent\
    • Mac and Linux - /opt/rapid7/ir_agent/
  3. After adding the Agent path, configure the Policy to bypass the Insight Agent directory altogether.

For more details, consult Carbon Black documentation.

How to allowlist Insight Agent in CylancePROTECT
  1. Login into the CylancePROTECT Console and configure the Protection Settings for the devices you want to deploy the Agent to.
  2. Ensure the new protection settings folder exclusion points to the correct installation location and includes all subdirectories. By default, the agent is installed under the following directories:
    • Windows - C:\Program Files\Rapid7\Insight Agent\
    • Mac and Linux - /opt/rapid7/ir_agent/

For more details, consult CylancePROTECT documentation.