Third Party Exclusions - Tanium Agent FAQs - Tanium Tech Talks #89

Third Party Exclusions - Tanium Agent FAQs - Tanium Tech Talks #89

tanium logo
Tanium
May 8, 2024
Tanium

My endpoints have other agents beside Tanium. How do I get them to play well together? The onboarding checklist for every new Tanium customer includes a step on third party agent exclusions. Most IT shops have anywhere from 5 to 15 agents running on their servers and workstations, everything from antivirus to data loss prevention. So how can we make sure that Tanium functions well alongside those other agents? This is the next installment in our Tanium Agent FAQ series. Also pick up bonus Windows performance tips from an industry veteran in this behind-the-scenes interview with a Tanium Principal Escalation Engineer.

  • Balance endpoint performance and security with proper exclusions
  • See documentation for processes and paths to exclude
  • Recognize and investigate agent conflicts
  • Tanium package included for capturing ETL traces
  • Use Enforce to automatically populate MDE exclusions

#informationsecurity #informationtechnology #taniumagentfaqs #etl #windows

RESOURCES
All videos in this series
Agent Impact
https://youtu.be/1YeM-bWKrCE
Exclusions
https://youtu.be/ttGNqxy1g5s
Virtualized Endpoints
https://youtu.be/VmbithnovgY

Enforce Policy for Anti-Malware Tanium Exclusions
https://help.tanium.com/bundle/ug_enforce_cloud/page/enforce/policies.html#admx-machine

Producing Microsoft Windows ETLs for Improved Endpoint Analysis with Tanium's Default Content
https://help.tanium.com/bundle/z-kb-articles-salesforce/page/kA07V000000H8kUSAS.html

Procmon: How to Troubleshoot Performance Issues on Windows Endpoints by Leveraging Available Tools and Tanium Sensors
https://community.tanium.com/s/article/How-to-Troubleshoot-Performance-Issues-on-Windows-Endpoints-by-Leveraging-Available-Tools-and-Tanium-Sensors

Reference: Endpoint security exclusions
https://help.tanium.com/bundle/ug_client_cloud/page/client/security_exclusions.html

help.tanium.com, search “How to configure antivirus exclusions” (requires login)
https://help.tanium.com/search

Why are Multiple TaniumClient.exe Processes Running?
https://help.tanium.com/bundle/z-kb-articles-salesforce/page/kA00e000000kCeaCAE.html

Tanium Tech Talk: Performance module
https://www.youtube.com/watch

CHAPTERS

00:00 Intro

00:49 Meet Jeff

02:05 What other agents?

03:50 Why exclusions?

05:22 What do you exclude? Processes & paths.

07:23 AMSI Anti-Malware Scan Interface

08:27 How do I know something is wrong?

09:48 What kinds of tools do you use?

11:51 Event Trace Log ETL with Tanium

17:02 Why do I see all those Tanium processes?

18:27 Zombie processes

19:24 Virtualized infrastructure considerations

20:35 Tips for troubleshooting

22:05 Resources to help

23:38 We're here to help

24:56 Wrap up

Copyright © 2024 OpsMatters™. All rights reserved.