//=========================================================================
// PRCSFLGS.DAT
//
// This file allows control of how DG Control Flags are applied
// to processes when they run or are found to be running.
//
// Current Process Flags Definition
// (Version 9.3.0)
//
//
//
//  Control Flag Name         Parameter  Value
//  ------------------------  ---------  -----------
//  MPO_INVISIBLE             IN                   1
//  MPO_IMMORTAL              IM                   2
//  MPO_SKIPPED               SK                   4
//  MPO_CD_BURNER             CD                   8
//  MPO_TRUSTED               TR                  16
//  MPO_SYSTEM                SY                  32
//  MPO_AGENT                 AG                  64
//  MPO_BYPASS                BY                 128
//  MPO_NO_INJECT             NI                 256
//  MPO_SUBCLASS              SB                 512
//  MPO_TRUSTED_FILEOPEN      TF                1024
//  MPO_WINDOW_STEALTH_SAFE   WS                2048
//  MPO_UBER_STEALTH          US                4096
//  MPO_EXPLORER              EX                8192
//  MPO_MULTI_DOC             MD               16384
//  MPO_MULTI_WIN             MW               32768
//  MPO_NO_PROMPTING          NP               65536
//  MPO_BACKUP                BK              131072
//  MPO_NO_APP_LOGGING        NA              262144
//  MPO_ARCHIVING             AR              524288
//  MPO_NO_CLASSIFICATION     NC             1048576
//  MPO_NO_DOC_PROPERTIES     ND             2097152
//  MPO_SCANNER               SC             4194304
//  MPO_RENAME_UNSAFE         RU             8388608
//  MPO_NO_TAG_PROPAGATION    TP            16777216
//  MPO_AGENT_3RD_PARTY       A3            33554432
//  MPO_ALLOW_ACI_SVC_ACCESS  AI            67108864
//  MPO_NO_VAULTING           NV           134217728
//  MPO_SCREEN_CAPTURING      SR           268435456
//  MPO_FILE_PATH_LOCK        FP           536870912

//  MPO_NO_NETWORK_OPS        NN          2147483648
//  MPO_NO_REPARSE            NR          4294967296
//  MPO_PROPAGATE_FLAGS       PR          8589934592
//  MPO_NO_CDBURN             NB         17179869184
//  MPO_NLNOTES               NL         34359738368
//  MPO_BACKUP_INTENT_HONORED BI         68719476736  // no reparse for a create marked FILE_OPEN_FOR_BACKUP_INTENT
//  MPO_ALLOW_SCREEN_CAPTURE          AS         137438953472  
//  MPO_CLASSIFICATION_ON_CLOSE       CC         274877906944
//  MPO_NO_ENCRYPTION                 NE         549755813888
//  MPO_SHARING_SENSITIVE             SH        1099511627776
//  MPO_NO_CLOSED_FILE_HISTORY        NH        2199023255552      // don't maintain closed file history for this process
//  MPO_DISABLE_WND_PROC_HOOK         WP        4398046511104      // No subclassing - We will not hook the window procedure
//  MPO_RESERVE_VM                    VM        8796093022208
//  MPO_NO_USER_AUTHORIZATION         NU       17592186044416
//  MPO_NO_SAM_PROTECTION             NS       35184372088832
//  MPO_CLASSIFICATION_STREAM_SAFE    CSS      70368744177664 
//  MPO_SYSTEM_KEY_ADMIN              KE      140737488355328
//  MPO_STOP_PROPAGATED_FLAGS         NPR     281474976710656 
//  MPO_NO_REPARSE_PATH               RP      562949953421312  // DirCtrl.dat "SECTION AFE PROCESS NO REPARSE FILES:" has to be set to specify no_reparce files
//  MPO_NO_ON_THE_FLY_CLASSIFICATION  NF     1125899906842624
//  MPO_ENABLE_ASYNC_WRITESTREAM      AW     2251799813685248
//  MPO_TRUSTED_WHILE_NO_EGRESS       TN     4503599627370496
//  MPO_NO_FILTERING                  NFLT   9007199254740992
//  MPO_NO_PROCESS_EVENT              NPROC 18014398509481984  // DG 7.0 : Do not send process refernce events for this process.
//  MPO_CLASSIFY_ON_OVERWRITE         CO    36028797018963968  // Output file to classify is saved with OVERWRITE_IF.
//  MPO_NO_RESET                      NRST 576460752303423488  // On update of process flags keep original process flags for running processes.
//  MPO_DETECT_USER_COPY              DC  1152921504606846976  // Detect user copies in the kernel.

// Note: The old flag "EH" or  MPO_ENUMERATE_DIR_HEADERS  =  1073741824 is not used anymore

// You can a line to this file for each process you need special handling for.
// Simply specify the parameters you want after the process image name.
//
// Example:
//        notepad.exe, TR+SK+IM    //<--MPO_TRUSTED | MPO_SKIPPED | MPO_IMMORTAL
//        winword.exe, NC+ND       //<--MPO_NO_CLASSIFICATION | MPO_NO_DOC_PROPERTIES
//
// You may also use the numeric sum by adding together the appropriate values
//
// Example:
//		notepad.exe,22	     // <-MPO_TRUSTED | MPO_SKIPPED | MPO_IMMORTAL
//		notepad.exe,3145728  // <-MPO_NO_CLASSIFICATION | MPO_NO_DOC_PROPERTIES 
//
//
// Image names are limited to 15 characters.  
//
// 4.0 and 5.0 prcsflgs.dat entries may include 2 optional qualifiers,
// fileVersion and companyname, separated by commas.
// The fileVersion qualifier may be used with or without companyname.
//
// fileVersion may be included as a nn.nn.nn.nn string,
// where nn represents a decimal number, whose value must be less than 
// 65,536 (ie a USHORT).
//
// companyname may be included as a string of characters as appears in
//		the version properties displayed for companyname.
//
// Entries without either will return flags to any process, with
// matching image name, but whose version/companyname does not match any 
// entries having version/companyname data.
//
// Example:
//
//		winword.exe, WS+SB, 11.0.6502.0, Microsoft Corporation
//		dbgview.exe, 0256, 4.32.0.0	
//
// Whitespace is generally ignored.
//
// Here is a VERY common one
//      some_app.exe, NI+SK+NC+ND
//
// equivalent to...
//      some_app.exe, 3145988
//
//
// Here is a another VERY common one
//      some_app.exe, NI+SK+NC+ND+TR
//
// equivalent to...
//      some_app.exe, 3146004
//
// You may also use an MD5 if running a V6.1 or better DGAGENT:
//
//      notepad.exe, MD5=5E28284F9B5F9097640D58A73D38AD4C, NI
//
//      You can include version info with MD5 entries as well:
//
//      notepad.exe, MD5=5E28284F9B5F9097640D58A73D38AD4C, NI, 5.1.2600.5512, Microsoft Corporation
//
//
//      NOTE: older agents will ignore lines with MD5= in the line as this is
//            invalid for them.
//
//===========================================================================

//=====================================================================================================
// START OF ENTRIES TAKEN FROM PROCESSFLAGS.C
// Note:
//  * This file contains duplicate process flag entries and they are case insensitive. Duplicate entries 
//    are intentionally inserted for completeness of list of processes for a given section.
//=====================================================================================================
pdboot.exe,SK+NI+NC+ND+NA+RU+NV
smss.exe,SK+NI+NC+ND+NA+RU+NV
msdtc.exe,SK+NI+NC+ND+NA+NV
csrss.exe,SK+NI+NC+ND+NA+NV
termsrv.exe,SK+NI+NC+ND+NA+NV
lsass.exe,SK+NI+NC+ND+NA+NV
LsaIso.exe,SK+NI+NC+ND+NA+NV+NPR
psxss.exe,SK+NI+NC+ND+NA+NV
alescan.exe,SK+NI+NC+ND+NA+NV
ccalert.exe,SK+NI+NC+ND+NA+NV
ccimscan.exe,SK+NI+NC+ND+NA
ccprod.exe,SK+NI+NC+ND+NA
ccpwdsvc.exe,SK+NI+NC+ND+NA+NV
ccpxysvc.exe,SK+NI+NC+ND+NA+NV
ccregvfy.exe,SK+NI+NC+ND+NA
ccscan.exe,SK+NI+NC+ND+NA+NV
ccshtdwn.exe,SK+NI+NC+ND+NA
frameworkservic,SK+NI+NC+ND+NA
iralrshl.exe,SK+NI+NC+ND+NA
lucomserver.exe,SK+NI+NC+ND+NA+NV
mcagent.exe,SK+NI+NC+ND+NA+NV
mcappins.exe,SK+NI+NC+ND+NA+NV
mcdash.exe,SK+NI+NC+ND+NA+NV
mcinfo.exe,SK+NI+NC+ND+NA+NV
mcmnhdlr.exe,SK+NI+NC+ND+NA+NV
mcscript.exe,SK+NI+NC+ND+NA+NV
mcupdmgr.exe,SK+NI+NC+ND+NA+NV
mcupdui.exe,SK+NI+NC+ND+NA+NV
navapsvc.exe,SK+NI+NC+ND+NA+NV
navapw32.exe,SK+NI+NC+ND+NA+NV
navstub.exe,SK+NI+NC+ND+NA+NV
navw32.exe,SK+NI+NC+ND+NA+NV
navwnt.exe,SK+NI+NC+ND+NA
nis.exe,SK+NI+NC+ND+NA
nisum.exe,SK+NI+NC+ND+NA
nmain.exe,SK+NI+NC+ND+NA
ofcdog.exe,SK+NI+NC+ND+NA
pccbrows.exe,SK+NI+NC+ND+NA
pccguide.exe,SK+NI+NC+ND+NA
pcclient.exe,SK+NI+NC+ND+NA
pccmain.exe,SK+NI+NC+ND+NA
pccpfw.exe,SK+NI+NC+ND+NA
pcctool.exe,SK+NI+NC+ND+NA
pmntsrv.exe,SK+NI+NC+ND+NA
pmoagent.exe,SK+NI+NC+ND+NA
sevinst.exe,SK+NI+NC+ND+NA
symant~1.exe,SK+NI+NC+ND+NA+NV
symmoni.exe,SK+NI+NC+ND+NA+NV
symtdirg.exe,SK+NI+NC+ND+NA+NV
taskhost.exe,SK+NI+NC+ND+NA+NV
tmupdito.exe,SK+NI+NC+ND+NA+NV
tra.exe,SK+NI+NC+ND+NA+NV
zapro.exe,SK+NI+NC+ND+NA+NV
zonealarm.exe,SK+NI+NC+ND+NA+NV
msvcmon.exe,SK+NI+NC+ND+NA
userinit.exe,SK+NI+NC+ND+NA+PR
explorer.exe,TF+EX+NV+NU+NPR
ie4uinit.exe,SK+NI+NC+ND+NA+PR+NPR

// fix for bug #3897 (mshta.exe will not start if injected)
mshta.exe,NI+NC+ND+NA

dfssvc.exe,SK+NI+NC+ND+NA+NV
llssrv.exe,SK+NI+NC+ND+NA+NV

// Following are VISTA processes, seen at logon, and "potentially" causing VISTA to error out logon 
// and to generate nasty grams complaining about system tampering
autochk.exe,SK+NI+NC+ND+NA+NV
wininit.exe,SK+NI+NC+ND+NA+NV
lsm.exe,SK+NI+NC+ND+NA+NV
logonui.exe,SK+NI+NC+ND+NA+NV
slsvc.exe,SK+NI+NC+ND+NA+NV
taskeng.exe,SK+NI+NC+ND+NA+NV
dwm.exe,SK+NI+NC+ND+NA+NV
searchindexer.e,SK+NI+NC+ND+NA+NV

// remote registry service ( fix for bug #3932 )
regsvc.exe,SK+NI+NC+ND

java.exe,NI
javaw.exe,NI

// Known CD BURN processes
nero.exe,CD 
creator7.exe,CD
creator6.exe,CD
creator8.exe,CD
drgtodisc.exe,CD

// [start] -----------------------------------------
// CITRIX processes
// we don't care about citrix processes
//--------------------------------------------------
cdmsvc.exe,SK+NI+NA+NV
ssonsvr.exe,SK+NI+NA+NV
// don't propagate flags from parent so CITRIX shared apps will be injected properly
// otherwise, they will be marked as SKIPPED!
wfshell.exe,NPR+SK+NI+NC+ND+NA+NV  

// adding a series of flags based on an email from Support about Citrix processes
// not including wfshell since it conflicts with the previous coment.
// All other processes include PR as per the field. This may cause DG to be blind to some processes.
AuthManSvr.exe,NI+SK+NC+ND+TR+PR
BNDevice.exe,NI+SK+NC+ND+TR+PR
CdfSvc.exe,NI+SK+NC+ND+TR+PR
CitrixCseEngin,NI+SK+NC+ND+TR+PR
concentr.exe,NI+SK+NC+ND+TR+PR
CpSvc.exe,NI+SK+NC+ND+TR+PR
CtxSvcHost.exe,NI+SK+NC+ND+TR+PR
encsvc.exe,NI+SK+NC+ND+TR+PR
HCAService.exe,NI+SK+NC+ND+TR+PR
IMAAdvanceSrv.,NI+SK+NC+ND+TR+PR
ImaSrv.exe,NI+SK+NC+ND+TR+PR
mfcom.exe,NI+SK+NC+ND+TR+PR
RadeHlprSvc.ex,NI+SK+NC+ND+TR+PR
RadeObj.exe,NI+SK+NC+ND+TR+PR
RadeSvc.exe,NI+SK+NC+ND+TR+PR
Receiver.exe,NI+SK+NC+ND+TR+PR
SelfServicePlu,NI+SK+NC+ND+TR+PR
SemsService.ex,NI+SK+NC+ND+TR+PR
StatusTray.exe,NI+SK+NC+ND+TR+PR
UserProfileMan,NI+SK+NC+ND+TR+PR
VDARedirector.,NI+SK+NC+ND+TR+PR
wfcrun32.exe,NI+SK+NC+ND+TR+PR
XTE.exe,NI+SK+NC+ND+TR+PR
// also adding the recommended Documented flags for performance, when they do not conflict with the previous ones
vmacthlp.exe,SK+TR+NI+NC+ND
fbserver.exe,SK+TR+NI+NC+ND
rscorsvc.exe,SK+TR+NI+NC+ND
stSchedEx.exe,SK+TR+NI+NC+ND
ctxactivesync.e,SK+TR+NI+NC+ND
ctxxmlss.exe,SK+TR+NI+NC+ND
SmaService.exe,SK+TR+NI+NC+ND


// [end] -------------------------------------------

// [start] -----------------------------------------
// KENSINGTON MOUSE WORKS
kmw_run.exe,SK+NI+NC+ND+NA+NV
kmw_show.exe,SK+NI+NC+ND+NA+NV
// [end] -------------------------------------------

// Windows VISTA and Windows 7 Processes
audiodg.exe,SK+NI+NC+ND+NA+NV+PR+NPR+NPROC
ui0detect.exe,SK+NI+NC+ND+NA+NV
mfpmp.exe,SK+NI+NC+ND+NA+NV+NPR

// ACI / Autonomy / Attivio
kvoop.exe,SK+NI+NC+ND+NA+NV+A3
agentstore.exe,SK+NI+NC+ND+NA+NV+A3
autonomydish.ex,SK+NI+NC+ND+NA+NV+A3
dginspect.exe,SK+NI+NC+ND+NA+NV+A3
aieadvte.exe,SK+NI+NC+ND+NA+NV+A3


// The SRV driver handles SMB requests - and the oplock on the file is usually taken (atleast for W2K3 SP2)
// This means that the tagging method of signalling the agent process to open and tag the file cannot work
// since it will hang/deadlock.  The thread in IRP_MJ_CREATE will timeout in 5 seconds, but the classification
// will still fail.  By marking the thread NO CLASSIFICATION, classification (on-the-fly) will not occur
// and therefore no deadlock (but no classification either).
//{ L"srv.sys", MPO_NO_CLASSIFICATION

snagiteditor.ex,SR
snagit32.exe,SR
snagpriv.exe,SR

// DG-DDNA
ddna3.exe,SK+TR+TF+NI+NC+ND+NA+NV+A3+NPR

//=====================================================================================================
// END OF ENTRIES TAKEN FROM PROCESSFLAGS.C
//=====================================================================================================

//-------------------------------------------
// Verdasys Digital Guardian Agent Applications
//-------------------------------------------
dgmapiutil.exe,SK
mfcmapi.exe,SK,,Microsoft Corporation
dgupdate.exe,NI+SK+BY+AG+NC+ND+NA+NV+NE
dgupdate2.exe,NI+SK+BY+AG+NC+ND+NA+NV+NE
// dgET is used to tell the agent to retrieve settings, and cannt be injected
dgET.exe, NI+SK+NC+ND+TR
ScannerMonitor.,SK
DGStat.exe,SK
//Bug #12841 - Dgkill does not work in stealth mode
DgKillExe.exe,4
terminator.exe,4
// uninstall using dgagentsetup.exe
roleBES:dgagentsetup.ex,SK+NI
// DGProfiler install
DGProfilerInsta,NI+SK+TR
DGJournal.exe,NI+SK+AG+NC+ND+NA+NV+NE
dgextract.exe,NI+SK+NC+ND+TR

//-------------------------------------------
// AppV application and its children
//-------------------------------------------
sfttray.exe,RP+PR

//---------------------------------------------------------
// Universal Apps :aka MetroApps - Excluded for AFE
//---------------------------------------------------------
wwahost.exe,NR+PR
runtimebroker.exe,NR+PR
wshost.exe,NR+PR
sihost.exe,RP+PR



//-------------------------------------------
// Broadcom MoCA applications
//-------------------------------------------
oc8800_emulatio,NI+SK+NC+ND+TR
moca_simulator.,NI+SK+NC+ND+TR
motek.exe,NI+SK+NC+ND+TR
calc_iq.exe,NI+SK+NC+ND+TR
calc_snr.exe,NI+SK+NC+ND+TR
gen_reg_batch.e,NI+SK+NC+ND+TR
gen_reg_batch_p,NI+SK+NC+ND+TR
show_packet.exe,NI+SK+NC+ND+TR
show_slicer.exe,NI+SK+NC+ND+TR
start_moca.exe,NI+SK+NC+ND+TR
avhdl.exe,NI+SK+NC+ND+TR

//-------------------------------------------
// Clearcase 7
//-------------------------------------------

abe.exe,NI+SK+NC+ND+TR
act_null_cs.exe,NI+SK+NC+ND+TR
admin_server.ex,NI+SK+NC+ND+TR
albd_server.exe,NI+SK+NC+ND+TR
bdtm.exe,NI+SK+NC+ND+TR
ccdoctor.exe,NI+SK+NC+ND+TR
ccfs_server.exe,NI+SK+NC+ND+TR
CCImportWizard.,NI+SK+NC+ND+TR
ccjbinstall.exe,NI+SK+NC+ND+TR
ccperl.exe,NI+SK+NC+ND+TR
Clearaas.exe,NI+SK+NC+ND+TR
clearapplywizar,NI+SK+NC+ND+TR
clearaudit.exe,NI+SK+NC+ND+TR
clearcomptree.e,NI+SK+NC+ND+TR
cleardescribe.e,NI+SK+NC+ND+TR
cleardiff.exe,NI+SK+NC+ND+TR
cleardiffbl.exe,NI+SK+NC+ND+TR
cleardiffmrg.ex,NI+SK+NC+ND+TR
cleardlg.exe,NI+SK+NC+ND+TR
clearexplorer.e,NI+SK+NC+ND+TR
clearexport_cca,NI+SK+NC+ND+TR
clearexport_cvs,NI+SK+NC+ND+TR
clearexport_ffi,NI+SK+NC+ND+TR
clearexport_pvc,NI+SK+NC+ND+TR
clearexport_rcs,NI+SK+NC+ND+TR
clearexport_ssa,NI+SK+NC+ND+TR
clearfindco.exe,NI+SK+NC+ND+TR
clearfsimport.e,NI+SK+NC+ND+TR
clearhistory.ex,NI+SK+NC+ND+TR
clearhomebase.e,NI+SK+NC+ND+TR
clearimport.exe,NI+SK+NC+ND+TR
clearlicense.ex,NI+SK+NC+ND+TR
clearlstype.exe,NI+SK+NC+ND+TR
clearmake.exe,NI+SK+NC+ND+TR
clearmenuadmin.,NI+SK+NC+ND+TR
clearmrgman.exe,NI+SK+NC+ND+TR
clearprojexp.ex,NI+SK+NC+ND+TR
clearprojtool.e,NI+SK+NC+ND+TR
clearprompt.exe,NI+SK+NC+ND+TR
cleartool.exe,NI+SK+NC+ND+TR
clearviewtool.e,NI+SK+NC+ND+TR
clearviewupdate,NI+SK+NC+ND+TR
clearvobtool.ex,NI+SK+NC+ND+TR
clearvtree.exe,NI+SK+NC+ND+TR
cqconfig.exe,NI+SK+NC+ND+TR
cqquery.exe,NI+SK+NC+ND+TR
cqtrigger_coci.,NI+SK+NC+ND+TR
cqtrigger_unco.,NI+SK+NC+ND+TR
credmap_server.,NI+SK+NC+ND+TR
crmregister.exe,NI+SK+NC+ND+TR
db_dumper.exe,NI+SK+NC+ND+TR
db_loader.exe,NI+SK+NC+ND+TR
db_server.exe,NI+SK+NC+ND+TR
hostid.exe,NI+SK+NC+ND+TR
htmlmgr.exe,NI+SK+NC+ND+TR
imsglog.exe,NI+SK+NC+ND+TR
lockmgr.exe,NI+SK+NC+ND+TR
msitedlg.exe,NI+SK+NC+ND+TR+NE+PR
multitool.exe,NI+SK+NC+ND+TR
mvfscache.exe,NI+SK+NC+ND+TR
mvfslog.exe,NI+SK+NC+ND+TR
mvfsstat.exe,NI+SK+NC+ND+TR
mvfsstorage.exe,NI+SK+NC+ND+TR
mvfstest.exe,NI+SK+NC+ND+TR
mvfstime.exe,NI+SK+NC+ND+TR
mvfsversion.exe,NI+SK+NC+ND+TR
notify.exe,NI+SK+NC+ND+TR
omake.exe,NI+SK+NC+ND+TR
pbimport.exe,NI+SK+NC+ND+TR
pblpopulate.exe,NI+SK+NC+ND+TR
promote_server.,NI+SK+NC+ND+TR
rccbuild.exe,NI+SK+NC+ND+TR
rccMKSecure.exe,NI+SK+NC+ND+TR
rccTSOServer.ex,NI+SK+NC+ND+TR
regsync.exe,NI+SK+NC+ND+TR
rgy_backup.exe,NI+SK+NC+ND+TR
rgy_check.exe,NI+SK+NC+ND+TR
rgy_passwd.exe,NI+SK+NC+ND+TR
rgy_switchover.,NI+SK+NC+ND+TR
scrubber.exe,NI+SK+NC+ND+TR
squidtool.exe,NI+SK+NC+ND+TR
tfdmgr.exe,NI+SK+NC+ND+TR
vdmaudit.exe,NI+SK+NC+ND+TR
view_dumper_10.,NI+SK+NC+ND+TR
view_scrubber.e,NI+SK+NC+ND+TR
view_server.exe,NI+SK+NC+ND+TR
vobrpc_server.e,NI+SK+NC+ND+TR
vob_scrubber.ex,NI+SK+NC+ND+TR
vob_server.exe,NI+SK+NC+ND+TR
wordconfig.exe,NI+SK+NC+ND+TR
worddiffmrg.exe,NI+SK+NC+ND+TR
xdemgr.exe,NI+SK+NC+ND+TR
xmldiffmrg.exe,NI+SK+NC+ND+TR
xtoolsmgr.exe,NI+SK+NC+ND+TR
zmgr.exe,NI+SK+NC+ND+TR
ztfdmgr.exe,NI+SK+NC+ND+TR

//-------------------------------------------
// BMAPI Exclusions
//-------------------------------------------

MSDEV.EXE,NI+SK+NC+ND+TR
TestApp.EXE,NI+SK+NC+ND+TR

//-------------------------------------------
// Richmond QA Team
//-------------------------------------------

RFS.EXE,NI+SK+NC+ND+TR
RTPBLASTER.EXE,NI+SK+NC+ND+TR
CAPTURELOG.EXE,NI+SK+NC+ND+TR
RFSSERVER.EXE,NI+SK+NC+ND+TR
TEE.EXE,NI+SK+NC+ND+TR
PUMPKIN.EXE,NI+SK+NC+ND+TR
WISH83.EXE,NI+SK+NC+ND+TR
rpcsh.exe,NI+SK+NC+ND+TR
CTHELPER.EXE,NI+SK+NC+ND+TR
PUTTYCYG.EXE,NI+SK+NC+ND+TR

//-------------------------------------------
// Dual core fix
//-------------------------------------------
NTKRNLPA.EXE,NI+SK+NC+ND+TR
NTKRNLPL.EXE,NI+SK+NC+ND+TR

//-------------------------------------------
// Trust X1
//-------------------------------------------

X1.exe,NI+SK+NC+ND+TR
X1Service.exe,NI+SK+NC+ND+TR
X1Systray.exe,NI+SK+NC+ND+TR

//-------------------------------------------
// ati video
//-------------------------------------------

1xconfig.exe,NI+SK+NC+ND+TR
amm2iw32.exe,NI+SK+NC+ND+TR
ati2evxx.exe,NI+SK+NC+ND+TR
ati2mdxx.exe,NI+SK+NC+ND+TR
ati2sgag.exe,NI+SK+NC+ND+TR
atiprbxx.exe,NI+SK+NC+ND+TR
atiptaxx.exe,NI+SK+NC+ND+TR

//-------------------------------------------
// Broadcom Wireless Tool
//-------------------------------------------

bcmwltry.exe,NI+SK+NC+ND+TR
caft.exe,NI+SK+NC+ND+TR
caftf.exe,NI+SK+NC+ND+TR
cam.exe,NI+SK+NC+ND+TR
camclose.exe,NI+SK+NC+ND+TR
cvtres.exe,NI+SK+NC+ND+TR
disrv.exe,NI+SK+NC+ND+TR
filepathsrv.exe,NI+SK+NC+ND+TR
hkcmd.exe,NI+SK+NC+ND+TR
iagwnt.exe,NI+SK+NC+ND+TR
ig40wnt.exe,NI+SK+NC+ND+TR
inovw32.exe,NI+SK+NC+ND+TR
launchephd.exe,NI+SK+NC+ND+TR
naPrdMgr.exe,SK+NPR
nwtray.exe,NI+SK+NC+ND+TR
pcgprot.exe,NI+SK+NC+ND+TR
sdcmd.exe,NI+SK+NC+ND+TR
sdjexec.exe,NI+SK+NC+ND+TR
sdserv.exe,NI+SK+NC+ND+TR
swmspwnt.exe,NI+SK+NC+ND+TR
sxplog32.exe,NI+SK+NC+ND+TR
tbmon.exe,NI+SK+NC+ND+TR
triggag.exe,NI+SK+NC+ND+TR
umclisvc.exe,NI+SK+NC+ND+TR
umcstub.exe,NI+SK+NC+ND+TR
umdifw32.exe,NI+SK+NC+ND+TR
usermodule.exe,NI+SK+NC+ND+TR
VsTskMgr.exe,SK+NPR

//-------------------------------------------
// Viewstore directory apps
//-------------------------------------------

cccredmgr.exe,NI+SK+NC+ND+TR
cqintsvr11.exe,NI+SK+NC+ND+TR

//-------------------------------------------
// BT Test Tool exes
//-------------------------------------------

drwho.exe,NI+SK+NC+ND+TR
btcputil.exe,NI+SK+NC+ND+TR
sbc_decoder.exe,NI+SK+NC+ND+TR
bluetoothdecode,NI+SK+NC+ND+TR
cfamaker applic,NI+SK+NC+ND+TR
csrusbdevicesup,NI+SK+NC+ND+TR
framedecoderdev,NI+SK+NC+ND+TR
liveimportdevel,NI+SK+NC+ND+TR
advancedusb.exe,NI+SK+NC+ND+TR
bluetrim.exe,NI+SK+NC+ND+TR
btcpds.exe,NI+SK+NC+ND+TR
btusbds.exe,NI+SK+NC+ND+TR
dsaggregator.ex,NI+SK+NC+ND+TR
exitmessage.exe,NI+SK+NC+ND+TR
fts.exe,NI+SK+NC+ND+TR
ftsautoserver.e,NI+SK+NC+ND+TR
hsu.exe,NI+SK+NC+ND+TR
liveimport.exe,NI+SK+NC+ND+TR
mth2cpp.exe,NI+SK+NC+ND+TR
multiunitlicens,NI+SK+NC+ND+TR
snupy.exe,NI+SK+NC+ND+TR

//-------------------------------------------
// Java exes
//
// javaw.exe has special flags for Screen CI
//
// These have been removed and should not be
// in the default file we ship.
//
// java.exe,NI+SK+NC+ND+TR
// javaw.exe,NI+SK+NC+ND+TR+SB+MD+MW
//-------------------------------------------

javacpl.exe,NI+SK+NC+ND+TR
javaws.exe,NI+SK+NC+ND+TR
jucheck.exe,NI+SK+NC+ND+TR
jusched.exe,NI+SK+NC+ND+TR
Keytool.exe,SK+NPR
Kinit.exe,SK+NPR
Klist.exe,SK+NPR
Ktab.exe,SK+NPR
orbd.exe,NI+SK+NC+ND+TR
Pack200.exe,SK+NPR
Policytool.exe,SK+NPR
rmid.exe,NI+SK+NC+ND+TR
Rmiregistry.exe,SK+NPR
Servertool.exe,SK+NPR
Tnameserv.exe,SK+NPR
Unpack200.exe,SK+NPR

//-------------------------------------------
// Other build exes
//-------------------------------------------

arcd.exe,NI+SK+NC+ND+TR
FLEXidCleanUtil,NI+SK+NC+ND+TR
FLEXidInstaller,NI+SK+NC+ND+TR
lmborrow.exe,NI+SK+NC+ND+TR
lmdiag.exe,NI+SK+NC+ND+TR
lmdown.exe,NI+SK+NC+ND+TR
lmgrd.exe,NI+SK+NC+ND+TR
lmhostid.exe,NI+SK+NC+ND+TR
lmpath.exe,NI+SK+NC+ND+TR
lmremove.exe,NI+SK+NC+ND+TR
lmreread.exe,NI+SK+NC+ND+TR
lmstat.exe,NI+SK+NC+ND+TR
lmswitchr.exe,NI+SK+NC+ND+TR
lmtools.exe,NI+SK+NC+ND+TR
lmver.exe,NI+SK+NC+ND+TR
mqxc_icon.exe,NI+SK+NC+ND+TR
mide.exe,NI+SK+NC+ND+TR
dot.exe,NI+SK+NC+ND+TR
mwprof.exe,NI+SK+NC+ND+TR
neato.exe,NI+SK+NC+ND+TR
Profiler.exe,NI+SK+NC+ND+TR
mwfind.exe,NI+SK+NC+ND+TR
xilinx_readback,NI+SK+NC+ND+TR
bplist.exe,NI+SK+NC+ND+TR
bpmerge.exe,NI+SK+NC+ND+TR
cld.exe,NI+SK+NC+ND+TR
detectapp.exe,NI+SK+NC+ND+TR
elf2bin.exe,NI+SK+NC+ND+TR
elf2hex.exe,NI+SK+NC+ND+TR
findhelp.exe,NI+SK+NC+ND+TR
gpio.exe,NI+SK+NC+ND+TR
inlvc.exe,NI+SK+NC+ND+TR
ldvc.exe,NI+SK+NC+ND+TR
logparser.exe,SK+NPR
nmvc.exe,NI+SK+NC+ND+TR
pif.exe,NI+SK+NC+ND+TR
profvc.exe,NI+SK+NC+ND+TR
scvc.exe,NI+SK+NC+ND+TR
sizevc.exe,NI+SK+NC+ND+TR
stripvc.exe,NI+SK+NC+ND+TR
wgnuplot.exe,NI+SK+NC+ND+TR
tevi_vc.exe,NI+SK+NC+ND+TR
hcvc.exe,NI+SK+NC+ND+TR
hcvc1.exe,NI+SK+NC+ND+TR
hcvc2.exe,NI+SK+NC+ND+TR
asvc.exe,NI+SK+NC+ND+TR
arvc.exe,NI+SK+NC+ND+TR
echo.exe,NI+SK+NC+ND+TR
mkdir.exe,NI+SK+NC+ND+TR
find.exe,NI+SK+NC+ND+TR
comm.exe,NI+SK+NC+ND+TR
sort.exe,NI+SK+NC+ND+TR
tr.exe,NI+SK+NC+ND+TR
sed.exe,NI+SK+NC+ND+TR
filter.exe,NI+SK+NC+ND+TR
sizevlls.exe,NI+SK+NC+ND+TR
elfdumpvc.exe,NI+SK+NC+ND+TR

//-------------------------------------------
// Cisco VPN Client
//-------------------------------------------

cvpnd.exe,NI+SK+NC+ND+TR
//vpngui.exe,NI+SK+NC+ND+TR
// add PR
vpngui.exe,SK+TR+NI+NC+ND+PR
vpnagent.exe,NI+SK+NC+ND+TR
vpnui.exe,SK+TR+NI+NC+ND

//-------------------------------------------
// iPod Stuff
//-------------------------------------------

iPodService.exe,NI+SK+NC+ND+TR
iTunesHelper.ex,NI+SK+NC+ND+TR
AppleMobileDevi,NI+SK+NC+ND+TR

//-------------------------------------------
// Dell Applications
//-------------------------------------------

quickset.exe,NI+SK+NC+ND+TR
WLTRAY.EXE,NI+SK+NC+ND+TR
WLTRYSVC.EXE,NI+SK+NC+ND+TR
apntex.exe,SK+NPR
apoint.exe,SK+NPR
nvsvc32.exe,NI+SK+NC+ND+TR

//-------------------------------------------
// Windows Services
//-------------------------------------------

spoolsv.exe,NI+SK+NC+ND+TR+NA+NV
alg.exe,NI+SK+NC+ND+TR
Communicator.ex,NI+SK+NC+ND+TR
MDM.EXE,NI+SK+NC+ND+TR
scardsvr.exe,NI+SK+NC+ND+TR

//-------------------------------------------
// Additional Symantec Endpoint Protection 11 Programs:
//-------------------------------------------

WSCSAvNotifier.,NI+SK+NC+ND+TR

//-------------------------------------------
// Cygwin
//-------------------------------------------

cygwin.exe,NI+SK+NC+ND+TR

//-------------------------------------------
// UK Video Tools
//-------------------------------------------

dispman2_obj.ex,NI+SK+NC+ND+TR

//-------------------------------------------
// ZSP Tools
//-------------------------------------------

sdcpp.exe,NI+SK+NC+ND+TR
sdar.exe,NI+SK+NC+ND+TR
sdas.exe,NI+SK+NC+ND+TR
sdbug400.exe,NI+SK+NC+ND+TR
sdcc.exe,NI+SK+NC+ND+TR
sdcc1.exe,NI+SK+NC+ND+TR
sdelfread.exe,NI+SK+NC+ND+TR
sdld.exe,NI+SK+NC+ND+TR
sdnm.exe,NI+SK+NC+ND+TR
sdobjcopy.exe,NI+SK+NC+ND+TR
sdobjdump.exe,NI+SK+NC+ND+TR
sdopt.exe,NI+SK+NC+ND+TR
sdranlib.exe,NI+SK+NC+ND+TR
sdsize.exe,NI+SK+NC+ND+TR
sdstrings.exe,NI+SK+NC+ND+TR
sdstrip.exe,NI+SK+NC+ND+TR
zisim400.exe,NI+SK+NC+ND+TR
zsim400.exe,NI+SK+NC+ND+TR

//-------------------------------------------
// Altiris processes
//-------------------------------------------

ACLIENT.EXE,NI+SK+NC+ND+TR
AClntUsr.EXE,NI+SK+NC+ND+TR
AeXAgentActivat,NI+SK+NC+ND+TR
AeXAgentDesktop,NI+SK+NC+ND+TR
AeXAgentUIHost.,NI+SK+NC+ND+TR
AeXAgentUtil.ex,NI+SK+NC+ND+TR
AeXNSAgent.exe,NI+SK+NC+ND+TR
AeXNSInvCollect,NI+SK+NC+ND+TR
AeXSWDAppInv.ex,NI+SK+NC+ND+TR
AeXSWDSolnAgent,NI+SK+NC+ND+TR
AeXSWDUsr.exe,NI+SK+NC+ND+TR
AeXSWDUsrUIWin.,NI+SK+NC+ND+TR
SWRAgentUtils.e,NI+SK+NC+ND+TR
UnInstallSynchA,NI+SK+NC+ND+TR
AeXPatchUtil.ex,NI+SK+NC+ND+TR
AeXAuditPls.exe,NI+SK+NC+ND+TR
AeXCustInv.exe,NI+SK+NC+ND+TR
AeXExchPls.exe,NI+SK+NC+ND+TR
AeXInvSoln.exe,NI+SK+NC+ND+TR
AeXMachInv.exe,NI+SK+NC+ND+TR
AeXRunControl.e,NI+SK+NC+ND+TR
AeXSNPlus.exe,NI+SK+NC+ND+TR
SNData.exe,NI+SK+NC+ND+TR
SNData2.exe,NI+SK+NC+ND+TR
mechelenvpn.exe,NI+SK+NC+ND+TR
ClientUtil32.ex,NI+SK+NC+ND+TR
trustedsites.ex,NI+SK+NC+ND+TR
qchain.exe,NI+SK+NC+ND+TR

//-------------------------------------------
// Clearcase
//-------------------------------------------

ratlperl.exe,NI+SK+NC+ND+TR
clearview.exe,NI+SK+NC+ND+TR
cchelper.exe,NI+SK+NC+ND+TR

//-------------------------------------------
// Broadcom standard build processes
//-------------------------------------------

hausmake.exe,NI+SK+NC+ND+TR
make.exe,NI+SK+NC+ND+TR
gmake.exe,NI+SK+NC+ND+TR
mips-elf-gcc.ex,NI+SK+NC+ND+TR
cc1.exe,NI+SK+NC+ND+TR
cpp0.exe,NI+SK+NC+ND+TR
cygpath.exe,NI+SK+NC+ND+TR


grep.exe,NI+SK+NC+ND+TR

//-------------------------------------------
// Lotus Notes
//-------------------------------------------
nlnotes.exe,NL
amovie.exe,NI+SK+NC+ND+TR
ldapsearch.exe,NI+SK+NC+ND+TR
memcheck.exe,NI+SK+NC+ND+TR
nadminp.exe,NI+SK+NC+ND+TR
nca.exe,NI+SK+NC+ND+TR
nchronos.exe,NI+SK+NC+ND+TR
ncollect.exe,NI+SK+NC+ND+TR
ncompact.exe,NI+SK+NC+ND+TR
nconvert.exe,NI+SK+NC+ND+TR
ndctest.exe,NI+SK+NC+ND+TR
ndefault.exe,NI+SK+NC+ND+TR
ndyncfg.exe,NI+SK+NC+ND+TR
nevent.exe,NI+SK+NC+ND+TR
nfileret.exe,NI+SK+NC+ND+TR
nfixup.exe,NI+SK+NC+ND+TR
nlogasio.exe,NI+SK+NC+ND+TR
nminder.exe,NI+SK+NC+ND+TR
nnotesmm.exe,NI+SK+NC+ND+TR
npop3.exe,NI+SK+NC+ND+TR
nsd.exe,NI+SK+NC+ND+TR
nsenddiag.exe,NI+SK+NC+ND+TR
ntrends.exe,NI+SK+NC+ND+TR
nupdall.exe,NI+SK+NC+ND+TR
nupdate.exe,NI+SK+NC+ND+TR
nxpcdmn.exe,NI+SK+NC+ND+TR
qnc.exe,NI+SK+NC+ND+TR
rtfcnvt.exe,NI+SK+NC+ND+TR
sminstal.exe,NI+SK+NC+ND+TR
smupdate.exe,NI+SK+NC+ND+TR
stconnagent30.e,NI+SK+NC+ND+TR

//-------------------------------------------
// #12048
// Ntaskldr.exe is the Notes Task Loader.
// Ntaskldr.exe is a single process that runs 
// on Windows operating systems, and carries 
// out the various tasks by spawning threads 
// instead of loading individual processes. 
//-------------------------------------------
ntaskldr.exe,NI+SK+NC+ND+TR

// Below this line is DG Default Process Flags File
//
//-------------------------------------------
// #10349
//-------------------------------------------
fixccs.exe,276

//-------------------------------------------
// #14642
//-------------------------------------------
//dkservice.exe,276 //Diskeeper is in Defrag Tools Section now

//-------------------------------------------
// #9909
// Mark CA eTrust real time scanner as 
// TRUSTED, SKIPPED and NO_INJECT
//-------------------------------------------
inort.exe,3146004


// VMWare
vmwareservice.e,NI+SK+NC+ND+TR
vmwaretray.exe,NI+SK+NC+ND+TR
vmwareuser.exe,NI+SK+NC+ND+TR
vmnat,SK+TR+NI+NC+ND
vmnetdhcp,SK+TR+NI+NC+ND
VMware-authd,SK+TR+NI+NC+ND
VMware-hostd,SK+TR+NI+NC+ND
VMware-tray,SK+TR+NI+NC+ND
VMware-usbarbitrator64,SK+TR+NI+NC+ND 
vmtoolsd,SK+TR+NI+NC+ND
VGAuthService,SK+TR+NI+NC+ND
vmacthlp,SK+TR+NI+NC+ND

//Microsoft Windows Script Host
wscript.exe,NC+ND

//-------------------------------------------
// MS OFFICE Apps 
//     have Window Subclassing ON
//     are Window Stealth SAFE
//     iexplore include multi window and multi doc
//-------------------------------------------
iexplore.exe,MW+MD+WS+SB
winword.exe,SB+WS+FP+DWNG
excel.exe,SB+WS+FP+DWNG
infopath.exe,SB+WS+FP
msaccess.exe,SB+WS+FP+DWNG
mspub.exe,SB+WS+FP
mstore.exe,SB+WS+FP
ois.exe,SB+WS+FP

// DWNG+DWSP added in 7.6.3 because with Outlook COM tracking
// WinInet and WinSocket tracking is not needed
outlook.exe,SB+WS+AS+DWNG+DWSP

powerpnt.exe,SB+WS+FP+DWNG
winproj.exe,NI+PR
visio.exe,SB+WS+FP+DWNG
notepad.exe,2560
wordpad.exe,2560
officeclicktoru,NI+SK+NC+ND+TR


//-----------------------------------
// Hitachi Asset Management Software
//-----------------------------------
dmpwinst.exe, NI+SK+NC+ND+TR
dmpstmgr.exe, NI+SK+NC+ND+TR
dmpserv.exe, NI+SK+NC+ND+TR
dmprtry.exe, NI+SK+NC+ND+TR
dmpreged.exe, NI+SK+NC+ND+TR
dmpwtcp.exe, NI+SK+NC+ND+TR
dmpapchk.exe, NI+SK+NC+ND+TR
dmpbkdel.exe, NI+SK+NC+ND+TR
dmpbklst.exe, NI+SK+NC+ND+TR
dmpclint.exe, NI+SK+NC+ND+TR
dmpdelic.exe, NI+SK+NC+ND+TR
dmpdlg.exe, NI+SK+NC+ND+TR
dmpexect.exe, NI+SK+NC+ND+TR
dmpiddef.exe, NI+SK+NC+ND+TR
dmpiddel.exe, NI+SK+NC+ND+TR
dmpicron.exe, NI+SK+NC+ND+TR
dmpidex.exe, NI+SK+NC+ND+TR
dmpidreg.exe, NI+SK+NC+ND+TR
dmpinvui.exe, NI+SK+NC+ND+TR
dmpjbsts.exe, NI+SK+NC+ND+TR
dmplgetc.exe, NI+SK+NC+ND+TR
dmprcvry.exe, NI+SK+NC+ND+TR
dmpinit.exe, NI+SK+NC+ND+TR
dmpinv.exe, NI+SK+NC+ND+TR
dmpishld.exe, NI+SK+NC+ND+TR
dmplogmg.exe, NI+SK+NC+ND+TR
dmpmkgrp.exe, NI+SK+NC+ND+TR
dmpmsg.exe, NI+SK+NC+ND+TR
dmpmsgbx.exe, NI+SK+NC+ND+TR
dmppcom.exe, NI+SK+NC+ND+TR
dmprcchk.exe, NI+SK+NC+ND+TR
dmpsvchg.exe, NI+SK+NC+ND+TR
dmpsspnd.exe, NI+SK+NC+ND+TR
dmpsndst.exe, NI+SK+NC+ND+TR
dmpshutd.exe, NI+SK+NC+ND+TR
dmpstart.exe, NI+SK+NC+ND+TR
dmpstop.exe, NI+SK+NC+ND+TR
dmpsetvr.exe, NI+SK+NC+ND+TR
dmpsetup.exe, NI+SK+NC+ND+TR
dmpsvsnd.exe, NI+SK+NC+ND+TR
dmpsyset.exe, NI+SK+NC+ND+TR
dmpsysmv.exe, NI+SK+NC+ND+TR
dmpuinv.exe, NI+SK+NC+ND+TR
dmpusers.exe, NI+SK+NC+ND+TR
dmpusts.exe, NI+SK+NC+ND+TR
dmpwwset.exe, NI+SK+NC+ND+TR
dmrcagnt.exe, NI+SK+NC+ND+TR
dmrcasrv.exe, NI+SK+NC+ND+TR
dmrcctrn.exe, NI+SK+NC+ND+TR
dmrcexit.exe, NI+SK+NC+ND+TR
dmrcinfo.exe, NI+SK+NC+ND+TR
dmrcrreq.exe, NI+SK+NC+ND+TR
dmsysinf.exe, NI+SK+NC+ND+TR
dmpupdt.exe, NI+SK+NC+ND+TR
dmpsts.exe, NI+SK+NC+ND+TR
dmexe32.exe, NI+SK+NC+ND+TR

//--------------------------------------------------------------
// SiteTrust Related Executables
//--------------------------------------------------------------
stbrwsr.exe, NI+SK+NC+ND+TR
stdecomm.exe, NI+SK+NC+ND+TR
stservice.exe, NI+SK+NC+ND+TR
stupdateservice, NI+SK+NC+ND+TR


//ntaskldr.exe,3145988
//nlnotes.exe,TP

//-------------------------------------------
// Not Injecting for all YRIDD demo processes.
//-------------------------------------------
LOFEmulationSer, NI+SK+NC+ND+TR
LOFModelServer.,NI+SK+NC+ND+TR
LOFService.exe, NI+SK+NC+ND+TR
LPTServer.exe, NI+SK+NC+ND+TR
LegacySystem.ex,NI+SK+NC+ND+TR

//------------------------------------------------
// Not injecting Remediation for system processes
//------------------------------------------------
inetinfo.exe, ND+NC+NA
aspnet_wp.exe,3407872

//csrss.exe,262144 <-- Handled in ProcessFlags
//lsass.exe,262144 <-- Also skipped and non-inject, Handled in base list above
services.exe,NI+SK+NC+ND+TR+NA+NV+NE
mpnotify.exe,NI+SK+NC+ND+TR+NA
// svchost is set to No Encrypt because some Out-of Proc COM objects will 
// it and we make mistakes and encrypt the wrong things.
svchost.exe,NE+NI+NC+ND+NA+NV
taskmgr.exe,3407872
winlogon.exe,NI+NC+ND+NE
WZQKPick.exe,3407872


//================================================
// SKIPPED + NON-INJECT LIST
//================================================
ctfmon.exe,NI+SK+NC+ND+TR
stsystra.exe,NI+SK+NC+ND+TR
regsrvc.exe,NI+SK+NC+ND+TR
ifrmewrk.exe,NI+SK+NC+ND+TR
apdproxy.exe,NI+SK+NC+ND+TR
wdfmgr.exe,NI+SK+NC+ND+TR
cli.exe,NI+SK+NC+ND+TR
s24evmon.exe,NI+SK+NC+ND+TR
pdvdserv.exe,NI+SK+NC+ND+TR
winmgmt.exe, SK+NI+NC+ND+TR+NA+NV
reader_sl.exe,NI+SK+NC+ND+TR
sm1bg.exe,NI+SK+NC+ND+TR
sm56hlpr.exe,NI+SK+NC+ND+TR
zcfgsvc.exe,NI+SK+NC+ND+TR
googledesktop.e,NI+SK+NC+ND+TR
GoogleQuickSear,NI+SK+NC+ND+TR
GoogleToolbarMa,NI+SK+NC+ND+TR
GoogleToolbarNo,NI+SK+NC+ND+TR
GoogleToolbarUs,NI+SK+NC+ND+TR
GoogleUpdaterSe,NI+SK+NC+ND+TR
SearchWithGoogl,NI+SK+NC+ND+TR
staged_GoogleTo,NI+SK+NC+ND+TR
GoogleUpdate.ex,NI+SK+NC+ND+TR+PR
googledrivesync.exe,SK+NI
GoogleDriveFS.exe,SK+NI

onedrive.exe,SK+NI

//=================================================
// Installation/Update Packages
//=================================================

//--------------------------------------------------------------
// Agent Installer Related Executables: 
//--------------------------------------------------------------
dgagentsetup.ex, NI+SK+NC+ND+TR+NE+PR
dgagentinstalle, NI+SK+NC+ND+TR+NE+PR
wuauclt.exe,NI+SK+NC+ND+TR+NE+PR
WindowsXP-KB936,NI+SK+NC+ND+TR+NE+PR
msiexec.exe,NI+SK+NC+ND+TR+NE+PR
hp_53_enu.exe,NI+SK+NC+ND+TR+NE+PR
update.exe,NI+SK+NC+ND+TR+NE+PR
grpconv.exe,NI+SK+NC+ND+TR+NE+PR
msoobe.exe,NI+SK+NC+ND+TR+NE+PR
smbinst.exe,NI+SK+NC+ND+TR+NE+PR
spiisupd.exe,NI+SK+NC+ND+TR+NE+PR
spnpinst.exe,NI+SK+NC+ND+TR+NE+PR
spupdsvc.exe,NI+SK+NC+ND+TR+NE+PR
uploadm.exe,NI+SK+NC+ND+TR+NE+PR
tiworker.exe,NI+SK+NC+ND+TR+NE+PR

//=================================================
// TOUCHPAD
//=================================================
syntplpr.exe,NI+SK+NC+ND+TR
syntpenh.exe,NI+SK+NC+ND+TR

//============================================
// ROXIO SERVICES
// (Do not exclude Drag To Disk!)
//============================================
roxwatchtray.ex,NI+SK+NC+ND+TR
roxmediadb.exe,NI+SK+NC+ND+TR
roxwatch.exe,NI+SK+NC+ND+TR
roxliveshare.ex,NI+SK+NC+ND+TR
roxupnpserver.e,NI+SK+NC+ND+TR

//-------------------------------------------
// Other build exes
//-------------------------------------------
shell.exe,NI+SK+NC+ND+TR
rm.exe,NI+SK+NC+ND+TR
cat.exe,NI+SK+NC+ND+TR
makedirs.exe,NI+SK+NC+ND+TR



//-------------------------------------------
// Typical Developer Tools
//-------------------------------------------
sh.exe,NI+SK+NC+ND+TR
cp.exe,NI+SK+NC+ND+TR
guidgen.exe,NI+SK+NC+ND+TR
uuidgen.exe,NI+SK+NC+ND+TR
oleview.exe,NI+SK+NC+ND+TR
mapsym.exe,NI+SK+NC+ND+TR
lib.exe,NI+SK+NC+ND+TR
link.exe,NI+SK+NC+ND+TR
bscmake.exe,NI+SK+NC+ND+TR
sproxy.exe,NI+SK+NC+ND+TR
windbg.exe,NI+SK+NC+ND+TR
dbgx.shell.exe,SK
h2inc.exe,NI+SK+NC+ND+TR
ml.exe,NI+SK+NC+ND+TR
rc.exe,NI+SK+NC+ND+TR
dumpbin.exe,NI+SK+NC+ND+TR
drwtsn32.exe,NI+SK+ND+NC
dbgview.exe,NI+SK+ND+NC+NA

//=======================================
// DRIVER STUDIO
//=======================================
dsconfig.exe,NI+SK+NC+ND+TR
genrebld.exe,NI+SK+NC+ND+TR
wizapp.exe,NI+SK+NC+ND+TR
drivererrorlook,NI+SK+NC+ND+TR
dstrayapp.exe,NI+SK+NC+ND+TR
dsrsvc.exe,NI+SK+NC+ND+TR
nmsym.exe,NI+SK+NC+ND+TR
siremote.exe,NI+SK+NC+ND+TR
nmfilterconfig.,NI+SK+NC+ND+TR
icepack.exe,NI+SK+NC+ND+TR
kd2sysxlat.exe,NI+SK+NC+ND+TR
loader32.exe,NI+SK+NC+ND+TR
sicrashutil.exe,NI+SK+NC+ND+TR
startsi.exe,NI+SK+NC+ND+TR
ds.exe,NI+SK+NC+ND+TR
dsspawn.exe,NI+SK+NC+ND+TR
dsnotifysub.exe,NI+SK+NC+ND+TR
symrtrvr.exe,NI+SK+NC+ND+TR
dldr.exe,NI+SK+NC+ND+TR
wldr.exe,NI+SK+NC+ND+TR
msym.exe,NI+SK+NC+ND+TR
dsrebootem.exe,NI+SK+NC+ND+TR

//-------------------------------------------
// HP noisy driver
//-------------------------------------------
hpbpro.exe,NI+SK+NC+ND+TR

// Network Associates
// Common Framework
mcscript_inuse.,NI+SK+NC+ND+TR

// DG 3.0 MR3 default
photoshop.exe,NI
dreamweaver.exe,NI
photoshp.exe, NI

//-------------------------------------------
// #11511
// Mark Provencia Client (BlackIce) as
// TRUSTED, SKIPPED and NO_INJECT
//-------------------------------------------
blackd.exe,3146004
rapapp.exe,3146004
vpatch.exe,3146004
blackice.exe,3146004
RapUISvc.exe,3146004


//===========================================
// Hang Fix from Dante
//===========================================
crypserv.exe,3146004
wlkeeper.exe,3146004
oscmutilityserv,3146004
rssensor.exe,3146004
sddtaflt.exe,3146004
miftoivf.exe,3146004
sxpstub.exe,3146004
amagent.exe,3146004
triggusr.exe,3146004
recovery.exe,3146004
umcinst.exe,3146004

//========================================================
// Hang issue and system event log error issue from Sri
//========================================================
//Nero group -  we need to verify this does not cause any side effect in CD burning
InCDsrv.exe,3146004
InCD.exe,3146004
NMBgMonitor.exe,3146004

//Windows live search group - probably due to Windows Live Toolbar 
WindowsSearch.e,260
WindowsSearchIn,260

//sql server group - These can come part of VS2005 install
sqlbrowser.exe,3146004
sqlwriter.exe,3146004
sqlservr.exe,3146004
sqlagent.exe,3146004
SQLAGENT90.EXE,3146004
//SQL Server Reporting Services process (ReportingServicesService.exe) 
ReportingServic,SK+TR+NI+NC+ND
 
//Archiving utilities

winzip32.exe,524288
winzip64.exe,524288
winrar.exe,524288
compact.exe,524288
7z.exe,524288
7zg.exe,524288
7zfm.exe,524288
stuffit.exe,524288
WebAuthBroker.exe,NI

//Symantec
EvtEng.exe,NI+SK+NC+ND+TR



//Lenovo Logger
logmon.exe,NI+SK+NC+ND+TR

//Lenovo Rescue and Recovery
netwk.exe,NI+SK+NC+ND+TR

// pgp
pgpsdkserv.exe, 3145728

//============================================
// Windows XP Native CD Burn with AFE. Bug# 18990
// Make imapi.exe (XP CD Burning service) 
// go directly to NTFS, bypassing AFE
//============================================
imapi.exe,NR

//============================================
//Hondata FlashPro Manager
//Hondata K-Series ECU Editor
//Install and Exes
//
//DGAGENT-6752
//============================================
driverins.exe,NI+SK+NC+ND+TR+PR
TeamViewerQS_en,NI+SK+NC+ND+TR+PR
KManagerV4-2-5.,SK+TR+NI+NC+ND+PR
FlashProManager,SK+TR+NI+NC+ND+PR
KManager.exe,SK+TR+NI+NC+ND+PR

//============================================
// Defrag Tools. Bug# 14811  TT24292
// SK+NI+TR+NC+ND = 3146004
//============================================
// Ashampoo_MagicalDefrag
aDefragCtrl.exe,NR+SK+NI+TR+NC+ND
aDefragService.,NR+SK+NI+TR+NC+ND

// Auslogics Disk Defrag
diskdefrag.exe,NR+SK+NI+TR+NC+ND

// BuzzSaw
Buzzsaw-S.exe,NR+SK+NI+TR+NC+ND
BuzzSawService.,NR+SK+NI+TR+NC+ND

// DefragMentor
DEFRAGME.EXE,NR+SK+NI+TR+NC+ND

// DisKeeper
Diskeeper.exe,NR+SK+NI+TR+NC+ND
DkService.exe,NR+SK+NI+TR+NC+ND
DfrgNTFS1.exe,NR+SK+NI+TR+NC+ND

// Windows Defrag
DfrgNTFS.exe,BI+SK+NI+TR+NC+ND
DfrgFat.exe,BI+SK+NI+TR+NC+ND

// DiskTrik Ultimate Defrag
UDefrag.exe,NR+SK+NI+TR+NC+ND

// hsDefragSaver
hsDefragSaver.e,NR+SK+NI+TR+NC+ND
hsDefragSvc.exe,NR+SK+NI+TR+NC+ND

// IOBit SmartDefrag.exe
IObit SmartDefr,NR+SK+NI+TR+NC+ND

// JKDefrag
JkDefrag.exe,NR+SK+NI+TR+NC+ND
JkDefragCmd.exe,NR+SK+NI+TR+NC+ND

// MindSoft Utilities
defrag.exe,NR+SK+NI+TR+NC+ND
defragl.exe,NR+SK+NI+TR+NC+ND

// mstDefrag
mstDefrag.exe,NR+SK+NI+TR+NC+ND
mstDfrgS.exe,NR+SK+NI+TR+NC+ND

// OODefrag
oodcmd.exe,NR+SK+NI+TR+NC+ND
oodcnt.exe,NR+SK+NI+TR+NC+ND

// PageDefrag
pagedfrg.exe,NR+SK+NI+TR+NC+ND

// Paragon Total Defrag
launcher.exe,NR+SK+NI+TR+NC+ND

// PerfectDisk
PDAgent.exe,NR+SK+NI+TR+NC+ND
PDCmd.exe,NR+SK+NI+TR+NC+ND
PDEngine.exe,NR+SK+NI+TR+NC+ND
PerfectDisk.exe,NR+SK+NI+TR+NC+ND

// PowerDefrag
PDBot.exe,NR+SK+NI+TR+NC+ND
PDefrag.exe,NR+SK+NI+TR+NC+ND

// Power Defragmenter GUI 
Contig.exe,NR+SK+NI+TR+NC+ND
Power Defragmen,NR+SK+NI+TR+NC+ND

// Rapid File Defragmentor
RapidFD.exe,NR+SK+NI+TR+NC+ND
RapidFD_aux.exe,NR+SK+NI+TR+NC+ND

// SpeedItUp
SpeedItUp.exe,NR+SK+NI+TR+NC+ND

// UltraDefrag
defrag_native.e,NR+SK+NI+TR+NC+ND
dfrg.exe,NR+SK+NI+TR+NC+ND

// Vopt
Vopt.exe,NR+SK+NI+TR+NC+ND
VoptAux.exe,NR+SK+NI+TR+NC+ND

// WinContig
WinContig.exe,NR+SK+NI+TR+NC+ND

//windows indexing service
cidaemon.exe,SK+NI+NC+ND

//BES computer role
//default process flags: SK+NI+NC+ND
roleBES:winlogon.exe,
roleBES:alg.exe,
roleBES:wfshell.exe,
roleBES:javaw.exe,
roleBES:inetinfo.exe,
roleBES:aspnet_wp.exe,
roleBES:taskmgr.exe,

// pgp
roleBES:pgptray.exe,
roleBES:pgpsdkserv.exe,

// MS OFFICE Apps 
roleBES:iexplore.exe,
roleBES:winword.exe,
roleBES:excel.exe,
roleBES:infopath.exe,
roleBES:msaccess.exe,
roleBES:mspub.exe,
roleBES:mstore.exe,
roleBES:ois.exe,
roleBES:outlook.exe,
roleBES:powerpnt.exe,
roleBES:winproj.exe,NI+PR

roleBES:notepad.exe,
roleBES:wordpad.exe,

//BlackBerry server mail agent (domino)
roleBES:nbes.exe,NP

//BlackBerry server mail agent (exchange)
roleBES:BlackberryAgent,NP
bmds.exe,SK+TR+NI+NC+ND

//EAS computer role
//All process will be assigned default process flags: SK+NI+NC+ND
//All process listge here with the prefix RoleEAS: will be cleaned from any flags
roleEAS:winlogon.exe,
roleEAS:alg.exe,
roleEAS:wfshell.exe,
roleEAS:javaw.exe,
roleEAS:inetinfo.exe,
roleEAS:aspnet_wp.exe,
roleEAS:dllhost.exe,NPR
roleEAS:taskmgr.exe,

// pgp
roleEAS:pgptray.exe,
roleEAS:pgpsdkserv.exe,

// MS OFFICE Apps 
roleEAS:iexplore.exe,
roleEAS:winword.exe,
roleEAS:excel.exe,
roleEAS:infopath.exe,
roleEAS:msaccess.exe,
roleEAS:mspub.exe,
roleEAS:mstore.exe,
roleEAS:ois.exe,
roleEAS:outlook.exe,
roleEAS:powerpnt.exe,
roleEAS:winproj.exe,NI+PR

roleEAS:notepad.exe,
roleEAS:wordpad.exe,

//EAS server - IIS - will have only one flag
roleEAS:w3wp.exe,NP

// documentum processes
dcathmgr.exe, NI+SK+NC+ND
dccomponentinst, NI+SK+NC+ND
dccomponentlaun, NI+SK+NC+ND
dcevtsrv.exe, NI+SK+NC+ND
dcprogresssenti, NI+SK+NC+ND

// Sophos\Sophos Anti-Virus
Sophosavagent.e,SK+TR+NI+NH+NC+ND+PR
Sophoslogwrite.,SK+TR+NI+NH+NC+ND+PR
Sophosbootask.e,SK+TR+NI+NH+NC+ND+PR

// performance issues on W2K
Lafservice.exe,SK+NI+TR+ND+NC
Radexecd.exe,SK+NI+TR+ND+NC
Radsched.exe,SK+NI+TR+ND+NC
Radstgms.exe,SK+NI+TR+ND+NC
Sbmgrnt.exe,SK+NI+TR+ND+NC
Mstask.exe,SK+NI+TR+ND+NC
Uphclean.exe,SK+NI+TR+ND+NC
Application Lau,SK+NI+TR+ND+NC
Cfd.exe,SK+NI+TR+ND+NC
generic.exe,SK+NI+TR+ND+NC
asa.exe,SK+NI+TR+ND+NC
epmworker.exe,SK+NI+TR+ND+NC
gemone~1.scr,SK+NI+TR+ND+NC
//-- [END] CLIENT:284

//-- [START] CLIENT:223 --
ipagent.exe,NI+SK+NC+ND+TR
iclarity.exe,NI+SK+NC+ND+TR
loginw32.exe,NI+SK+NC+ND+TR
nbnmsrvc.exe,NI+SK+NC+ND+TR
nicrlstn.exe,NI+SK+NC+ND+TR

// Stealth MXP
accessconsole.e,NI+SK+NC+ND+TR
accesspresenter,NI+SK+NC+ND+TR
accesstray.exe,NI+SK+NC+ND+TR
accessunlock.ex,NI+SK+NC+ND+TR
accessversion.e,NI+SK+NC+ND+TR
accessstatus.ex,NI+SK+NC+ND+TR
mxpconfig.exe,NI+SK+NC+ND+TR
mxpconnector.ex,NI+SK+NC+ND+TR
ssdconsole.exe,NI+SK+NC+ND+TR
statusdialog.ex,NI+SK+NC+ND+TR
unlockdialog.ex,NI+SK+NC+ND+TR
//-- [END] CLIENT:223

Agrsmmsg.exe,SK+TR+NI+NC+ND
ATWTUSB.EXE,SK+TR+NI+NC+ND
BESClient.exe,SK+TR+NI+NC+ND
BESClientUI.exe,SK+TR+NI+NC+ND
btwdins.exe,SK+TR+NI+NC+ND
dkAutoReg.exe,SK+TR+NI+NC+ND
Dkcktkn.exe,SK+TR+NI+NC+ND
Dklog.exe,SK+TR+NI+NC+ND
dkMonitor.exe,SK+TR+NI+NC+ND
Dkvcm.exe,SK+TR+NI+NC+ND
Eabservr.exe,SK+TR+NI+NC+ND
HP Wireless Ass,SK+TR+NI+NC+ND
HPQTOA~1.EXE,SK+TR+NI+NC+ND 
hpqwmiex.exe,SK+TR+NI+NC+ND 
IAAnotif.exe,SK+TR+NI+NC+ND 
IAANTMon.exe,SK+TR+NI+NC+ND 
NeoterisSetupSe,SK+TR+NI+NC+ND
Ntmulti.exe,SK+TR+NI+NC+ND
NwmCli.exe,SK+TR+NI+NC+ND
NwmSvc.exe,SK+TR+NI+NC+ND
//PDAgent.exe,SK+TR+NI+NC+ND  <-- Already handled generically
QLBCTRL.exe,SK+TR+NI+NC+ND 
//SavRoam.exe,SK+TR+NI+NC+ND  <-- Already handled above
//Scardsvr.exe,SK+TR+NI+NC+ND <-- Already handled under Windows srvcs
SDPin.exe,SK+TR+NI+NC+ND 
SMAgent.exe,SK+TR+NI+NC+ND
SMax4.exe,SK+TR+NI+NC+ND
SMax4PNP.exe,SK+TR+NI+NC+ND
//Smc.exe,SK+TR+NI+NC+ND      <-- Already handled under Symantec Anti-Virus
//Smcgui.exe,SK+TR+NI+NC+ND   <-- Already handled under Symantec Anti-Virus
SMSWUagent.exe,SK+TR+NI+NC+ND
//SNAC.exe,SK+TR+NI+NC+ND     <-- Already handled under Symantec End-Point Protection
//SPBBCSvc.exe,SK+TR+NI+NC+ND <-- Already handled under Symantec Anti-Virus 10
Tfswctrl.exe,SK+TR+NI+NC+ND
//Uphclean.exe,SK+TR+NI+NC+ND <-- Already handled generically (2K performance)
VentC.exe,SK+TR+NI+NC+ND  
VPN Services.ex,SK+TR+NI+NC+ND 


avconf.exe,NN+NC+ND+NA
testpartner.exe,SK+TR+NI+NC+ND
testpa~1.exe,SK+NI+TR+NC+ND

//-- Redgate.Profiler.IISProfileHost.exe (ANT)
redgate.profile,NA

//-- cisvc.exe (Indexing service)
cisvc.exe,NA

// Client - ?
collector.exe,SK+TR+NI+NC+ND
cwsloginsvc.exe,SK+TR+NI+NC+ND
issch.exe,SK+TR+NI+NC+ND
issvc.exe,SK+TR+NI+NC+ND
ldiscn32.exe,SK+TR+NI+NC+ND
ldlcserv.exe,SK+TR+NI+NC+ND
localsch.exe,SK+TR+NI+NC+ND
modalwin.exe,SK+BK
niagnt32.exe,SK+BK
niaiserv.exe,SK+BK
niinst32.exe,SK+BK
pcs_agnt.exe,SK+TR+NI+NC+ND
pds.exe,SK+TR+NI+NC+ND
rcgui.exe,SK+TR+NI+NC+ND
residentagent.e,SK+TR+NI+NC+ND
screenagent.exe,SK+TR+NI+NC+ND
sdclientmonitor,SK+TR+NI+NC+ND
sndsrvc.exe,SK+TR+NI+NC+ND
softmon.exe,SK+TR+NI+NC+ND
suss.exe,SK+TR+NI+NC+ND
Tmcsvc.exe,SK+NPR
trcboot.exe,SK+TR+NI+NC+ND
a180ag.exe,SK+TR+NI+NC+ND
a180cm.exe,SK+TR+NI+NC+ND
a180wd.exe,SK+TR+NI+NC+ND

//rotatelogs.exe may takes a longtime after installation of the agent. so skip it
rotatelogs.exe,SK+TR+NI+NC+ND 

// TSMSIhlp.EXE is a Tech Smith help utility used by Wise installers.
// There can be a conflict between the agent and this program which results in
// a failure for the application to shut down in an orderly fashion. As a result,
// the uninstallation calling it will also fail to complete correctly.
TSMSIhlp.EXE,NI+SK+NC+ND+TR


// The first to use processFlags to better control dgapiHookMask for a particular process

qvp32.exe,DPG+DSBG

// bug #21337 Agile Downloads - Classification and Encryption does not work
agilecm.exe,CC

// defect 23353

fltmc.exe,SK+TR+NI+NC+ND

searchfilterhos,SK+TR+NI+NC+ND
searchprotocolh,SK+TR+NI+NC+ND+PR+NPR+NPROC

// add procmon to the list, otherwise, procmon is crashing with too little memory since 5.3.
procmon.exe,SK+TR+NI+NC+ND
procmon64.exe,SK+TR+NI+NC+ND

// TT#22036 -  To prevent BlackBerry Desktop Manager from hanging when launched.
desktopmgr.exe,NI

// TT#20028 - This change allows Bloomberg PriceLink and a DG Agent to operate on the same computer.
wintrv.exe,SK+TR+NI+NC+ND
plinksvc.exe,SK+TR+NI+NC+ND
plnotify.exe,SK+TR+NI+NC+ND
plpkt14.exe,SK+TR+NI+NC+ND 

//TT#19400 - This change allows you to use the Iron Key secure USB key successfully.
ironkey.exe,SK+NB+TR+NI+NC+ND+CD 

// Role Low No inject
// 
roleLowNI:alg.exe,NI+SK+NC+ND+TR+NE
roleLowNI:explorer.exe,TF+EX+NV+NU+NPR+NC+ND
roleLowNI:cmd.exe,NC+ND
roleLowNI:inetinfo.exe,
roleLowNI:aspnet_wp.exe,
roleLowNI:dllhost.exe,NPR
roleLowNI:taskmgr.exe,
roleLowNI:winrar.exe,NC+ND
roleLowNI:winzip32.exe,NC+ND

// pgp
roleLowNI:pgptray.exe,
roleLowNI:pgpsdkserv.exe,

// MS OFFICE Apps 
//roleLowNI:iexplore.exe,
//roleLowNI:winword.exe,SB+NC+ND
//roleLowNI:excel.exe,SB+NC+ND
//roleLowNI:infopath.exe,
//roleLowNI:msaccess.exe,SB+NC+ND
//roleLowNI:mspub.exe,
//roleLowNI:mstore.exe,
//roleLowNI:ois.exe,
//roleLowNI:outlook.exe,
//roleLowNI:powerpnt.exe,SB+NC+ND
//roleLowNI:winproj.exe,NI+PR

//roleLowNI:notepad.exe,
//roleLowNI:wordpad.exe,
//roleLowNI:calc.exe,

// Role Low 
// 
roleLow:alg.exe,NI+SK+NC+ND+TR+NE
roleLow:explorer.exe,TF+EX+NV+NU+NPR+NC+ND
roleLow:cmd.exe,NC+ND
roleLow:inetinfo.exe,
roleLow:aspnet_wp.exe,
roleLow:dllhost.exe,NPR
roleLow:taskmgr.exe,
roleLow:winrar.exe,NC+ND
roleLow:winzip32.exe,NC+ND

// pgp
roleLow:pgptray.exe,
roleLow:pgpsdkserv.exe,

// MS OFFICE Apps 
//roleLow:iexplore.exe,
//roleLow:winword.exe,SB+NC+ND
//roleLow:excel.exe,SB+NC+ND
//roleLow:infopath.exe,
//roleLow:msaccess.exe,SB+NC+ND
//roleLow:mspub.exe,
//roleLow:mstore.exe,
//roleLow:ois.exe,
//roleLow:outlook.exe,
//roleLow:powerpnt.exe,SB+NC+ND
//roleLow:winproj.exe,NI+PR

//roleLow:notepad.exe,
//roleLow:wordpad.exe,
//roleLow:calc.exe,

// NOD32 Anti Virus
// Company: ESET
// File Version: 4.2.40.0

// adding SK so activation can pass on Windows 8
trustedinstall,BK+PR+SK,,Microsoft Corporation



// adding for automation
testautomationc,NPR


// Dropbox.exe configured for best ACI performance.
dropbox.exe,NV+NN+CSS+NF
DbxSvc.exe,TR+NC+ND+TP+NV+NN+CSS+NF+TN
DropboxUpdate.exe,TR+NC+ND+TP+NV+NN+CSS+NF+TN

dgdecrypt.exe,CSS

// Allow roaming profiles to propagate DG stream
userenv.dll,CSS

// Allow FireFox installer 24esr to work on Win8.0+ 
firefox setup*,NI+PR
firefox.exe,NPR
// On Windows 10 firefox (UPX packed) installer change its name
firefox insta*,NI+PR

//-------------------------------------------
// Malwarebytes Endpoint Agent
//-------------------------------------------
mbamwsc.exe,NI+SK+NC+ND+TR+NPR+PR
endpoint agent tray.exe,NI+SK+NC+ND+TR+NPR+PR

// Quick hash app
QuickHash-v*,NI+SK+NC+ND+TR
QuickHash-Windows-x86.exe,NI
QuickHash-Windows-x64.exe,NI

// HashMyFiles 
HashMyFiles.exe,NI

// Adobe APPs 
Illustrator_Set-Up.exe,NI
InDesign_Set-Up.exe,NI
Photoshop_Set-Up.exe,NI

// Spotify is an interactive music and media player
spotify.exe,NI+SK+NC+ND+TR

// 64-bit total commander, see DGAGENT-6741/DGAGENT-490
TOTALCMD64.EXE,SB

// Chrome.exe
chrome.exe,NR+NPR

//----------------------------------------
// Windows 10
//----------------------------------------
// License checker
ClipUp.exe,NI+SK+NC+ND+TR
// Cortana 
SearchUI.exe,NI+SK+NC+ND+TR 

//Facebook.exe: multiple issues
Facebook.exe,NI
Flipboard.exe,NI

//add a series of flags on several applications: Kaspersky, Bromium, Cisco VPN, Bitlocker, various development apps
klnagent.exe,SK+NI+NC+ND+NA+RU+NV
ccmexec.exe,SK+TR+NI+NC+ND+PR
microsoft.confi,SK+TR+NI+NC+ND+PR

vpnagent-exe,SK+TR+NI+NC+ND
vpnui.exe,SK+TR+NI+NC+ND
msseces.exe,SK+TR+NI+NC+ND
ccleaner.exe,SK+TR+NI+NC+ND
ccleaner64.exe,SK+TR+NI+NC+ND
atmgr.exe,SK+TR+NI+NC+ND
vpxclient.exe,SK+TR+NI+NC+ND
// we want to capture from mstsc.exe
//mstsc.exe,SK+TR+NI+NC+ND
rdcman.exe,SK+TR+NI+NC+ND
citrixonlinelau,SK+TR+NI+NC+ND
synergy.exe,SK+TR+NI+NC+ND
synergyc.exe,SK+TR+NI+NC+ND
synergyd.exe,SK+TR+NI+NC+ND
desktopSearchOu,SK+TR+NI+NC+ND
copernic.deskto,SK+TR+NI+NC+ND
vmware.exe,SK+TR+NI+NC+ND
devenv.com,TN+AW+PR
LangResGen.exe,TN+AW+PR
acrord32.exe,RP+PR+DWNG
jre*,NI
GoToMeeting.exe,SK+TR+NI+NC+ND+PR
gotomeeting la,SK+TR+NI+NC+ND+PR
gotowebinar la,SK+TR+NI+NC+ND+PR
G2minstaller.ex,SK+TR+NI+NC+ND+PR
G2minsthigh.exe,SK+TR+NI+NC+ND+PR
G2mtranscoder.e,SK+TR+NI+NC+ND+PR
G2mupdate.exe,SK+TR+NI+NC+ND+PR
G2muninstall.ex,SK+TR+NI+NC+ND+PR
SkypeSetup.exe,SK+TR+NI+NC+ND+PR
webexconnect.ex,SK+TR+NI+NC+ND+PR
CiscoCollabHost,SK+TR+NI+NC+ND+PR
dg agent manag,SK+PR
securecrt.exe,NI+PR
Mcsheartbeat.ex,SK+TR+NI+NC+ND
Swi_update64.ex,SK+TR+NI+NC+ND
ClientMRInit.ex,SK+TR+NI+NC+ND
EMLibUpdateAgen,SK+TR+NI+NC+ND
BackgroundScanC,SK+TR+NI+NC+ND
SAVCleanupServi,SK+TR+NI+NC+ND
configuresav.ex,SK+TR+NI+NC+ND
sdcdevconia64.e,SK+TR+NI+NC+ND
sdcdevconx64.ex,SK+TR+NI+NC+ND
aosuimanager.ex,SK+NI+NC+ND+NA+NV
clndiag.exe,SK+NI+NC+ND+NA+NV
cntaosuninstall,SK+NI+NC+ND+NA+NV
ipxfer.exe,SK+NI+NC+ND+NA+NV
LogServer.exe,SK+NPR
officescantouch,SK+NI+NC+ND+NA+NV
utilpfwinstcond,SK+NI+NC+ND+NA+NV
wixupgrade.exe,SK+NI+NC+ND+NA+NV
wofielauncher.e,SK+NI+NC+ND+NA+NV
callmsi.exe,SK+NI+NC+ND+NA+NV
ecls.exe,SK+NI+NC+ND+NA+NV
ecmd.exe,SK+NI+NC+ND+NA+NV
eeclnt.exe,SK+NI+NC+ND+NA+NV
eOPPFrame.exe,SK+NI+NC+ND+NA+NV
speclean.exe,SK+NI+NC+ND+NA+NV
SysInspector.ex,SK+NI+NC+ND+NA+NV
//Bit 9
agent*,SK+NI+NC+ND+TR
timedoverride.e,SK+TR+NI+NC+ND
Parityserver.ex,SK+TR+NI+NC+ND

// backup engine
wbengine.exe,NI+SK+NC+ND+TR
//Microsoft Windows Backup
sdclt.exe,NI+SK+NC+ND+TR
// volume shadow
vssvc.exe,NI+SK+NC+ND+TR
// Microsoft Update Notification
MusNotification.exe,NI+SK+NC+ND+TR+PR+NPR+NPROC
MusNotificationUX.exe,NI+SK+NC+ND+TR+PR+NPR+NPROC
// adobe 11 reader installer (PECompact on 32 bits segfaults)
reader11_en_xa_install.exe,NI+SK+NC+ND+TR
readerdc_en_xa_install.exe,NI+SK+NC+ND+TR

// Google Chrome Pre-Install
 gccheck_small.exe,NI+SK+NC+ND+TR

// Win 10 Redstone upgrade
SetupHost.exe,SK+PR,,Microsoft Corporation

//Skype
SkypeApp.exe,SK+TR+NI+NC+ND+PR
SkypeHost.exe,SK+TR+NI+NC+ND+PR

// Windows error reporting
//  Must use NPR flag
WerFault.exe,NPR+SK+NI+PR,,Microsoft Corporation
WerFaultSecure.exe,NPR+SK+NI+PR,,Microsoft Corporation
wermgr.exe,NI+NC+ND+NR+SK+TR+PR+NPR+NPROC

// Windows 10 applications that we should skip
consent.exe,SK+NI

// Oracle VirtualBox and associated programs. 
vbox-img.exe,SK+TR+NI+NC+ND+PR
vboxballoonctrl.exe,SK+TR+NI+NC+ND+PR
vboxdtrace.exe,SK+TR+NI+NC+ND+PR
vboxextpackhelperapp.exe,SK+TR+NI+NC+ND+PR
vboxheadless.exe,SK+TR+NI+NC+ND+PR
vboxmanage.exe,SK+TR+NI+NC+ND+PR
vboxnetdhcp.exe,SK+TR+NI+NC+ND+PR
vboxnetnat.exe,SK+TR+NI+NC+ND+PR
vboxsdl.exe,SK+TR+NI+NC+ND+PR
vboxsvc.exe,SK+TR+NI+NC+ND+PR
vboxtestogl.exe,SK+TR+NI+NC+ND+PR
vboxwebsrv.exe,SK+TR+NI+NC+ND+PR
virtualbox.exe,SK+TR+NI+NC+ND+PR

// Windows Defender Application Guard Manager
hvsimgr.exe,SK+NI+NC+ND+NA+NV+NPR

// Suppress Noisy Processes to prevent server being flooded with pi data
conhost.exe,NI+NC+ND+NR+SK+TR+PR+NPR+NPROC
mavinject32.exe,NI+NC+ND+NR+SK+TR+PR+NPR+NPROC
powercfg.exe,NI+NC+ND+NR+SK+TR+PR+NPR+NPROC
WmiApSrv.exe,NI+NC+ND+NR+SK+TR+PR+NPR+NPROC
wermgr.exe,NI+NC+ND+NR+SK+TR+PR+NPR+NPROC
splunk.exe,NI+NC+ND+NR+SK+TR+PR+NPR+NPROC
splunkd.exe,NI+NC+ND+NR+SK+TR+PR+NPR+NPROC
MpSigStub.exe,NI+NC+ND+NR+SK+TR+PR+NPR+NPROC
ngen.exe,NI+NC+ND+NR+SK+TR+PR+NPR+NPROC
mscorsvw.exe,NI+NC+ND+NR+SK+TR+PR+NPR+NPROC
PresentationFontCache.exe,NI+NC+ND+NR+SK+TR+PR+NPR+NPROC
ngentask.exe,NI+NC+ND+NR+SK+TR+PR+NPR+NPROC
MSOSYNC.exe,NI+NC+ND+NR+SK+TR+PR+NPR+NPROC
OSPPSVC.exe,NI+NC+ND+NR+SK+TR+PR+NPR+NPROC
OfficeC2RClient.exe,NI+NC+ND+NR+SK+TR+PR+NPR+NPROC
OfficeClickToRun.exe,NI+NC+ND+NR+SK+TR+PR+NPR+NPROC
AdobeARM.exe,NI+NC+ND+NR+SK+TR+PR+NPR+NPROC
armsvc.exe,NI+NC+ND+NR+SK+TR+PR+NPR+NPROC

// Microsoft Edge default visibility
browser_broker.exe,NPR,,Microsoft Corporation
MicrosoftEdge.exe,NPR,,Microsoft Corporation
MicrosoftEdgeCP.exe,NPR,,Microsoft Corporation
microsoftedgeupdate.exe,NI+SK+TR+NC+ND+PR+NPR,,Microsoft Corporation

// Microsoft Edge Chromium default visibility
msedge.exe,NPR,,Microsoft Corporation

// Microsoft Management Console
mmc.exe,NPR,,Microsoft Corporation

// MS User-mode font driver
fontdrvhost.exe,NI,,Microsoft Corporation

dllhost.exe,NPR


// UWP aka Metro Apps to be excluded from COM_MetroSensor load
WhatsApp.exe,NMET

//
// v8.0.1
//

//-- MSP APPROVED ---------------------------------------------
//-- Windows Workstation only ---------------------------------
//-- Ver9 Dt.09/05/2024----------------------------------------
//
//****IMP NOTE - PLEASE DO NOT MAKE ANY CHANGES TO THIS SECTION****
//*********Do file a support ticket for any issues/updates*********
//-------------------------------------------------------------
//---- Section 1----
//=========================================================================
//----ANTI-VIRUS EXCLUSIONS - Version 9.2
//=========================================================================

//AppSense
cca.exe,SK+NPR
ccacmd.exe,SK+NPR
ccarebootmonitor.exe,SK+NPR
emcoreservice.exe,SK+NPR
emexit.exe,SK+NPR
emloggedonuser.exe,SK+NPR
empshost.exe,SK+NPR
emsystem.exe,SK+NPR
emuser.exe,SK+NPR
emuserlogoff.exe,SK+NPR
emvirtualizationhost.exe,SK+NPR
emwow64.exe,SK+NPR
endpointselfservice.exe,SK+NPR
pmagent.exe,SK+NPR
pmagentassist.exe,SK+NPR
watchdogagent64.exe,SK+NPR
AsModLdr.sys,SK
EmDriver.sys,SK

//ARESPP
APPClientFixHelper.exe,SK+NPR
APPCurrentSetting.exe,SK+NPR
ARESPPBrowser.exe,SK+NPR
ARESPPClientService.exe,SK+NPR
ARESPPCommonService.exe,SK+NPR
ARESPPEncryptService.exe,SK+NPR
ARESPPLogService.exe,SK+NPR
ARESPPPKMService.exe,SK+NPR
ARESPrivacyProtectorAPDReader.exe,SK+NPR
ARESPrivacyProtectorClient.exe,SK+NPR
BGBackup.exe,SK+NPR
BGEncrypt.exe,SK+NPR
CheckARESFile.exe,SK+NPR
DragDropHelper.exe,SK+NPR
Encryptexe".exe,SK+NPR
FESFDS.exe,SK+NPR
FESFPolicy.exe,SK+NPR
ImportantNotice.exe,SK+NPR
OwnerFileCloud.exe,SK+NPR
plugin-container.exe,SK+NPR
plugin-hang-ui.exe,SK+NPR
Reg.exe,SK+NPR
Reg86.exe,SK+NPR
RequestHelper.exe,SK+NPR
Rs.exe,SK+NPR
RunAPIx64.exe,SK+NPR
RunAPIx86.exe,SK+NPR
SetEncIconSeq.exe,SK+NPR
SetServiceLocation.exe,SK+NPR
ShowARESFileInfo.exe,SK+NPR
SmartOpenHelper.exe,SK+NPR
SmartRecovery.exe,SK+NPR
TrayManager.exe,SK+NPR
UpdateIndecator.exe,SK+NPR
OsrDs2.sys,SK
OsrDt2.sys,SK
OsrIsolate.sys,SK
OsrSupport.sys,SK

//Avecto
Avecto.IC3.Client.Host.exe,SK+NPR
Defendpointservice.exe,SK+NPR
gmessagehostex,SK+NPR
PGEPOService.exe,SK+NPR
pgprogramsutil.exe,SK+NPR
pgstub.exe,SK+NPR
pgsystemtray.exe,SK+NPR
PGDriver.sys,SK

//Bitdefender
bddlpsetup.exe,SK+NPR
bdredline.exe,SK+NPR
bdreinit.exe,SK+NPR
certutil.exe,SK+NPR
deloeminfs.exe,SK+NPR
downloader.exe,SK+NPR
driverctrl.exe,SK+NPR
epag.exe,SK+NPR
epconsole.exe,SK+NPR
epintegrationservice.exe,SK+NPR
eppowerconsole.exe,SK+NPR
epsecurityservice.exe,SK+NPR
epprotectedservice.exe,SK+NPR
epupdateservice.exe,SK+NPR
genptch.exe,SK+NPR
installer.exe,SK+NPR
mitm_install_tool.exe,SK+NPR
product.configu,SK+NPR
productactionce,SK+NPR
setloadorder.exe,SK+NPR
snetcfg.exe,SK+NPR

//Bitlocker
bdeUISrv.exe,SK+NPR
bdeunlock.exe,SK+NPR
bdeunlockwizard.exe,SK+NPR

//bluecoat systems unified agent
bcua-notifier.exe,SK
bcua-service.exe,SK

//Bromium
autonomyhelper32.exe,SK+NPR
ax_installer.exe,SK+NPR
bemagent.exe,SK+NPR
bemman.exe,SK+NPR
bemreporter.exe,SK+NPR
bemsession.exe,SK+NPR
bemsup.exe,SK+NPR
bemsvc.exe,SK+NPR
br-hostconfig.exe,SK+NPR
br-init-a.exe,SK+NPR
br-init-b.exe,SK+NPR
br-init-c.exe,SK+NPR
br-init-l.exe,SK+NPR
br-init-m.exe,SK+NPR
br-init-n.exe,SK+NPR
br-init-o.exe,SK+NPR
br-init-p.exe,SK+NPR
br-init-w.exe,SK+NPR
Br-uxendm.exe,SK+NPR
braxservice.exe,SK+NPR
BrChrome.exe,SK+NPR
BrConsole.exe,SK+NPR
BrDeprivilege.exe,SK+NPR
BrDesktopConsole.exe,SK+NPR
BrDownloadManager.exe,SK+NPR
BrExeScanner.exe,SK+NPR
BrGPUCheck.exe,SK+NPR
BrHostDrvSup.exe,SK+NPR
BrHostSvr.exe,SK+NPR
BrIEHelper.exe,SK+NPR
BrIEHelper64.exe,SK+NPR
BrInstaller.exe,SK+NPR
BrInstallerPopup.exe,SK+NPR
BrLauncher.exe,SK+NPR
BrLogMgr.exe,SK+NPR
BrManage.exe,SK+NPR
BrNav.exe,SK+NPR
BrPolicy.exe,SK+NPR
BrPreCheck.exe,SK+NPR
BrPrintHelper.exe,SK+NPR
BrProgressDialog.exe,SK+NPR
BrRemoteManagement.exe,SK+NPR
BrRemoteMgmtSvc.exe,SK+NPR
BrReporter.exe,SK+NPR
BrSecurityAlertInspector.exe,SK+NPR
BrService.exe,SK+NPR
BrStatusMonitor.exe,SK+NPR
bruxenctx.exe,SK+NPR
BrWinFile.exe,SK+NPR
dpinst.exe,SK+NPR
getcaps.exe,SK+NPR
HostPcapDump.exe,SK+NPR
kdd.exe,SK+NPR
uxenctl.exe,SK+NPR
uxenctx.exe,SK+NPR
uxendm.exe,SK+NPR
vhd-util.exe,SK+NPR
xenctx.exe,SK+NPR
bemk.sys,SK
brfilter_*,SK

//CarbonBlack
carbonblackclient.exe,SK+NPR
cb.exe,SK+NPR
cb1.exe,SK+NPR
crawler.exe,SK+NPR
dascli.exe,SK+NPR
notifier.exe,SK+NPR
parity.exe,SK+NPR
parity agent*,SK+NPR
Parityserver.exe,SK+NPR
Parityreporter.exe,SK+NPR
timedoverride.exe,SK+NPR
carbonblackk.sys,SK
parity.sys,SK

//CarbonBlack Defense
Repcli.exe,SK+NPR
RepMgr.exe,SK+NPR
RepMgr64.exe,SK+NPR
RepUtils.exe,SK+NPR
RepUtils32.exe,SK+NPR
RepUx.exe,SK+NPR
RepWAV.exe,SK+NPR
RepWAV64.exe,SK+NPR
RepWmiUtils.exe,SK+NPR
RepWmiUtils32.exe,SK+NPR
RepWSC.exe,SK+NPR
RepWSC64.exe,SK+NPR
scanhost.exe,SK+NPR
upd.exe,SK+NPR
ctifile.sys,SK
ctinet.sys,SK

//Checkpoint Endpoint Security
compliance.exe,SK+NPR
cptraylogic.exe,SK+NPR
cptrayui.exe,SK+NPR
cpda.exe,SK+NPR
daaw.exe,SK+NPR
efrservice.exe,SK+NPR
epab_svc.exe,SK+NPR
epwd.exe,SK+NPR
epam_svc.exe,SK+NPR
idafserverhostservice.exe,SK+NPR
tesvc.exe,SK+NPR
tif.exe,SK+NPR
tracsrvwrapper.exe,SK+NPR
trgui.exe,SK+NPR
vsmon.exe,SK+NPR

//Cisco AMP (Sourcefire)
audit_fireamps,SK+NPR
casetup64.exe,SK+NPR
ciscoamp.exe,SK+NPR
ConnectivityTool.exe,SK+NPR
creport.exe,SK+NPR
freshclam.exe,SK+NPR
freshclamwrap.exe,SK+NPR
imnd0c6.exe,SK+NPR
imne339.exe,SK+NPR
ipsupporttool.exe,SK+NPR
iptray.exe,SK+NPR
protectent-*,SK+NPR
sfc.exe,SK+NPR
test_workstation,SK+NPR 
uninstall.exe,SK+NPR
updater.exe,SK+NPR
ExPrevDriver.sys,SK
immunetprotect.sys,SK
immunetselfprotect,SK
ImmunetNetworkM,SK
ImmunetUtilDriver.sys,SK
trufos.sys,SK

//Crowdstrike Falcon
CrowdInspect.exe,SK+NPR
csagent.exe,SK+NPR
CSCOMUtils.exe,SK+NPR
CSDeviceControlSupportTool.exe,SK+NPR
CSFalconContainer.exe,SK+NPR
CSFalconController.exe,SK+NPR
CSFalconService.exe,SK+NPR
csfalconserviceuninstalltool_x64.exe,SK+NPR
CSInstallGuard.exe,SK+NPR
csnest.exe,SK+NPR
*csinstallerservice.exe,SK+NPR
windowssensor.exe,SK+NPR
windowssensor.x64.exe,SK+NPR
csagent.sys,SK
CSBoot.sys,SK
CSDeviceControl.sys,SK
CSFirmwareAnalysis.sys,SK
cspcm4.sys,SK
OsfmConfig.sys,SK

//CyberArk Viewfinity Agent
PASAgent.exe,SK+NPR
SIP,SK+NPR
vf_agent.exe,SK+NPR
vf_elevate.exe,SK+NPR
vf_host.exe,SK+NPR
vf_movie.exe,SK+NPR
vf_rem.exe,SK+NPR
vf_updater.exe,SK+NPR
CybKernelTracker.sys,SK
vfdrv.sys,SK
vfnet.sys,SK
vfpd.sys,SK

//Cyberhaven
cyberhaven.exe,SK+NPR
cyberhavenbackendconnector.exe,SK+NPR
cyberhavenfileoperationsendpointsensor.exe,SK+NPR
cyberhavenhealthmonitor.exe,SK+NPR
cyberhavensessionmonitor.exe,SK+NPR


//Cybereason
BlockiSvc.exe,SK+NPR
BlockSvc.exe,SK+NPR
minionhost.exe,SK+NPR
CybereasonBlo,SK+NPR
CrsSvc.exe,SK+NPR
PylumLoader.exe,SK+NPR
CrAmTray.exe,SK+NPR
ExecutionPreventionSvc.exe,SK+NPR
AmSvc.exe,SK+NPR

//Cylance
CylanceSvc.exe,SK+NPR
CylanceOPTICSSe,SK+NPR
cylanceprotect,SK+NPR
CylanceUI.exe,SK+NPR 
CyOptics.exe,SK+NPR
CyProtect.exe,SK+NPR
CyUpdate.exe,SK+NPR
LocalePkg.exe,SK+NPR
CyDevFlt*.sys,SK
CyProtectDrv*.sys,SK

// Deep Instinct
DeepCIService.exe, SK+NPR
DeepETPService.exe, SK+NPR
DeepMgmtService.exe, SK+NPR
DeepNetworkService.exe, SK+NPR
DeepRecoveryService.exe, SK+NPR
DeepRpcServer.exe, SK+NPR
DeepStaticService.exe, SK+NPR
DeepTHService.exe, SK+NPR
DeepUI.exe, SK+NPR
DeepUninstaller.exe, SK+NPR
InstallerManaged_deep.exe, SK+NPR
DeepCIDriver.sys, SK
DeepElamDriver.sys, SK
DeepMgmtDriver.sys, SK
DeepRansomDriver.sys, SK
DeepStaticDriver.sys, SK
DeepTHDriver.sys, SK

// Dell Systems Management Data and Event Managers
AppUpdate.exe,SK+NPR
DRVUpdate.exe,SK+NPR
DsiaSrv32.exe,SK+NPR
dsm_sa_datamgr64.exe,SK+NPR
dsm_sa_eventmgr64.exe,SK+NPR
invcol.exe,SK+NPR
SalomonDock.exe,SK+NPR
SSDUpdate.exe,SK+NPR
//Dell tpad
apmsgfwd.exe,SK+NPR
apntex.exe,SK+NPR
apoint.exe,SK+NPR
apremote.exe,SK+NPR
hidfind.exe,SK+NPR
hidmonitorsvc.exe,SK+NPR
//Dell Red Cloak
authtap64.exe,SK+NPR
cyclorama64.exe,SK+NPR
groundling64.exe,SK+NPR
inspector64.exe,SK+NPR
lacuna64.exe,SK+NPR
procwall64.exe,SK+NPR
rcnotify.exe,SK+NPR
redcloak.exe,SK+NPR
//Dell DataVault
ddvcollectorsvcapi.exe,SK+NPR
ddvdatacollector.exe,SK+NPR
ddvrulesprocessor.exe,SK+NPR
cmgcrypt.sys,SK
cmgffe.sys,SK
cmgshpt.sys,SK
nvapiw.exe,SK+PR
rsabcm.sys,SK
rsabcmcfg.sys,SK
//Dell SupportAssistagent
dsapi.exe,SK+NPR
pcdrwi.exe,SK+NPR
supportassist.exe,SK+NPR
supportassistinstaller.exe,SK+NPR
supportassistdownloadmanager.exe,SK+NPR
systemidlecheck.exe,SK+NPR
updaterui.exe,SK+NPR
//Dell Windows APPS
dellcommandupdate.exe,SK+NPR
premiercolor.exe,SK+NPR
startuptask.exe,SK+NPR
supportassistappwire.exe,SK+NPR
//Dell Updateservice
invcol.exe,SK+NPR
invcolpc.exe,SK+NPR
serviceshell.exe,SK+NPR
//Dell PPO
dellpoaevents.exe,SK+NPR
dellpoaeventslauncher.exe,SK+NPR
//Dell Kase
kschedulersvc.exe,SK+NPR
AMPAgent.exe,SK+NPR
AMPWAtchDog.exe,SK+NPR
konea.exe,SK+NPR
kpatch.exe,SK+NPR
kswmetersvc.exe,SK+NPR

//F-Secure
fsaua-poll.exe,SK+NPR
fsaua-reset.exe,SK+NPR
fsaua-update.exe,SK+NPR
fsdevcon.exe,SK+NPR
fsdiag.exe,SK+NPR
fshoster64.exe,SK+NPR
fsorsp64.exe,SK+NPR
FsPisces.exe,SK+NPR
fsscan.exe,SK+NPR
fssua.exe,SK+NPR
fssua_pending_updates_32.exe,SK+NPR
fssua_pending_updates_64.exe,SK+NPR
fsulprothoster.exe,SK+NPR
fs_ccf_cosmos_tool_32.exe,SK+NPR
fs_latebound_32.exe,SK+NPR
fs_ols_ca.exe,SK+NPR
fs_oneclient_info.exe,SK+NPR
fs_restart_32.exe,SK+NPR
fs_start_menu_manager_32.exe,SK+NPR
fs_swup_channel_handler_32.exe,SK+NPR
fs_ui_32.exe,SK+NPR
fs_uninstall_32.exe,SK+NPR
ilaunchr.exe,SK+NPR
orspdiag64.exe,SK+NPR
reset_id_tool_32.exe,SK+NPR
resetuid.exe,SK+NPR
ultralight_diag.ex,SK+NPR
wa_3rd_party_host_32.exe,SK+NPR
wa_3rd_party_host_64.exe,SK+NPR

fselms.sys,SK
fsni64.sys,SK
fsulgk.sys,SK
nif2s64.sys,SK

fsabout.exe,TR+NI+NC+ND+NPR
fsactiononinfection.exe,TR+NI+NC+ND+NPR
sappfilecontrol.exe,TR+NI+NC+ND+NPR
fsbanking.exe,TR+NI+NC+ND+NPR
fsconcheckhelper.exe,TR+NI+NC+ND+NPR
fsconnectionchecker.exe,TR+NI+NC+ND+NPR
fseventhistory.exe,TR+NI+NC+ND+NPR
fshelp.exe,TR+NI+NC+ND+NPR
fsmaincorporate.exe,TR+NI+NC+ND+NPR
fsnetworkisolation.exe,TR+NI+NC+ND+NPR
fsscanwizard.exe,TR+NI+NC+ND+NPR
fssettings.exe,TR+NI+NC+ND+NPR
fsswup.exe,TR+NI+NC+ND+NPR
fsswupblockingprocesses.exe,TR+NI+NC+ND+NPR
fsturnoff.exe,TR+NI+NC+ND+NPR
fsturnon.exe,TR+NI+NC+ND+NPR
fswebsites.exe,TR+NI+NC+ND+NPR
ulu.exe,TR+NI+NC+ND+NPR
ulu_handler.exe,TR+NI+NC+ND+NPR
ulu_handler_ns.exe,TR+NI+NC+ND+NPR

//fireeye
//fireeye
AppUIMonitor.exe,SK+NPR
fireeyeagent.exe,SK+NPR
magent.exe,SK+NPR
RemediationWSC.exe,SK+NPR
uncontain.exe,SK+NPR
xagt.exe,SK+NPR
xagtnotif.exe,SK+NPR

//Forcepoint One Agent (Proxy/DLP)
fppsvc.exe,SK+NPR
f1eui.exe,SK+NPR
proxyui.exe,SK+NPR

//Fortra Lookout
Lookout.exe,SK+NPR
LookoutLibService.exe,SK+NPR
LookoutProxy.exe,SK+NPR
LookoutService.exe,SK+NPR

// FortiClient/Fortinet AV
epcuseravatar.exe,SK+NPR
fcappdb.exe,SK+NPR
fcauth.exe,SK+NPR
fccomint.exe,SK+NPR
fcconfig.exe,SK+NPR
fcdblog.exe,SK+NPR
fchelper64.exe,SK+NPR
fcsetup.exe,SK+NPR
fctsecsvr.exe,SK+NPR
fcvbltscan.exe,SK+NPR
fmon.exe,SK+NPR
forticlient.exe,SK+NPR
forticlientonl,SK+NPR
forticlientsec,SK+NPR
forticlientvpn,SK+NPR
fortielevate.exe,SK+NPR
fortiesnac.exe,SK+NPR
fortiproxy.exe,SK+NPR
fortiscand.exe,SK+NPR
fortisettings.exe,SK+NPR
fortisslvpndaemon.exe,SK+NPR
fortitray.exe,SK+NPR
ipsec.exe,SK+NPR
scheduler.exe,SK+NPR
update_task.exe,SK+NPR
vcm2.exe,SK+NPR

//Intel Security
catracker.exe,SK+NPR
mcclientanalytics.exe,SK+NPR
native_proxy.exe,SK+NPR
pefservice.exe,SK+NPR
setuppbx64.exe,SK+NPR
setuppbx86.exe,SK+NPR
truekey.exe,SK+NPR

//Pulse Juniper Networks VPN Client
64bitProxy.exe,SK+NPR
dsAccessService.exe,SK+NPR
dsmmf.exe,SK+NPR
dsTermServ.exe,SK+NPR
jamCommand.exe,SK+NPR
nsstatsdump.exe,SK+NPR
pdv.exe,SK+NPR
Pulse.exe,SK+NPR
PulseApplicationLauncher.exe,SK+NPR
PulseCompMgrInstaller.exe,SK+NPR
PulseExt.exe,SK+NPR
PulseExt64.exe,SK+NPR
pulselauncher.exe,SK+NPR
PulseSecureService.exe,SK+NPR
PulseSetupClient.exe,SK+NPR
PulseSetupClientOCX.exe,SK+NPR
PulseSetupClientOCX64.exe,SK+NPR
PulseSetupXP.exe,SK+NPR

//Kaspersky
AgentMon.exe,SK+NPR
avpsus.exe,SK+NPR
avp.exe,SK+NPR
AVPDTAgt.exe,SK+NPR
avpui.exe,SK+NPR
drvins64.exe,SK+NPR
getsysteminfo.exe,SK+NPR
integrity_check_tool.exe,SK+NPR
LogFileCleaner,SK+NPR
LiveConnect.exe,SK+NPR
LiveConnectTask,SK+NPR
KasAVSrv.exe,SK+NPR
KASetup.exe,SK+NPR
KaUsrTsk.exe,SK+NPR
kescli.exe,SK+NPR
kGetELMg64.exe,SK+NPR
klcpuld.exe,SK+NPR
klcsldcl.exe,SK+NPR
klcsngtgui.exe,SK+NPR
klcspxy.exe,SK+NPR
kldumper.exe,SK+NPR
kldw.exe,SK+NPR
KLicense.exe,SK+NPR
klmover.exe,SK+NPR
klnagchk.exe,SK+NPR
klnagntf.exe,SK+NPR
klnagwds.exe,SK+NPR
klosprep.exe,SK+NPR
klpsm.exe,SK+NPR
klrbtagt.exe,SK+NPR
klscmodchk.exe,SK+NPR
klshwmsg.exe,SK+NPR
klwd.exe,SK+NPR
klwnstman.exe,SK+NPR
klwtblfs.exe,SK+NPR
KPrtPng.exe,SK+NPR
ksnproxy.exe,SK+NPR
ktvnServer.exe,SK+NPR
kvdb_upgrader.exe,SK+NPR
modify_watcher.exe,SK+NPR
netcfg.exe,SK+NPR
patchmanager.exe,SK+NPR
proton.exe,SK+NPR
remediation.exe,SK+NPR
setup_kes.exe,SK+NPR
soyuz.exe,SK+NPR
tslauncher.exe,SK+NPR
ThumbnailCaptur,SK+NPR
Up2Date.exe,SK+NPR
vapm.exe,SK+NPR
wmi32.exe,SK+NPR
wmi64.exe,SK+NPR
wmias.exe,SK+NPR
wmiav.exe,SK+NPR
Cm_km.sys,SK
dump_klfdedmp.sys,SK
kl1.sys,SK
klbackupdisk.sys,SK
klbackupflt.sys,SK
klelam.sys,SK
klelaml.sys,SK
klfde.sys,SK
klfdedmp.sys,SK
klflt.sys,SK
klfltdev.sys,SK
klgse.sys,SK
klhk.sys,SK
klif.sys,SK
klim6.sys,SK
klkbdctl.sys,SK
klncap.sys,SK
klpd.sys,SK
klpnpflt.sys,SK
klsnsr.sys,SK
kltdi.sys,SK
klupd_KLIF_arkmon.sys,SK
klupd_KLIF_kimul.sys,SK
klupd_KLIF_klark.sys,SK
klupd_KLIF_klbg.sys,SK
klupd_KLIF_mark.sys,SK
klupd_KLIF_swmon.sys,SK
klvfs.sys,SK
klwfp.sys,SK
klwtp.sys,SK
kneps.sys,SK

//Malwarebytes
collectclientlog.exe,SK+NPR
coreinst.exe,SK+NPR
mbae.exe,SK+NPR
mbae-cli.exe,SK+NPR
mbae-setup.exe,SK+NPR
mbae-svc.exe,SK+NPR
mbae-uninstaller.exe,SK+NPR
mbae64.exe,SK+NPR
mbam.exe,SK+NPR
mbam-chameleon.exe,SK+NPR
mbam-killer.exe,SK+NPR
mbamapi.exe,SK+NPR
mbamgui.exe,SK+NPR
mbamhelper.exe,SK+NPR
mbampt.exe,SK+NPR
mbamscheduler.exe,SK+NPR
mbamservice.exe,SK+NPR
mbcloudea.exe,SK+NPR
sccomm.exe,SK+NPR

//Trellix (McAfee)
MfeFfProxy32.exe,NI+SK+TR+NC+ND+PR+NPR,,McAfee, LLC 
MfeFfCore.exe,NI+SK+TR+NC+ND+PR+NPR,,McAfee, LLC 
MfeFfCoreService.exe,NI+SK+TR+NC+ND+PR+NPR,,McAfee, LLC 
setup.exe,NI+SK+TR+NC+ND+PR+NPR,,McAfee, Inc. 
mfehidin64.exe,NI+SK+TR+NC+ND+PR+NPR,,McAfee, LLC
mfeepmpk_utility.exe,NI+SK+TR+NC+ND+PR+NPR,,McAfee, LLC
MfeEpAac.exe,NI+SK+TR+NC+ND+PR+NPR,,McAfee, LLC.
MfeEpAac_mfeprotect.exe,NI+SK+TR+NC+ND+PR+NPR,,McAfee, LLC.
mfewch.exe,SK+NPR
mfewc.exe,SK+NPR
mcschield.exe,SK+NPR
3DCompliance.exe,SK+NPR
6740xdat.exe,SK+NPR
Aacinfo.exe,SK+NPR
Amcfg.exe,SK+NPR
amupdate.exe,SK+NPR
AppDepotSetup_M,NI+NPR
atpconfigtool.exe,SK+NPR
ATPErrMgr.exe,SK+NPR
AuditManagerService.exe,SK+NPR
balloon32.exe,SK+NPR
Cacheinfo.exe,SK+NPR
CCuninst.exe,SK+NPR
Cleanup.exe,SK+NPR
CmdAgent.exe,SK+NPR
contentupdate.exe,SK+NPR
csscan.exe,SK+NPR
dainstall.exe,SK+NPR
dxlservice.exe,SK+NPR
dxlservicemonitor.exe,SK+NPR
engineMain.exe,SK+NPR
EngineServer.exe,SK+NPR
entvutil.exe,SK+NPR
epefprtrainer.exe,SK+NPR
EpePcCredentialProvider,SK+NPR
EpePcMonitor.exe,SK+NPR
Esconfigtool.exe,SK+NPR
f00imcli.exe,SK+NPR
fcags.exe,SK+NPR
FireSvc.exe,SK+NPR
FireTray.exe,SK+NPR
FramePKG.exe,SK+NPR
FrameworkService.exe,SK+NPR
FrmInst.exe,SK+NPR
Fwinfo.exe,SK+NPR
Fwinstcheck.exe,SK+NPR
fwWindowsFirewall,SK+NPR
hcinfo.exe,SK+NPR
Helper.exe,SK+NPR
HIPSCoreReg.exe,SK+NPR
HIPSvc.exe,SK+NPR
Loadsapr.exe,SK+NPR
logparser.exe,SK+NPR
macmnsvc.exe,SK+NPR
macompatsvc.exe,SK+NPR
macomserver.exe,SK+NPR
maconfig.exe,SK+NPR
marepomirror.exe,SK+NPR
marservice.exe,SK+NPR
masvc.exe,SK+NPR
mcadmin.exe,SK+NPR
McAfee_Safeboot,SK+NPR
McAfee_Virussca,NI+NPR
McAfeeAV_def.ex,NI+NPR
McAfeeFire.exe,SK+NPR
mcconsol.exe,SK+NPR
mcdatrep.exe,SK+NPR
McSACore.exe,SK+NPR
McScanCheck.exe,SK+NPR
McScript_InUse,SK+NPR
McShield.exe,SK+NPR
McTray.exe,SK+NPR
mcupdate.exe,SK+NPR
mcvsftsn.exe,SK+NPR
mcvsmap.exe,SK+NPR
mcvsrte.exe,SK+NPR
mcvsshld.exe,SK+NPR
mfeamcin.exe,SK+NPR
mfeann.exe,SK+NPR
mfeatp.exe,SK+NPR
mfecanary.exe,SK+NPR
mfeConsole.exe,SK+NPR
mfeensppl.exe,SK+NPR
MfeEpeHost.exe,SK+NPR
mfeEsp.exe,SK+NPR
mfefire.exe,SK+NPR
mfefw.exe,SK+NPR
mfehcs.exe,SK+NPR
mfehidin.exe,SK+NPR
mfemactl.exe,SK+NPR
mfemms.exe,SK+NPR
mfeProvisionMod,SK+NPR
mfeSysPrep.exe,SK+NPR
mfeTp.exe,SK+NPR
mfeupgradeTool.exe,SK+NPR
mfevtps.exe,SK+NPR
mghtml.exe,SK+NPR
mmsinfo.exe,SK+NPR
msaconfig.exe,SK+NPR
Mue.exe,SK+NPR
mvagtsvc.exe,SK+NPR
mytilus3_server,SK+NPR
naPrdMgr.exe,SK+NPR
ncdaemon.exe,SK+NPR
NCInstall.exe,SK+NPR
NdisInstall.exe,SK+NPR
PASysTray.exe,SK+NPR
pireg.exe,SK+NPR
policyupgrade.exe,SK+NPR
pwdUninstall.exe,SK+NPR
restartvse.exe,SK+NPR
sbClientMan.exe,SK+NPR
sbTOKWatch.exe,SK+NPR
scan32.exe,SK+NPR
Scan64.exe,SK+NPR
ScnCfg32.exe,SK+NPR
scsrvc.exe,SK+NPR
setupATP.exe,SK+NPR
setupCC.exe,SK+NPR
setupEP.exe,SK+NPR
setupFW.exe,SK+NPR
setupTP.exe,SK+NPR
setupVSE.exe,SK+NPR
setupWC.exe,SK+NPR
shcfg32.exe,SK+NPR
shstat.exe,SK+NPR
TIEservice.exe,SK+NPR
UdaterUI.exe,SK+NPR
VersionInformation.exe,SK+NPR
VSE87MAS.exe,SK+NPR
VsTskMgr.exe,SK+NPR
Vtpinfo.exe,SK+NPR
WinSecCtr.exe,SK+NPR
wscavexe.exe,SK+NPR
fireNfcp.sys,SK
HIPshieldK.sys,SK
mfeaack.sys,SK
Mfeaacsk.sys,SK
mfeapfk.sys,SK
mfeavfk.sys,SK
mfebopk.sys,SK
mfeclnk.sys,SK
mfeclnrk.sys,SK
mfedisk.sys,SK
mfeelamk.sys,SK
mfeepmpk.sys,SK
mfefirek.sys,SK
mfehck.sys,SK
mfehidk.sys,SK
mfencbdc.sys,SK
mfencrk.sys,SK
mfenlfk.sys,SK
mfeplk.sys,SK
mferkdet.sys,SK
Mfetdik2.sys,SK
mfetdi2k.sys,SK
mfewfpk.sys,SK

// Microsoft EMET
emet_agent.exe,SK+NPR
emet_service.exe,SK+NPR

// Microsoft Information Protection (aka MIP or AIP)
MSIP.ExecutionHost.exe,SK+NPR
MSIP.ExecutionHost32.exe,SK+NPR
MSIP.NetworkDiscovery.exe,SK+NPR
MSIP.Scanner.exe,SK+NPR
msip.viewer.exe,SK+NPR


//n-able technologies avdefender
agentmaint.exe,SK+NPR
automationmanager.scriptrunner64.exe,SK+NPR
bdredline.exe,SK+NPR
downloader.exe,SK+NPR
epconsole.exe,SK+NPR
genptch.exe,SK+NPR
nableavdbridge.exe,SK+NPR
nablereactivemanagement.exe,SK+NPR
nablesixtyfourbitmanager.exe,SK+NPR
redpatch0.exe,SK+NPR
shadowprotectdatareader.exe,SK+NPR
testinitsigs.exe,SK+NPR
thirdpartypatch.exe,SK+NPR
wuascanner.exe,SK+NPR

//NOD32
egui.exe,SK+NPR
ekrn.exe,SK+NPR
eset-remote-install.exe,SK+NPR
sha1sum.exe,SK+NPR
eraagent.exe,SK+NPR
insthelper.exe,SK+NPR

//PaloAlto Cortex
Cydump.exe,SK+NPR
cyreport.exe,SK+NPR
cyrprtui.exe,SK+NPR
cyserver.exe,SK+NPR
cytool.exe,SK+NPR
cytray.exe,SK+NPR
CyveraConsole.exe,SK+NPR
CyveraService.exe,SK+NPR
CyveraWdg.exe,SK+NPR
GetLogsUtilAgent.exe,SK+NPR
tlaservice.exe,SK+NPR
tlaworker.exe,SK+NPR
twdservice.exe,SK+NPR
xdrhealth.exe,SK+NPR
cyverak.sys,SK
cyvrfsfd.sys,SK
cyvrlpc.sys,SK
cyvrmtgn.sys,SK
tdevflt.sys,SK
tedrdrv.sys,SK
tedrpers*.sys,SK

//pgp encryption
encryptionservice.exe,SK+NPR
pgpcbt64.exe,SK+NPR
pgpfsd.exe,SK+NPR
pgptray.exe,SK+NPR

//Qualys
QualysAgent.exe,SK+PR
QualysProxy.exe,SK+PR

//Rapid7 Insight Agent
get_proxy.exe,SK+NPR
ir_agent.exe,SK+NPR
rapid7_endpoint_broker.exe,SK+NPR
rapid7_events_monitor.exe,SK+NPR
rapid7_sysmon_installer.exe,SK+NPR

//RSA NetWitness Agent
Aurora.exe,SK+NPR
AuroraDriver18052.sys,SK
AuroraDriver18053.sys,SK
AuroraDriver9115.sys,SK
AuroraDriver9118.sys,SK

//Sentinal 1
LogCollector.exe,SK+NPR
SentinelAgent.exe,SK+NPR
SentinelAgentWorker.exe,SK+NPR
SentinelBrowserNativeHost.exe,SK+NPR
SentinelCtl.exe,SK+NPR
SentinelHelperService.exe,SK+NPR
SentinelInstaller.exe,SK+NPR
SentinelMemoryScanner.exe,SK+NPR
SentinelRanger.exe,SK+NPR
SentinelRemediation,SK+NPR
SentinelRemoteShellHost.exe,SK+NPR
SentinelScanFromContextMenu.exe,SK+NPR
SentinelServiceHost.exe,SK+NPR
SentinelStaticEngine.exe,SK+NPR
SentinelStaticEngineScanner.exe,SK+NPR
SentinelUI.exe,SK+NPR
SentinelDeviceControl.sys,SK
SentinelELAM.sys,SK
SentinelMonitor.sys,SK

//Sophos AutoUpdate
ALMon.exe,SK+NPR
ALsvc.exe,SK+NPR
ALUpdate.exe,SK+NPR
SophosUpdate.exe,SK+NPR

//Sophos Remote Management System
AutoUpdateAgent,SK+NPR,,sophos limited
ClientMRInit.exe,SK+NPR
EMLibUpdateAgent,SK+NPR
ManagementAgent,SK+NPR
mcsagent.exe,SK+NPR
mcsclient.exe,SK+NPR
RouterNT.exe,SK+NPR

//Sophos Sophos Anti-Virus
SAVOnAccessCont,SK+NI+NC+ND
BackgroundScanClient.exe,SK+NPR
configuresav.exe,SK+NPR
GetLogs.exe,SK+NPR,,sophos limited
instmsia.exe,SK+NPR
instmsiw.exe,SK+NPR
native.exe,SK+NPR
sav32cli.exe,SK+NPR
SAVAdminService,SK+NPR
SAVOnAccessControl,SK+NPR
SAVCleanupService,SK+NPR
SavMain.exe,SK+NPR
SavProgress.exe,SK+NPR
SavService.exe,SK+NPR
sdcdevcon.exe,SK+NPR
sdcdevconia64.exe,SK+NPR
sdcdevconx64.exe,SK+NPR
sdcservice.exe,SK+NPR
sdugui.exe,SK+NPR
Sophosavagent.exe,SK+NPR
Sophosbootask.exe,SK+NPR
sophosboottasks,SK+NPR
SophosFileScanner.exe,SK+NPR
SophosFS.exe,SK+NPR
SophosHealth.exe,SK+NPR
Sophoslogwrite.exe,SK+NPR
spa.exe,SK+NPR
wscclient.exe,SK+NPR

//Sophos Sophos Client Firewall
op_viewer.exe,SK+NPR
SCFManager.exe,SK+NPR
SCFService.exe,SK+NPR
SCFTray.exe,SK+NPR

//Sophos UTM Cloud communication
Health.exe,SK+NPR,,sophos limited
MCSagent.exe,SK+NPR
Mcsclient.exe,SK+NPR
Mcsheartbeate.exe,SK+NPR
Sntpservice.exe,SK+NPR
Ssp.exe,SK+NPR

//Sophos Web Protection
Swc_service.exe,SK+NPR
Swi_filter.exe,NI+NPR
Swi_fc.exe,NI+NPR
swi_lspdiag.exe,SK+NPR
swi_lspdiag_64.exe,SK+NPR
Swi_service.exe,SK+NPR
Swi_update64.exe,SK+NPR

//Sophos Encyption
sgnsafemodeserv,SK+TR+NI+NH+NC+ND+PR
sgnauthservicen,SK+TR+NI+NH+NC+ND+PR
sgn_masterservi,SK+TR+NI+NH+NC+ND+PR

be_encc.Exe,SK+NPR
BEDevCtl.exe,SK+NPR
BEFCSvcn.exe,SK+NPR
feinit.exe,SK+NPR
fetool.exe,SK+NPR
Html5Encrypt.exe,SK+NPR
SafeGuard Manag,SK+NPR
SGFileEncWizard.exe,SK+NPR
SGMCmdIntn.exe,SK+NPR
SGNMaster.exe,SK+NPR
SGNSafeModeService,SK+NPR
SGTelemetryWinS,SK+NPR
SGNAuthAppn.exe,SK+NPR
SGNAuthServicen.exe,SK+NPR
SGNHWInfo.exe,SK+NPR
SGNState.exe,SK+NPR
SGN_MasterService,SK+NPR
SGPortable.exe,SK+NPR
SophosSafestore64.exe,SK+NPR
RecoveryKeyAccess,SK+NPR
WMIListener.exe,SK+NPR
BEFLT.sys,SK
lcencvm.sys,SK

//Sophos Network Threat Protection
SntpService.exe,SK+NPR
SophosNtpService.exe,SK+NPR

//Sophos System Protection
SedService.exe,SK+NPR
Ssp.exe,SK+NPR
Sspedr.exe,SK+NPR

//Sophos UI
Sophos UI.exe,SK+NPR
Telemetry.exe,SK+NPR,,sophos limited

//Sophos Endpoint Self Help
SophosDiag.exe,SK+NPR
SophosESH.exe,SK+NPR

//Sophos Data Recorder
SDRService.exe,SK+NPR

//Sophos Clean Sophos
SophosClean.exe,SK+NPR
SophosCleanM.exe,SK+NPR
Uninstall.exe,SK+NPR,,sophos limited
Uninstall.exe,SK+NPR,,sophos, inc.

//Sophos Cloud Network Agent
Clambc.exe,SK+NPR
Clamconf.exe,SK+NPR
Clamdscan.exe,SK+NPR
Clamscan.exe,SK+NPR
Installer.exe,SK+NPR,,sophos limited
Jabswitch.exe,SK+NPR
Keytool.exe,SK+NPR
Kinit.exe,SK+NPR
Klist.exe,SK+NPR
Ktab.exe,SK+NPR
Orbd.exe,SK+NPR
Pack200.exe,SK+NPR
Policytool.exe,SK+NPR
R.exemid,SK+NPR
Rmiregistry.exe,SK+NPR
Servertool.exe,SK+NPR
Sigtool.exe,SK+NPR
SophosAgentRela,SK+NPR
SophosAgentUI.exe,SK+NPR
SophosCertMgr.exe,SK+NPR
Sophos-cwg-moni,SK+NPR
SophosCWGScanner,SK+NPR
Ssvagent.exe,SK+NPR
Tnameserv.exe,SK+NPR
Unpack200.exe,SK+NPR

//Sophos for virtual environments
sgvmmanagementservice.exe,SK+NPR
sgvmscanningintegrationservice.exe,SK+NPR
sgvmscanningservice.exe,SK+NPR
wscclient.exe,SK+NPR

//sophos virus removal tool
svrtcli.exe,SK+NPR
svrtservice.exe,SK+NPR

//Symantec Endpoint Protection
alunotify.exe,SK+NPR
aluschedulersvc.exe,SK+NPR
aupdate.exe,SK+NPR
AutoExcl.exe,SK+NPR
bhca.exe,SK+NPR
brkrprcs64.exe,SK+NPR
ccApp.exe,SK+NPR
ccEvtMgr.exe,SK+NPR
ccSetMgr.exe,SK+NPR
DefWatch.exe,SK+NPR
DevViewer.exe,SK+NPR
DoScan.exe,SK+NPR
dot1xtray64.exe,SK+NPR
DWHWizrd.exe,SK+NPR
edpa.exe,SK+NPR
EFAInst.exe,SK+NPR
FixExtend.exe,SK+NPR
installTeefer.exe,SK+NPR
LDVPREG.exe,SK+NPR
lsetup.exe,SK+NPR
luall.exe,SK+NPR
LuaWrap.exe,SK+NPR
lucallbackproxy.exe,SK+NPR
luinit.exe,SK+NPR
nlnhook.exe,SK+NPR
Rtvscan.exe,SK+NPR
SavRoam.exe,SK+NPR
SPBBCSvc.exe,SK+NPR
symantecrootins,SK+NPR
VPC32.exe,SK+NPR
VPDN_LU.exe,SK+NPR
VPTray.exe,SK+NPR
Checksum.exe,SK+NPR
ControlAP.exe,SK+NPR
dot1xtray.exe,SK+NPR
LUCheck.exe,SK+NPR
LuComServer_3_0,SK+NPR
LuComServer_3_3,SK+NPR
LuConfig.EXE,SK+NPR
migrateUserScans.exe,SK+NPR
NotifyHA.exe,SK+NPR
PatchWrap.exe,SK
RegSSHelper.exe,SK+NPR
RtvStart.exe,SK+NPR
SavUI.exe,SK+NPR
SEPLiveUpdate.exe,SK+NPR
SEPModuleList.exe,SK+NPR
SescLU.exe,SK+NPR
setiCollect.exe,SK+NPR
sevntx64.exe,SK+NPR
SISIDSService.exe,SK+NPR
SISIPSService.exe,SK+NPR
SISIPSUtil.exe,SK+NPR
sisnat.exe,SK+NPR
SISStatusDlg.exe,SK+NPR
SMC.exe,SK+NPR
SmcGui.exe,SK+NPR
smcinst.exe,SK+NPR
SNAC.EXE,SK+NPR
SRTSP_CA.exe,SK+NPR
Sylinkdrop.exe,SK+NPR
SymCorpUI.exe,SK+NPR
WFPUnins.exe,SK+NPR
WSCSAvNotifier.exe,SK+NPR
roru.exe,SK+NPR
SepStub.exe,SK+NPR
sepWscSvc.exe,SK+NPR
sepWscSvc64.exe, SK+NPR
BHDrvx64.sys,SK
eeCtrl64.sys,SK
EraserUtilReboo,SK
Ex64.sys,SK
IDSvia64.sys,SK
Ironx64.sys,SK
Srtsp64.sys,SK
SyDvCtrl64.sys,SK
Symefasi.sys,SK
Symevent64x86.sys,SK

//Additional for Symantec upgrade
ccSvcHst.exe,SK+NPR
ccLgView.exe,SK+NPR

//Symantec Endpoint Encryption
eacommunicatorsrv.exe,SK+NPR
eafrclimanager.exe,SK+NPR
eedService.exe,SK+NPR
EERApplication.exe,SK+NPR
EAFRCliStart.exe,SK+NPR
PGPdesk.exe,SK+NPR
PGPtray.exe,SK+NPR
RemoveableMediaAccessUtility.exe,SK+NPR
eedProtectionD,SK
eedDiskEncrypt,SK
EERfsfd.sys,SK

//systrack lsiagent
jetcomp.exe,SK+NPR
lsiagent.exe,SK+NPR
lsicins.exe,SK+NPR
lsimods64.exe,SK+NPR
lsims.exe,SK+NPR
lsisupervisor.exe,SK+NPR

//Tanium
TaniumExecWrapper.exe,SK+NPR
TaniumFileInfo.exe,SK+NPR
TaniumDetect.exe,SK+NPR
TaniumEndpoint.exe,SK+NPR
TaniumEndpointIndex.exe,SK+NPR
TaniumClient.exe,SK+NPR
TaniumCX.exe,SK+NPR

//Nessus Scans
nasl.exe,SK+NPR
nessuscli.exe,SK+NPR
nessusd.exe,SK+NPR
nessus-service.exe,SK+NPR

//Nessus Agent Scans
tenable_ovaldi_2ef350e0435440418f7d33232f74f260.exe,SK+NPR
tenable_mw_scan_*.exe,SK+NPR

//Titus
Titus.Enterprise.Client.Service.exe,SK+NPR
Titus.Enterprise.HealthMonitor.Console.exe,SK+NPR
Titus.Enterprise.HealthMonitor.Service.exe,SK+NPR
Titus.FileWatcher.exe,SK+NPR
Titus.LogCollector.exe,SK+NPR
Titus.SmartRegex.TestApp.exe,SK+NPR
TitusClassificationSetup.exe,SK+NPR
TitusRMSTemplatesDownloader.exe,SK+NPR
WCFLogViewer.exe,SK+NPR

//Trendmicro including version 14 ApexOne
AosUImanager.exe,SK+NPR
AtasAgent.exe,SK+NPR
bspatch.exe,SK+NPR
build.exe,SK+NPR
build64.exe,SK+NPR
bzip2.exe,SK+NPR
CNTAoSMgr.exe,SK+NPR
CNTAoSUnInstaller.exe,SK+NPR
CompRmv.exe,SK+NPR
Dreboot64.exe,SK+NPR
dsa_control.exe,SK+NPR
dsagent.exe,SK+NPR
dsc.exe,SK+NPR
endpointbasecamp.exe,SK+NPR
ESClient.exe,SK+NPR
ESEFrameworkHost.exe,SK+NPR
ESEServiceShell.exe,SK+NPR
Instreg.exe,SK+NPR
iVPAgent.exe,SK+NPR
LogServer.exe,SK+NPR
ncfg.exe,SK+NPR
NTRmv.exe,SK+NPR
NTRtScan.exe,SK+NPR
Ofccccaupdate.exe,SK+NPR
OfcPfwSvc.exe,SK+NPR
PATCH.EXE,SK+NPR
PATCH64.EXE,SK+NPR
PccNT.exe,SK+NPR
PccNTMon.exe,SK+NPR
PccNTUpd.exe,SK+NPR
ShowMsg.exe,SK+NPR
supportconnector.exe,SK+NPR
tdiins.exe,SK+NPR
tmasutility.exe,SK+NPR
TMBMServer.exe,SK+NPR
TMBMSRV.exe,SK+NPR
tmccsf.exe,SK+NPR
Tmcsvc.exe,SK+NPR
tmextins.exe,SK+NPR
tmextins32.exe,SK+NPR
TmFpHcEx.exe,SK+NPR
TMiACAgentSvc.exe,SK+NPR
TmListen.exe,SK+NPR
tmlwfins.exe,SK+NPR
TmNTUpgd.exe,SK+NPR
tmopextins.exe,SK+NPR
tmopextins32.exe,SK+NPR
TmPfw.exe,SK+NPR
TmProxy.exe,SK+NPR
TmsaInstance64.exe,SK+NPR
TmSSClient.exe,SK+NPR
TmUninst.exe,SK+NPR
tmupgradeui.exe,SK+NPR
tmwfpins.exe,SK+NPR
TmWSCSvc.exe,SK+NPR
TSC.exe,SK+NPR
TSC64.exe,SK+NPR
UpdGuide.exe,SK+NPR
Upgrade.exe,SK+NPR
Utilpfwinstcondchecker.exe,SK+NPR
vcredist_2012u3_x64.exe,SK+NPR
vcredist_2012u3_x86.exe,SK+NPR
VSEncode.exe,SK+NPR
wofielauncher.exe,SK+NPR
wscommunicator.exe,SK+NPR
XPUpg.exe,SK+NPR
TM_CFW.sys,SK
tmactmon.sys,SK
tmcomm.sys,SK
tmeevw.sys,SK
tmevtmgr.sys,SK
tmfilter.sys,SK
tmlwf.sys,SK
tmprefilter.sys,SK
tmPreflt.sys,SK
tmtdi.sys,SK
tmumh.sys,SK
tmusa.sys,SK
tmwfp.sys,SK
tmxpflt.sys,SK
teefer2.sys,SK
VSApint.sys,SK

//Vipre
VipreEdgeProtection.exe,SK+NPR
SBAMSvc.exe,SK+NPR
SBAMTray.exe,SK+NPR
SBPIMSvc.exe,SK+NPR
TracSrvWrapper.exe,SK+NPR
sbapifs.sys,SK

//Websense
ClientInfo.exe,SK+NPR
Dserui.exe,SK+NPR
RFUI.exe,SK+NPR
WDEUtil.exe,SK+NPR
remediate.exe,SK+NPR
wepsvc.exe,SK+NPR
wsdecrypt.exe,SK+NPR
cwnep.sys,SK
qip.sys,SK
qiptdi.sys,SK
rnetcore.sys,SK
WNetCore.sys,SK
WFPRedir.sys,SK
WsOMFlt.sys,SK

//Windows Defender
configsecuritypolicy.exe,SK+NPR
mpcmdrun.exe,SK+NPR
mprecovery.exe,SK+NPR
mpuxsrv.exe,SK+NPR
msascui.exe,SK+NPR
msascuil.exe,SK+NPR
msmpeng.exe,SK+NPR
nissrv.exe,SK+NPR
wdnsfltr.exe,SK+NPR
offlinescannershell.exe,SK+NPR
mpfilter.sys,SK

//Windows Defender Advanced Threat Protection
MsSense.exe,SK+NPR
NisSrv.exe,SK+NPR
SecurityHealthService.exe,SK+NPR
sechealthui.exe,SK+NPR
sensecncproxy.exe,SK+NPR
sensendr.exe,SK+NPROC+NPR
sensesampleuploader.exe,SK+NPR
SgrmBroker.exe,SK+NPR
sppsvc.exe,SK+NPR

//Visual Studio
MSBuild.exe,SK+NPR
vshub.exe,SK+NPR
vshost*-*.exe,SK+NPR
vsga.exe,SK+NPR
perfwatson2.exe,SK+NPR
Vcpkgsrv.exe,SK+NPR
TailoredDeplo,SK+NPR
VsDebugLaunch,SK+NPR
VsDebugWERHel,SK+NPR
VsGraphicsRem,SK+NPR
devenv.exe,NC+ND+TN+AW+AS+NPR+PR
msvsmon.exe,SK+NPR
QTAgent32_40.exe,SK+NPR
QTAgent.exe,SK+NPR
QTAgent32.exe,SK+NPR

//.Net complier
csc.exe,SK+NPR
cl.exe,SK+NPR
mt.exe,SK+NPR
mt2.exe,SK+NPR

//Cisco Umbrella
dnscrypt-proxy.exe,SK+NPR+PR
acumbrellaagent.exe,SK+NPR+PR
acswgagent.exe,NPR
acnvmagent.exe,SK+NPR+PR
ERCService.exe,SK+NPR+PR
ERCInterface.exe,SK+NPR+PR
UmbrellaDiagnostic.exe,SK+NPR+PR

//-------------------------------------------------------------
//-- Windows Workstation only ---------------------------------
//-- END MSP APPROVED -----------------------------------------
//-------------------------------------------------------------

//=========================================================================
// END Application entries
//=========================================================================