It is a requirement that the following locations (and their sub-directories) be allowed to ensure the proper operation of Varonis on-premise software solutions. Please note that each location listed below is the default location, and may be different depending on how each component was installed.
You can locate the below access paths/directories on the DSP server, probe(s), and collector(s) within the environment:
- C/D/E:\Varonis\ (or any custom drive\path where Varonis is installed)
- %ProgramFiles%\Varonis\
- %ProgramFiles(x86)%\Varonis\
- %programdata%\Varonis\
- %temp%\VaronisInstall\
- %systemdrive%\Varonis.temp\
- %ProgramFiles%\RabbitMQ Server\
- %ProgramFiles%\erl*\
- %ProgramFiles%\Erlang OTP
- %WINDIR%\Installer
- The Varonis Working Share
- The location of the Working Share directory will vary, but it is usually created on the root of a drive on the DSP server.
- The location of the collector can be found in the Management Console as seen below:
Applications and Executables
All processes running under:
- %ProgramFiles%\Varonis\
- %ProgramFiles(x86)%\Varonis\
The locations above contain the applications and executables which run the Varonis products.
Data Transport Engine (DTE)
- C:\Windows\Temp\SMCopyAgent\
This location is needed in order to allow an executable that is used by DTE for copying files from the source to the target to function without interference.
DatAlert Analytics
This location can be found in the Management Console under Root > DSP Server > Service Components > DatAlert Analytics > Working Share Settings.
DatAnswers
- Data Sync Share
- Click Audit Share
Both of these can be found in the Management Console under DatAnswers > Edit > Edit Data Sync Share or Edit Web Server. Edit Web Server is where the location of the Click Audit Share is defined.
SOLR
All folders under:
- C:\Program Files (x86)\Solr\
- C:\Program Files (x86)\Zookeeper\
We require the above be allowed in order to prevent antivirus from blocking Solr\Zookeeper JAR files.
DataPrivilege (DP)
This is the folder where the DP web application resides. The location contains DLLs (among other files) that we don't want an antivirus to quarantine.
Data Classification Engine/Framework (DCE/DCF)
- C:\Windows\Temp\__temp_dcf\
- C:\users\<service_account>\AppData\Local\Temp\__temp_dcf\
These locations are required for DCE to extract archived files.
Note: If allowing an entire folder is not preferable, the VaronisArchiveExtractor.exe executable can instead be allowed.
Fresh Installation / Deployment
- %SystemDrive%\Windows\Temp\
On Windows file servers:
An error similar to the one below can be encountered if antivirus is allowed to scan the \Windows\Temp folder during an installation/deployment:
System.ServiceModel.FaultException: The process cannot access the file 'C:\Windows\TEMP\{GUID}\<jar file>' because it is being used by another process.
SQL Host Server(s)
If antivirus software is running on the SQL host machine, exclusions will need to be made for the following types of files:
- MDF – these file extensions are associated with SQL Server database files
- LDF – these file extensions are associated with SQL Server transaction log files
- BAK – these file extensions are associated with SQL Server backup files
- TRN – these file extensions are associated with SQL Server trace files
- All SQL Server binaries and directories
AV scans of database files can result in severe performance degradation.
Windows Fileservers
- C:\Program Files\Varonis\
- C:\Program Files (x86)\Varonis\
