AV / EDR / IPS: Actifile port, host & whitelist requirements

Issue:
Security Software blocking and disabling of Actifile may cause performance issues and/or prevent files from being encrypted/decrypted.

Possible error messages:
The underlying connection was closed. An unexpected error occur.
The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.

Resolution:
Check security applications like firewalls, behavioral analytics and EDR. Add Actifile to the AV/EDR whitelist as follows:

Step 1
Exclude the following processes:
AFAgentService.exe
AFUpdaterService.exe
AFAgentServiceManager.exe

AFContentDetector.exe

Step 2
Exclude the folder + sub folders from scanning:
C:\Program Files (x86)\Actifile Agent

Step 3 (optional – for Intrusion Prevention Systems – IPS):
URLs for whitelisting (all HTTPS port 443):
https://app.actifile.com
https://actifileapp1.azurewebsites.net

https://v2.agent-api.actifile.com

Step 4 (Optional – for behavioral type threat mitigation systems like Threatlocker):
After installing Actifile put Behavioral based systems in learning mode.
Ensure that Actifile is added to allowed list (if such a list is in use) and that Actifile isn’t ringfenced by the systems.

Usage Example:
For BitDefender, follow the exclusion directions below:
Step 1:
https://www.bitdefender.com/support/how-to-add-application-or-process-exclusions-in-bitdefender-control-center-1119.html
Step 2:
https://www.bitdefender.com/support/how-do-i-exclude-a-folder-from-being-scanned-[bitdefender-windows-8-security]-1067.html

Powered by BetterDocs