AV Exclusions on Windows, Linux and MAC

This topic provides guidance on configuring anti-virus (AV) and intrusion detection system (IDS) exclusions for BigFix Remote Control on Windows, Linux, and Mac platforms. It details the specific directories and processes that should be excluded to prevent interruptions or failures during remote control sessions. Proper configuration helps ensure reliable operation and avoids common errors related to AV or IDS interference.

Remote Control AV Exclusions

BigFix Remote Control Target activity may be interrupted or “shimmed” by anti-viruses or Intrusion Detection Systems (IDS). Sometimes, it may result in failures when establishing the remote control session. To address this issue, you need configure the Anti-viruses and IDS's to exclude the following directories and processes.
Note: The specifications mentioned in this topic are related to the exclusion of folders paths and processes for real-time scans and heuristics.
Remember: Ensure that the scheduled scans are configured and enabled from a security perspective.
The following folders and sub-folder paths should be excluded:
Note: The <user> folder may contain the audit logs. Specify each sub folder to be scanned (for example: Documents), except for the .trc folder.
Windows
  • %DRIVE%:\ProgramData\BigFix\Remote Control\*
  • %DRIVE%:\Program Files (x86)\BigFix\*
  • %DRIVE%:\Program Files\BigFix\*
  • %DRIVE%:\Users\<user>\
  • %DRIVE%:\Users\<user>\.trc\*
Linux
  • %DRIVE%:/var/opt/bigfix/trc/*
  • %DRIVE%:/var/opt/bigfix/trc/target/*
  • %DRIVE%:/opt/bigfix/trc/target/*
  • %DRIVE%:/opt/BigFix/*
  • %DRIVE%:/home/<user>/
MAC
  • %DRIVE%: /Library/Application Support/com.bigfix.remotecontrol.target/*
  • %DRIVE%:/Library/LaunchDaemons/
  • %DRIVE%:/Applications/Remote Control Target.app/*
  • %DRIVE%:/Applications/Remote Control Target.app/*
  • %DRIVE%:/Users/<user>/Library/Application Support/com.bigfix.remotecontrol.target/*
  • %DRIVE%:/Users/<user>/File Transfer/*
  • %DRIVE%:/Users/<user>/*
Additionally, the following processes should be excluded:
Note: The Remote Control processes use some ports to communicate among each other (locally). The port is chosen dynamically from the OS in the following ranges:
  • On Windows Vista and later: a value between 49152 and 65535
  • On Windows Server 2003 and earlier: a value between 1025 and 5000
For more information, refer to bind function (winsock.h).
Windows
  • %DRIVE%:\Program Files (x86)\BigFix\Remote Control\Target\trc_base.exe
  • %DRIVE%:\Program Files (x86)\BigFix\Remote Control\Target\trc_gui.exe
  • %DRIVE%:\Program Files (x86)\BigFix\Remote Control\Target\trc_dsp.exe
  • %DRIVE%:\Program Files\BigFix\Remote Control\Target\trc_base.exe
  • %DRIVE%:\Program Files\BigFix\Remote Control\Target\trc_gui.exe
  • %DRIVE%:\Program Files\BigFix\Remote Control\Target\trc_dsp.exe
Linux
  • /opt/bigfix/trc/target/trc_base
  • /opt/bigfix/trc/target/trc_dsp
  • /opt/bigfix/trc/target/trc_ft
  • /opt/bigfix/trc/target/trc_gui
MAC
  • /Applications/Remote Control Target.app/Contents/MacOS/trc_base
  • /Applications/Remote Control Target.app/Contents/MacOS/trc_ft
  • /Applications/Remote Control Target.app/Contents/MacOS/trc_gui.app/Contents/MacOS/trc_gui
  • /Applications/Remote Control Target.app/Contents/MacOS/trc_dsp.app/Contents/MacOS/trc_dsp
More Information

The controller may show the gray screen or the following error message:

BigFix Remote Control is unable to control this target system because the display capture process failed to start

Also, the target log C:\ProgramData\BigFix\Remote Control\trc_base.log may show the following error:

2019.02.20-07:24:31.553 (GMT) ERROR [ 5012] GUI process didn't connect on time. Killing it
2019.02.20-07:24:31.553 (GMT) ERROR [ 5012] ERROR -19 starting GUI process