Exclusions of anti-virus software¶
If you set everything up correctly, turned on the “Total control” configuration, but mail interception doesn’t work or web-sites don’t open, most probably it’s because of some anti-virus or an application able to intercept traffic and change it in such a way that it can’t be monitored by a StaffCop agent.
To avoid these problems beforehand we recommend to add the versatile way to add exclusions for paths and executable files in anti-virus software for working processes and executable files of the StaffCop agent.
Or you can use the links given below to configure exclusions for a particular anti-virus.
- Kaspersky Endpoint Security 10
- Kaspersky Small Office Security
- ESET NOD32 Smart security
- ESET NOD32 Endpoint 5.x
- ESET Security Managment Center 7
- Avast Free Antivirus
- Symantec Endpoint Protection
- 360 Total Security
- The versatile way to add exclusions for paths and executable files
Kaspersky Endpoint Security 10¶
Make corrections on the settings of Kaspersky Endpoint Security 10as it’s given below”
- Trusted software
- Exlusions from scanning
Kaspersky Small Office Security¶
In Kaspersky Small Office Security it’s done with the help of the menu item - Settings - Additional - Network:
Note
The paths to the required setting may vary in dependance on the version of the software.
ESET NOD32 Smart security¶
There is a few ways to make Staffcop agent Eset Nod32 cooperate.
The first way¶
- Open the program by clicking the Eset Nod icon in the right part of the Windows task bar
- Open “Settings
- Open “Internet protection → Extended parameters
- Turn off HTTPS checking (option Enable checking HTTPS protocol).
The second way¶
This way is more preferable as it makes the anti-virus and Staffcop agent cooperate without any conflicts.
The essense is in adding the root certificate of Staffcop agent in the anti-virus.
Download the root certificate for the driver-version:
The certificates are to be copied to the workstation with the access to the central administrative server managing the anti-virus settings or to a local workstation if it must be imported there at the same time.
Then follow the instructions in this article, paragraph 2 (Article in Russian), to import the certificate you need the “List of known certificates” section.
This picture should be taken as the guide for importing the certificate:
When the certificate is imported it’s better to reload both the service of the Staffcop-agent and the internet browser.
To reload the agent you need to open the command line interface with Run with admin rights option and run the following commands:
c:\Windows\SysWOW64\TimeControlSvc\vmnetdrv64.exe stop
c:\Windows\SysWOW64\TimeControlSvc\vmnetdrv64.exe start
Then check the work of the web-sites on your browser once again.
Note
The paths to the required setting may vary in dependance on the version of the software.
ESET NOD32 Endpoint 5.x¶
If you are going to install StaffCop agent on a workstation you should first turn off anti-virus so it couldn’t delete agent before it’s installed.
To add exclusions for anti-virus you should open “ESET Endpoint Security”. Then press F5.
Open “Computer -> Antivirus and spyware protection -> Exclusionsadd the following exclusions:
Files:
c:\windows\auxiliaryservice.exe
c:\Windows\System32\TimeControlSvc\dpinst_32.exe
c:\Windows\System32\TimeControlSvc\vmnetdrv32.exe
c:\Windows\System32\TimeControlSvc\vmnetdrv64.exe
c:\Windows\System32\TimeControlSvc\sysprotect.exe
c:\Windows\System32\TimeControlSvc\Proxy\NtControlSvc.exe
c:\Windows\System32\TimeControlSvc\Proxy\PCController.exe
c:\Windows\System32\TimeControlSvc\Proxy\ProxyConfigurator.exe
c:\Windows\System32\TimeControlSvc\Proxy\RegisterLSP.exe
c:\Windows\System32\TimeControlSvc\Proxy\RegisterLSP64.exe
c:\Windows\System32\TimeControlSvc\Proxy\RunHiddenConsole.exe
c:\Windows\SysWOW64\TimeControlSvc\dpinst_64.exe
c:\Windows\SysWOW64\TimeControlSvc\vmnetdrv32.exe
c:\Windows\SysWOW64\TimeControlSvc\vmnetdrv64.exe
c:\Windows\SysWOW64\TimeControlSvc\sysprotect64.exe
c:\Windows\SysWOW64\TimeControlSvc\Proxy\NtControlSvc.exe
c:\Windows\SysWOW64\TimeControlSvc\Proxy\PCController.exe
c:\Windows\SysWOW64\TimeControlSvc\Proxy\ProxyConfigurator.exe
c:\Windows\SysWOW64\TimeControlSvc\Proxy\RegisterLSP.exe
c:\Windows\SysWOW64\TimeControlSvc\Proxy\RegisterLSP64.exe
c:\Windows\SysWOW64\TimeControlSvc\Proxy\RunHiddenConsole.exe
C:\Windows\SysWOW64\TimeControlSvc\*.*
C:\Windows\System32\TimeControlSvc\*.*
C:\windows\installer\*
c:\Windows\SysWOW64\TimeControlSvc
c:\Windows\System32\config\systemprofile\AppData\Roaming\TimeSvc3
c:\Windows\SysWOW64\TimeControlSvc
c:\Windows\System32\config\systemprofile\AppData\Roaming\TimeSvc3\
C:\windows\installer\*
c:\Windows\agent.msi
C:\Windows\SysWOW64\TimeControlSvc\Drivers\FileMonitorDriver\CaptureFileMonitor64.cat
C:\Windows\SysWOW64\TimeControlSvc\Drivers\FileMonitorDriver\CaptureFileMonitor64.sys
C:\Windows\SysWOW64\TimeControlSvc\Drivers\FileMonitorDriver\FileMonitorInstallation64.inf
C:\Windows\SysWOW64\TimeControlSvc\ProcObsrv.sys
C:\Windows\SysWOW64\TimeControlSvc\ProcObsrv64.sys
Note
To get rid of the conflict with antivirus at agents installation on a workstation you should disable antivirus. Or run the remote installer on a workstation with antivirus disabled.
ESET Security Managment Center 7¶
To add exclusions to the default policy open :”ESET Security Management Center:
Then switch to tab Polices - ESET Endpoint for Windows and choose policy Antivirus Balanced, click the gear icon and choose Edit
Add exclusions to DETECTION ENGINE
Open SETTINGS - DETECTION ENGINE - BASIC.
Choose section EXCLUSIONS and click Edit
In this dialog you should add the following lines one by one or import them from the file:
c:\windows\auxiliaryservice.exe
c:\Windows\System32\TimeControlSvc\dpinst_32.exe
c:\Windows\System32\TimeControlSvc\vmnetdrv32.exe
c:\Windows\System32\TimeControlSvc\vmnetdrv64.exe
c:\Windows\System32\TimeControlSvc\sysprotect.exe
c:\Windows\System32\TimeControlSvc\Proxy\NtControlSvc.exe
c:\Windows\System32\TimeControlSvc\Proxy\PCController.exe
c:\Windows\System32\TimeControlSvc\Proxy\ProxyConfigurator.exe
c:\Windows\System32\TimeControlSvc\Proxy\RegisterLSP.exe
c:\Windows\System32\TimeControlSvc\Proxy\RegisterLSP64.exe
c:\Windows\System32\TimeControlSvc\Proxy\RunHiddenConsole.exe
c:\Windows\SysWOW64\TimeControlSvc\dpinst_64.exe
c:\Windows\SysWOW64\TimeControlSvc\vmnetdrv32.exe
c:\Windows\SysWOW64\TimeControlSvc\vmnetdrv64.exe
c:\Windows\SysWOW64\TimeControlSvc\sysprotect64.exe
c:\Windows\SysWOW64\TimeControlSvc\Proxy\NtControlSvc.exe
c:\Windows\SysWOW64\TimeControlSvc\Proxy\PCController.exe
c:\Windows\SysWOW64\TimeControlSvc\Proxy\ProxyConfigurator.exe
c:\Windows\SysWOW64\TimeControlSvc\Proxy\RegisterLSP.exe
c:\Windows\SysWOW64\TimeControlSvc\Proxy\RegisterLSP64.exe
c:\Windows\SysWOW64\TimeControlSvc\Proxy\RunHiddenConsole.exe
C:\Windows\SysWOW64\TimeControlSvc\*.*
C:\Windows\System32\TimeControlSvc\*.*
C:\windows\installer\*
c:\Windows\SysWOW64\TimeControlSvc
c:\Windows\System32\config\systemprofile\AppData\Roaming\TimeSvc3
c:\Windows\agent.msi
C:\Windows\SysWOW64\TimeControlSvc\Drivers\FileMonitorDriver\CaptureFileMonitor64.cat
C:\Windows\SysWOW64\TimeControlSvc\Drivers\FileMonitorDriver\CaptureFileMonitor64.sys
C:\Windows\SysWOW64\TimeControlSvc\Drivers\FileMonitorDriver\FileMonitorInstallation64.inf
C:\Windows\SysWOW64\TimeControlSvc\ProcObsrv.sys
C:\Windows\SysWOW64\TimeControlSvc\ProcObsrv64.sys
This exclusions will help agent work on a workstation without its deletion by antivirus.
Note
If you want the polices to work correctly click the lightning icon in the line with name of edited module in the policy.
When you are done editing click FINISH button. The changes in policy will be applied on all the workstations it’s used.
By default this policy is applied on all workstation running Windows.
Note
This exclusions setting were checked on ESET Endpoint of version 7.0.2100.46.55.0.2272 and ESET Security Management Center Version 7.0 (7.0.577.0), perhaps on other versions of ESET Endpoint Antivirus\ESET Management Center - additional actions may be required. If you meet any troubles contact our support team support@staffcop.com), tell them the type of the error and your version of Management Center and Endpoint Antivirus.
Warning
If and endpoint agent was installed before the exclusions were added agent re-installation is required otherwise some modules can operate incorrectly.
Note
If your antivirus continues to delete StaffCop agent after configuring the exclusions, make sure that they were applied on workstations. To do that, open your antivirus settings and see current exclusions.
Avast Free Antivirus¶
To add global exclusions in Avast Antivirus you need to open the Avast interface and go to Settings -> General. Scroll till the Exclusions menu, click on it in the dropped list input the exclusions in the Tabs File paths, CyberCapture, Hardened Mode, you may add all the exclusions as a single line in the line Enter file path:
For 32-bit systems:
"c:\Windows\System32\TimeControlSvc";"c:\Windows\System32\TimeControlSvc\Proxy";"c:\Windows\System32\config\systemprofile\AppData\Roaming\TimeSvc3\";"c:\Windows\System32\TimeControlSvc\dpinst_32.exe";"c:\Windows\System32\TimeControlSvc\vmnetdrv32.exe";"c:\Windows\System32\TimeControlSvc\vmnetdrv64.exe";"c:\Windows\System32\TimeControlSvc\sysprotect.exe";"c:\Windows\System32\TimeControlSvc\Proxy\NtControlSvc.exe";"c:\Windows\System32\TimeControlSvc\Proxy\PCController.exe";"c:\Windows\System32\TimeControlSvc\Proxy\ProxyConfigurator.exe";"c:\Windows\System32\TimeControlSvc\Proxy\RegisterLSP.exe";"c:\Windows\System32\TimeControlSvc\Proxy\RegisterLSP64.exe";"c:\Windows\System32\TimeControlSvc\Proxy\RunHiddenConsole.exe"
For 64-bit systems:
"c:\Windows\SysWOW64\TimeControlSvc";"c:\Windows\SysWOW64\TimeControlSvc\Proxy";"c:\Windows\system32\config\systemprofile\AppData\Roaming\TimeSvc3\";"c:\Windows\SysWOW64\TimeControlSvc\dpinst_32.exe";"c:\Windows\SysWOW64\TimeControlSvc\vmnetdrv32.exe";"c:\Windows\SysWOW64\TimeControlSvc\vmnetdrv64.exe";"c:\Windows\SysWOW64\TimeControlSvc\sysprotect.exe";"c:\Windows\SysWOW64\TimeControlSvc\Proxy\NtControlSvc.exe";"c:\Windows\SysWOW64\TimeControlSvc\Proxy\PCController.exe";"c:\Windows\SysWOW64\TimeControlSvc\Proxy\ProxyConfigurator.exe";"c:\Windows\SysWOW64\TimeControlSvc\Proxy\RegisterLSP.exe";"c:\Windows\SysWOW64\TimeControlSvc\Proxy\RegisterLSP64.exe";"c:\Windows\SysWOW64\TimeControlSvc\Proxy\RunHiddenConsole.exe"
Follow this link to find the instruction on exclusions in Avast.https://support.avast.com/en-in/article/Antivirus-scan-exclusions
Setup exclusions before agent installation. Or turned off the anti-virus, install an agent, setup exclusions, turn off the anti-virus.
Turn off the anti-virus¶
The context menu «Avast Free Antivirus» in the tray command Avast shields control->Disable permanently
General exclusions¶
Settings->General->Exclusions
File paths
C:\Windows\System32\TimeControlSvc\*
C:\Windows\SysWOW64\TimeControlSvc\*
C:\Windows\System32\config\systemprofile\AppData\Roaming\TimeSvc3\*
Cyber Capture
C:\Windows\System32\TimeControlSvc\dpinst_32.exe
C:\Windows\System32\TimeControlSvc\sysprotect.exe
C:\Windows\System32\TimeControlSvc\vmnetdrv32.exe
C:\Windows\System32\TimeControlSvc\Proxy\NtControlSvc.exe
C:\Windows\System32\TimeControlSvc\Proxy\PCController.exe
C:\Windows\System32\TimeControlSvc\Proxy\ProxyConfigurator.exe
C:\Windows\System32\TimeControlSvc\Proxy\RegisterLSP.exe
C:\Windows\System32\TimeControlSvc\Proxy\RunHiddenConsole.exe
C:\Windows\SysWOW64\TimeControlSvc\dpinst_64.exe
C:\Windows\SysWOW64\TimeControlSvc\sysprotect64.exe
C:\Windows\SysWOW64\TimeControlSvc\vmnetdrv32.exe
C:\Windows\SysWOW64\TimeControlSvc\vmnetdrv64.exe
C:\Windows\SysWOW64\TimeControlSvc\Proxy\NtControlSvc.exe
C:\Windows\SysWOW64\TimeControlSvc\Proxy\PCController.exe
C:\Windows\SysWOW64\TimeControlSvc\Proxy\ProxyConfigurator.exe
C:\Windows\SysWOW64\TimeControlSvc\Proxy\RegisterLSP.exe
C:\Windows\SysWOW64\TimeControlSvc\Proxy\RegisterLSP64.exe
C:\Windows\SysWOW64\TimeControlSvc\Proxy\RunHiddenConsole.exe
“Hardened Mode
C:\Windows\System32\TimeControlSvc\dpinst_32.exe
C:\Windows\System32\TimeControlSvc\sysprotect.exe
C:\Windows\System32\TimeControlSvc\vmnetdrv32.exe
C:\Windows\System32\TimeControlSvc\Proxy\NtControlSvc.exe
C:\Windows\System32\TimeControlSvc\Proxy\PCController.exe
C:\Windows\System32\TimeControlSvc\Proxy\ProxyConfigurator.exe
C:\Windows\System32\TimeControlSvc\Proxy\RegisterLSP.exe
C:\Windows\System32\TimeControlSvc\Proxy\RunHiddenConsole.exe
C:\Windows\SysWOW64\TimeControlSvc\dpinst_64.exe
C:\Windows\SysWOW64\TimeControlSvc\sysprotect64.exe
C:\Windows\SysWOW64\TimeControlSvc\vmnetdrv32.exe
C:\Windows\SysWOW64\TimeControlSvc\vmnetdrv64.exe
C:\Windows\SysWOW64\TimeControlSvc\Proxy\NtControlSvc.exe
C:\Windows\SysWOW64\TimeControlSvc\Proxy\PCController.exe
C:\Windows\SysWOW64\TimeControlSvc\Proxy\ProxyConfigurator.exe
C:\Windows\SysWOW64\TimeControlSvc\Proxy\RegisterLSP.exe
C:\Windows\SysWOW64\TimeControlSvc\Proxy\RegisterLSP64.exe
C:\Windows\SysWOW64\TimeControlSvc\Proxy\RunHiddenConsole.exe
In case you meet any troubles with receiving/sending e-mails or connecting to the mail servers. Turn off SSL scanning in Mail Shield.
Web-sites
In case you meet any troubles with web-sites. Turn off HTTPS scanning in Web Shield
Symantec Endpoint Protection¶
Insert exclusions to the anti-virus by adding md5-hashes of agent’s files.
- How you can get the list of md5-hashes
- Download the msi-package of the agent
- Extract it to a folder (for example using 7-zip)
- Choose the tool from Microsoft: https://support.microsoft.com/en-us/help/841290
- C:\Users\user\Downloads>fciv.exe Agent -md5
Example of md5 files for agent 5.8.2465:
4a238c465e6b82aedbf5d622973e1f78 agent\agent32.exe
a0a2ee64fe7d81c3239477fc40064eee agent\agent64.exe
d29cc9b3d21eb11c9e4481f9e03069fb agent\agentguard.exe
de51f097cf8e959bea46653a280ece27 agent\agentguard64.exe
c9cd6b916453d1665f00e68cf0e23c0d agent\AtomK.sys
8e10914535837bfd897d636ccfc55117 agent\AtomK64.sys
4f64d41903808a3430da2f810c7d1be9 agent\AtomNe.inf
d52d51f3f3e1b8145a2f5a3807d1d1b4 agent\AtomNe.sys
4f64d41903808a3430da2f810c7d1be9 agent\AtomNe64.inf
19a98004822221d3155eea7941312f39 agent\AtomNe64.sys
d5bceef4368632318b719ee8d00672e5 agent\ca.pem
1cd6a3eb52360088e786fb1865460ad7 agent\capturefilemonitor.sys
dcfdb7acdd564d0335c7de47af3bf5ce agent\capturefilemonitor64.cat
88277bc9b539d24617efdd2e8b5da680 agent\capturefilemonitor64.sys
4acd0d2d05eb113fc9af1997ffc97c20 agent\CertInstaller.dll
ab412429f1e5fb9708a8cdea07479099 agent\COMDLG32.OCX
5c5e3afd499e5146fef1da5ef8a23205 agent\dbghelp.dll
e6213cec602f332bf8e868b7b8bf2bb1 agent\dpinst_32.exe
aa0a91227631a09cd075d315646fb7a9 agent\dpinst_64.exe
d429aad2b565f856c0050fe433dd6f62 agent\filemonitorinstallation.inf
d7c2adfd542e1ab45171bb910ac7f722 agent\filemonitorinstallation64.inf
ad5cc271aae36fef4c735bcbc72182a3 agent\freebl3.dll
2e723a9f46343cfcad35077a8b974e9f agent\freebl3.dll.x32
948b2ffe6b93af4de26649e6ca56a497 agent\freebl3.dll.x64
aa7311ddbabd154d837e6c7174ae494f agent\install.cmd
385bfb49a4b85facb97d410998fae0b8 agent\install64.cmd
581a1c31cd2a24c6c25d0801cb16e7c7 agent\ltvlib.dll
35c03b8c5697271912cca6b4a575fbf0 agent\ltvlib64.dll
2a715f73367254c2aea5ec234db8ef96 agent\LTVSrv.exe
ecc7d7f0d3446de36045d1d9e964fafe agent\MSCOMCTL.OCX
368356f99faabe112fb8ecbc8d4247f1 agent\NetSpy.dll
ef202600b7e52125a533662acc269d71 agent\nspr4.dll
0b8df3a7d554fc95825b4bfa3745d319 agent\nspr4.dll.x32
ea0de79777921b76af63846472da6a65 agent\nspr4.dll.x64
b328bc88747bedebf946b0b3a79392a0 agent\nss3.dll
21415b9c9fe56dbe6c04e1452a0fc379 agent\nss3.dll.x32
8964c88c2bc6910fc38165eedc5ead47 agent\nss3.dll.x64
96fef6a904a2fd758db2d6f6b7aef71c agent\nssckbi.dll
c22aeacf4df4a9ac9b73a36ac305fecb agent\nssdbm3.dll
9d78951ec792167e873db2da1e508d6c agent\nssdbm3.dll.x32
72608d091f8dec8377553cfb060c0954 agent\nssdbm3.dll.x64
68feca7c42bab4ebf5d9ed49f69e8803 agent\nssutil3.dll
566794875aafbbbf6d807bb49b422cf3 agent\nssutil3.dll.x32
3e53270908f6c32132c17a698f9187ed agent\nssutil3.dll.x64
22b7b0c777a60686309467cea5336ba7 agent\NSS_3.22_x32.manifest
f9044ff7ccaa0c9957d3fa769c02ebc7 agent\NSS_3.22_x64.manifest
af5ae74a561b7a24357974e3f8f3c733 agent\PCController.exe
6fd26d38909a2e45ac67f6c952eb7aa7 agent\plc4.dll
0d301d5d01f9698174260e8280532989 agent\plc4.dll.x32
dd3f3b98e260e0bf1f10b8227c78b52f agent\plc4.dll.x64
faa9fda24dbf7036799c18dcb155f371 agent\plds4.dll
58b3533dd0b0afa048ce8585da64e200 agent\plds4.dll.x32
d08a8605a9b749b32e3288c4e81a759a agent\plds4.dll.x64
f3c608b6c6284354b7b3eb73ddfe61b1 agent\procobsrv.inf
c0a4d27916822383e1fae2190ffefd29 agent\procobsrv.sys
f3c608b6c6284354b7b3eb73ddfe61b1 agent\procobsrv64.inf
de26051fc32a5c6f0bb97a1f94b12fd8 agent\procobsrv64.sys
3d47459223e4b9b4fd9d3dc5c33b3563 agent\ProxyConfigurator.exe
faa90a1420ca49d05879b1799e27e301 agent\register.crt
e246387386fbab28487ace4208060fa5 agent\register.key
1baf482d70379fed8f598a730747ace2 agent\RegisterLSP.exe
b0e46dcc286e3c7ff04f39314ba0e992 agent\registerlsp.ini
5e8532445332f1066a947a9a7a28de5c agent\RegisterLSP64.exe
8d754ecb71b7a9f8fe46fc6c69ee5c18 agent\RunHiddenConsole.exe
34b8b39698fc89eb6f7f4fae7a3a7ab2 agent\smime3.dll
f4ce6d7a237d92e0865d39cbf1966678 agent\smime3.dll.x32
e4ab0540b17249a61424e8be1813324f agent\smime3.dll.x64
955d34ce799477550a3c91d2cab6b7d2 agent\softokn3.dll
d92b34614239cb6884b42b0104e4f09f agent\softokn3.dll.x32
3750b2b37e49e5ec9cd1f3f7c0b56554 agent\softokn3.dll.x64
03f130710522edf8928bf8bc9bab5c9a agent\sqlite3.dll
7bee17bf28c2d895a34673690311d0c7 agent\sqlite3.dll.x32
832bc3f01c9a51a3827b4ff3f248e319 agent\sqlite3.dll.x64
8273c1264133d760fef4e4630770849f agent\ssl3.dll
741cb8d7a75480a6b4d4cee8f37460fe agent\uninstall.cmd
c01e8a0f97f4527706e36450a7eb8888 agent\uninstallproxy.cmd
2a782dfb81e7382a2856a51732e682e7 agent\uninstallproxy64.cmd
a9970042be512c7981b36e689c5f3f9f agent\wdfcoinstaller01009.dll
4da5da193e0e4f86f6f8fd43ef25329a agent\wdfcoinstaller01009x64.dll
360 Total Security¶
In the section Settings - White list, along with the files located in the folder Timecontrolsvc, you should add the exclusion for c:\windows\auxiliaryservice.exe
The versatile way to add exclusions for paths and executable files¶
Commonly these exclusions may be described the following way:
For 32-bit systems:
Folders:
c:\Windows\System32\TimeControlSvc
c:\Windows\System32\config\systemprofile\AppData\Roaming\TimeSvc3\
Files:
c:\Windows\System32\TimeControlSvc\dpinst_32.exe
c:\Windows\System32\TimeControlSvc\vmnetdrv32.exe
c:\Windows\System32\TimeControlSvc\vmnetdrv64.exe
c:\Windows\System32\TimeControlSvc\sysprotect.exe
c:\Windows\System32\TimeControlSvc\Proxy\NtControlSvc.exe
c:\Windows\System32\TimeControlSvc\Proxy\PCController.exe
c:\Windows\System32\TimeControlSvc\Proxy\ProxyConfigurator.exe
c:\Windows\System32\TimeControlSvc\Proxy\RegisterLSP.exe
c:\Windows\System32\TimeControlSvc\Proxy\RegisterLSP64.exe
c:\Windows\System32\TimeControlSvc\Proxy\RunHiddenConsole.exe
For 64-bit systems:
Folders:
c:\Windows\SysWOW64\TimeControlSvc
c:\Windows\System32\config\systemprofile\AppData\Roaming\TimeSvc3\
Files:
c:\Windows\SysWOW64\TimeControlSvc\dpinst_64.exe
c:\Windows\SysWOW64\TimeControlSvc\vmnetdrv32.exe
c:\Windows\SysWOW64\TimeControlSvc\vmnetdrv64.exe
c:\Windows\SysWOW64\TimeControlSvc\sysprotect64.exe
c:\Windows\SysWOW64\TimeControlSvc\Proxy\NtControlSvc.exe
c:\Windows\SysWOW64\TimeControlSvc\Proxy\PCController.exe
c:\Windows\SysWOW64\TimeControlSvc\Proxy\ProxyConfigurator.exe
c:\Windows\SysWOW64\TimeControlSvc\Proxy\RegisterLSP.exe
c:\Windows\SysWOW64\TimeControlSvc\Proxy\RegisterLSP64.exe
c:\Windows\SysWOW64\TimeControlSvc\Proxy\RunHiddenConsole.exe
Note
Some part of the folders and files is hidden. Keep that in mind when adding.
If the recommendations above don’t help, and for example, web-siles are still locked or some of the applications don’t work properly you should make sure that it is the Staffcop agent which influences the work of the applications and web-sites opening on users’ workstations.
Turn off the “Network monitoring” in Staffcop Settings
Switch the tumbler to the right. When monitoring is turned on don’t forget to save the configurations by clicking the “Save” button at the bottom of the page.
Sometimes, for the changes to be applied you must reload those applications on the workstations that didn’t work properly before the change of the configuration.