Skip to main content

Add the Windows Agent as a Trusted Entity

Lacework recommends that you add the agent as a trusted entity to the Windows firewall and antivirus applications on your host machine to reduce the scan duration and resource use.

While high configuration systems (16vCPU or better) may not experience any issues during scanning by the agent, lower configuration systems may experience high scan time and large CPU consumption from antivirus applications during the agent scanning. Adding the Lacework agent as a trusted entity to the Windows firewall and antivirus applications can reduce this issue.

Add the Windows Agent as an Allowed Application for Windows Firewall

Follow these steps:

  1. Log in to your Windows host machine as administrator.
  2. Select Start > Windows Security > Firewall & network protection.
  3. Click Allow an app through firewall.
  4. Click Allow another app.
  5. Click Browse, select the LWDataCollector.exe file at C:\Program Files\Lacework, then click Open.
  6. Click Add to add the Lacework Agent application.
  7. Select the Lacework Agent checkbox in the list of Allowed apps and features.
  8. Select the checkbox for the type of network (Public and Private) the Lacework Agent application can access.
  9. Click OK.

Add the Windows Agent in the Windows Defender Exclusions List

Follow these steps:

  1. Log in to your Windows host machine as administrator.
  2. Select Start > Windows Security > Virus & threat protection > Virus & threat protection settings > Manage settings.
  3. Under Exclusions, click Add or remove exclusions. The Exclusions window appears.
  4. Click Add an exclusion. A list of exclusion types appears.
  5. Select File, select the LWDataCollector.exe file at C:\Program Files\Lacework, then click Open.
  6. Repeat steps 4 and 5 to add the following files in the exclusion list:
    • C:\Program Files\Lacework\LWUpgrade.exe
    • C:\Program Files\Lacework\osqueryi.exe
    • C:\Windows\System32\drivers\lwdcs.sys

Add the Windows Agent to the Exclusions List for Other Antivirus Applications

Ensure that you have added the following files to the exclusions list of other antivirus applications running on your host machine. Refer to the documentation for your antivirus application for more information:

  • C:\Program Files\Lacework\LWDataCollector.exe
  • C:\Program Files\Lacework\LWUpgrade.exe
  • C:\Program Files\Lacework\osqueryi.exe
  • C:\Windows\System32\drivers\lwdcs.sys
Last updated on