Tanium Server processes must be excluded from on-access scan.
An XCCDF Rule
Description
<VulnDiscussion>Similar to any other host-based applications, the Tanium Server is subject to the restrictions other system-level software may place on an operating environment. Antivirus, IPS, Encryption, or other security and management stack software may disallow the Tanium Server from working as expected. https://docs.tanium.com/client/client/requirements.html#Host_system_security_exceptions</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>
- ID
- SV-254956r961863_rule
- Severity
- Medium
- References
- Updated
Remediation - Manual Procedure
Implement exclusion policies within the antivirus software solution to exclude the on-access scanning of Tanium Server process interactions. These processes should be treated as low-risk and not scanned during read or write events.