Skip to main content
Skip table of contents

Cloudamize ADC – Antivirus or Endpoint Detection (EDR) Flagging

Overview

During the deployment or operation of the Cloudamize Agentless Data Collector (ADC), your Antivirus (AV) or Endpoint Detection and Response (EDR) solution (e.g., CrowdStrike, SentinelOne, Microsoft Defender) may flag ADC components as suspicious.

This typically happens because the ADC:

  • Executes remote queries via WMI and RPC.

  • Runs automated inventory scripts.

  • Communicates with Cloudamize endpoints to upload encrypted metadata.

Issues seen

  • The ADC installation fails, or files are automatically deleted.

  • Security logs report CloudamizeCurl.exe or CloudamizeAgentlessDc.exe as a "Potentially Unwanted Program" (PUP) or "Heuristic hit."

Troubleshooting Steps

Exclusion & Whitelisting

To ensure uninterrupted data collection, you should add the following directory and process exclusions to your security software.

1. Directory Exclusions

Exclude the following primary installation and data paths from real-time scanning:

  • C:\Program Files\CloudamizeAgentlessDc\

  • C:\ProgramData\CloudamizeAgentlessDc\

2. Process/Executable Exclusions

Whitelist the following specific binaries to allow them to execute and communicate over the network:

  • CloudamizeAgentlessDc.exe – The primary collection engine.

  • CloudamizeWatchdog.exe – Ensures the agent remains running.

  • CloudamizeCurl.exe – Handles the secure transmission of data to the Cloudamize console.

  • CloudamizeUI.exe – The local management interface.

3. Network/Firewall Whitelisting

If your AV includes a network firewall, ensure outgoing traffic is permitted to the Cloudamize collection endpoints (typically over port 443/HTTPS).

Reinstallation Guidelines

If the ADC has been flagged and quarantined, a simple reinstallation on the same host is often unsuccessful due to residual files and registry flags left behind during the automated uninstallation process.

  • Recommendation: Cloudamize recommends performing a fresh installation of the ADC on a different host that meets all system prerequisites. Agentless Installation Prerequisites are available in our KB here.

Backing Up Your Host List

If you have already added inventory/hosts to your collector, you must back up your configuration files before uninstalling. Failure to do so will result in the loss of your "Added Hosts" list.

1. Locate and Save Host Files

The following files contain your configuration and added nodes:

  • HostInfo.xml

  • HostInfoBackup.xml

File Locations:

  • C:\Program Files (x86)\CloudamizeAgentlessDC\

Note: These files can only be accessed by accounts belonging to the Local Administrators group. Copy these files to a neutral temporary folder, such as C:\Temp\, before proceeding with uninstallation.

2. Recovery and Migration Process

Once your files are safely backed up, follow these steps to restore your collector:

  1. Uninstall: Remove the flagged Cloudamize ADC from the original machine.

  2. Download: Obtain the latest version of the ADC from the Cloudamize portal.

  3. New Install: Install the ADC on a fresh host (or the original host if all remnants have been cleared and whitelisting is active).

  4. Restore: * Navigate to the installation folder on the new machine.

    • Copy your backed-up HostInfo.xml and HostInfoBackup.xml back into the directory.

  5. Restart Services: Open services.msc and restart:

    • Cloudamize Watchdog

    • Cloudamize Agentless

If the issue persists, please capture a screenshot of the error output and collect the log_backup.txt file from the following directory on the Cloudamize Agentless DC:

C:\Program Files (x86)\CloudamizeAgentlessDc\log_backup.txt

Please attach both the screenshot and the log file in an email to helpdesk@cloudamize.com for further investigation.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close