Skip to main content
Skip table of contents

Troubleshooting Antivirus/EDR Flagging (Agent)

Overview

The Cloudamize Agent performs deep system analysis, including network connection monitoring and performance metric gathering. Because the agent uses obfuscated code and automated scripts to collect high-fidelity data, security tools (like CrowdStrike, SentinelOne, or Windows Defender) may occasionally flag these activities as suspicious or "Heuristic" threats.

Visible Symptoms

  • Agent installation fails with "Access Denied" or "Operation Not Permitted" errors.

  • The Cloudamize service starts but stops immediately (killed by EDR).

  • Inventory status in the Cloudamize Portal shows as "Inactive" despite successful installation.

  • Security dashboard alerts for CCAgent.exe or associated .sh scripts.

Required Exclusions (Whitelisting)

To ensure uninterrupted data collection, add the following paths and processes to your security software’s allow-list or exclusion list.

Windows Agent

  • Directories:

    • C:\Program Files (x86)\Cloudamize\

    • C:\ProgramData\Cloudamize\

  • Processes:

    • CCAgent.exe (The main data collection agent)

    • CCWatchdog.exe (The monitor process)

    • curl.exe (Located within the Cloudamize folder, used for data transmission)

Troubleshooting Steps

Step 1: Verify Quarantine Status

Check your Antivirus/EDR console. If Cloudamize files are found in quarantine:

  1. Restore the files.

  2. Add the File Hash (SHA-256) provided by the security alert to your global "Always Allow" list.

Step 2: Test Communication

Security tools may block the network traffic rather than the process itself. Verify the agent can reach the Cloudamize endpoints:

  • US: am.cloudamize.com (Port 443)

  • EU: am-de.cloudamize.com (Port 443)

  • Connectivity Test: curl -v https://am.cloudamize.com/cxf/test

    • Expected Result: "Server is up and running!"

Step 3: SQL Collection Exclusions

If you are collecting Advanced SQL data, the agent may trigger alerts when it downloads necessary PowerShell modules. Ensure your EDR allows PowerShell to execute scripts specifically from within the Cloudamize installation directory

If security policies strictly prohibit agent installation, please contact your Cloudamize representative to discuss alternative data collection methods.

If you have followed the steps above and continue to experience issues with the Cloudamize Agent being flagged or blocked, please reach out to our technical team for assistance. You can email the support team at helpdesk@cloudamize.com.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close