The Tenable Patch Server installation requires an installation account with local administrator permissions on the chosen server. The installation creates a local service named AdaptivaServer, which runs under the Local System account by default.

If you use SQL Server Standard Edition or SQL Server Enterprise Edition, the installation account must also have sysadmin permissions on the SQL Server that hosts the database. For more information, see Choosing the SQL Server Edition. You may change this permission after the installation. In addition, you may also change the service account from local system to a specified service account after installation.

Server	Account	Permissions
Tenable Patch Server	Installation account Optional Service account Reporting Account	System account add to Local Administrators group If used, the account must be granted the Log On As A Service User right. Domain (recommended) or Local account
SQL Server hosting the Adaptiva Database	Tenable Patch Server SYSTEM Account Installation Account Option Service Account	During the Tenable Patch Server installation, grant sysadmin permission to the Tenable Patch Server SYSTEM account (see Set System Account Permission in SQL Management Studio). You may reduce these permissions after completing the after the Tenable Patch Server installation. SQL Server Role Sysadmin (installation account for initial installation) Minimum permissions (after installation) Adaptiva Database Security User Mapping (account running the AdaptivaServerservice) db_datareader db_datawriter db_ddladmin db_executer
Content Library	<domain>\PatchServer $ or Optional Service Account	If you choose to change the location of the Adaptiva Content Library to a remote drive/share, allow the Tenable Patch Server service account the Create, Modify, and Delete permissions to the location
Adaptiva Database	Reporting Account	The Server installation automatically grants db_datareader (read only) permissions for the SQL server (Adaptiva Database) you specify during installation.

Communication Ports

Tenable Patch Management communicates between the server and clients on a range of different ports as a network application. For a list of required ports, see Communication Port and Flow Diagrams.

Tenable Patch Server installation automatically creates Windows Firewall rules for ports in all network profiles during the Tenable Patch Server installation. If using a firewall, other than Windows Defender, you may need to manually configure the required ports to ensure communications are available.

Antivirus Exceptions

Tenable Patch Management Enterprise acquires content directly from the Adaptiva Content Library on the Tenable Patch Server and from the AdaptivaCache folder on individual devices (Clients).

Because antivirus scanning of these files can cause performance degradation,Tenable recommends excluding Tenable folders from antivirus scans.Tenable uses a secure hash to protect all distributed content against tampering or corruption, either in transit or when stored.

The Server and Client installations create a system environment variable that points to the respective install locations. For example, %ADAPTIVASERVER% maps to the following location:

C:\Program Files\Tenable\PatchServer\

%ADAPTIVACLIENT% maps to the following location:

C:\Program Files\Tenable\PatchClient\

Excluding Folders and Processes

There are two types of antivirus exclusions:

• Folders: Excludes Parent folders, including sub-folders

• Process: Excludes processes. For use when aggressive antivirus programs identify .exe processes as high-risk.

Creating Antivirus Folder Exclusions

Exclude the folders listed in the server and client exclusion tables below. The tables list the parent folders only. Make sure to exclude all sub folders.

Server and Client Folder Exclusions

Description	Exclusion
Server Installation Folder	<path>\Adaptiva\AdaptivaServer
Adaptiva Content Library (if different from the default location)	The default location of the Content Library is <path>\Adaptiva\AdaptivaServer\Data\ContentLibrary
Client Installation Folder	<path>\Adaptiva\AdaptivaClient