Tenable Patch Management acquires content directly from the Adaptiva Content Library on the TPM Server and from the AdaptivaCache folder on individual devices (Clients). Because antivirus scanning of these files can cause performance degradation,Tenable recommends excluding Tenable folders from antivirus scans.Tenable uses a secure hash to protect all distributed content against tampering or corruption, either in transit or when stored.

The Server and Client installations create a system environment variable that points to the respective install locations. For example, %ADAPTIVASERVER% maps to the following location:

C:\Program Files\Tenable\PatchServer\

%ADAPTIVACLIENT% maps to the following location:

C:\Program Files\Tenable\PatchClient\

Excluding Folders and Processes

There are two types of antivirus exclusions:

• Folders: Excludes Parent folders, including sub-folders

• Process: Excludes processes. For use when aggressive antivirus programs identify .exe processes as high-risk.

Creating Antivirus Folder Exclusions

Exclude the folders listed in the server and client exclusion tables below. The tables list the parent folders only. Make sure to exclude all sub folders.

Server and Client Folder Exclusions

Description	Exclusion
Server Installation Folder	<path>\Adaptiva\AdaptivaServer
Adaptiva Content Library (if different from the default location)	The default location of the Content Library is <path>\Adaptiva\AdaptivaServer\Data\ContentLibrary Note: This path must be excluded only if the Content Library is located in a different location from the default location.
Client Installation Folder	On Windows: <path>\Adaptiva\AdaptivaClient Note:: Update this exclusion if using a different location: <drive>\AdaptivaCache All physical drives automatically have an Adaptiva Cache folder. %windir%\SoftwareDistribution %windir% points to where Windows is installed. Default location is C:\WINDOWS Linux and MacOS: /opt/tenable/ This includes both the adaptivacache and patchclient folders for both platforms.

ConfigMgr Exclusions

If using Adaptiva OneSite with ConfigMgr, ensure that the exclusions listed below are already in place. The following paths are included here for reference and completeness:

Note: %windir% points to where Windows is installed. Default location is C:\WINDOWS

• %windir%\CCM\Logs

• %windir%\CCM\ServiceData

• %windir%\CCMCache

• %windir%\CCMSetup

Intune Management Extension Exclusions

• %ProgramFiles(x86)%\Microsoft Intune Management Extension\Content

• %windir%\IMECache

Creating Antivirus Process Exclusions

In some cases, administrators prefer to exclude processes rather than folders, particularly when aggressive antivirus programs consider the executables to be a high-risk process.

Patch Server

Note: <path> is where Patch Server is installed. By Default it is C:\Program Files\Tenable\PatchServer\

• <path>\Adaptiva\AdaptivaServer\bin\AdaptivaServerService.exe

Windows Client Service

• C:\Program Files\Tenable\PatchClient\bin\AdaptivaClientService.exe

• C:\Program Files\Tenable\PatchServer\bin\AdaptivaUserPortal.exe

• C:\Program Files\Tenable\PatchClient\bin\OneSiteClient.exe

• C:\Program Files\Tenable\PatchClient\bin\OneSiteClient64.exe

• C:\Program Files\Tenable\PatchClient\bin\amd64\OneSiteDownloader.exe

Linux and Mac Client Daemon

• /opt/tenable/patchclient/bin/adaptivaclientd

MacOS-Only Client Daemon

• /opt/tenable/patchclient/bin/adaptivauserd

ConfigMgr Client Service

In some cases, administrators prefer to exclude processes rather than folders, particularly when aggressive antivirus programs consider the executables to be a high-risk process.

• %windir%\CCM\CCMExec.exe

• %windir%\CCM\CMRCService