Allow the CSE app in your Anti-Virus (AV) or Endpoint Detection Response (EDR) Solutions
Configure your AV or EDR solutions to allowlist the CSE app
- Updated on Oct 21, 2025
Overview
In some cases, an Anti-Virus (AV) or EDR solution might interfere with the Cloud Secure Edge (CSE) app because of how they interpret the app’s behaviour during installation or runtime. EDR and AV tools can flag behaviour that resembles attacks: since the CSE app is running background services, creating and modifying system files, intercepting network traffic, and maintaining a persistent connection to a cloud service, these actions can signal suspicious behaviour, especially if the EDR/AV tool doesn’t recognize the signing certificate or publisher.
Allow-listing the CSE app in your AV/EDR tool informs the tool that the CSE app software can be trusted and should be ignored during scans or behavioural analysis. This guide lays out the specific CSE app binaries for each OS that you can use to allowlist the app in your org’s AV/EDR solution.
Steps to allowlist the CSE app for Windows devices
1. Allowlist %ProgramFiles%/Banyan in your AV/EDR tool.
2. If your AV/EDR tool requires that binaries must be specified, use all of the following binaries:
%ProgramFiles%/Banyan/Banyan.exe The primary app executable.
%ProgramFiles%/Banyan/resources/elevate.exe Allows CSE to elevate to run admin functions.
%ProgramFiles%/Banyan/resources/bin/banyanapp-admin.exe The primary service component for CSE app.
%ProgramFiles%/Banyan/resources/bin/banyanproxy.exe Used for reverse proxy services.
%ProgramFiles%/Banyan/resources/bin/banyanwgs.exe WireGuard for Service Tunnel.
%ProgramFiles%/Banyan/resources/bin/sonicwall-cse-updater.exe Automatic updating, included in versions 3.28+.
%ProgramFiles%/Banyan/resources/bin/WinSW-x64.exe A wrapper for Windows executables to run as a service.
%ProgramFiles%/Banyan/resources/bin/wg.exe A utility used for banyanwg.exe operations; Removed in versions 3.28+.
%ProgramFiles%/Banyan/resources/bin/mar-tools/*.exe These include certutil, modutil, pk12util, shlibsign, and signmar. These are utilities used by the app.
Steps to allowlist the CSE app for macOS devices
1. Allowlist /Applications/Banyan.app.
2. If granular definitions are required, use all of the following binaries:
/Applications/Banyan.app/MacOS/Banyan
/Applications/Banyan.app/Contents/Resources/bin/banyanapp-admin
/Applications/Banyan.app/Contents/Resources/bin/banyanproxy
/Applications/Banyan.app/Contents/Resources/bin/banyanwgs
/Applications/Banyan.app/Contents/Resources/bin/Sonicwall-CSE-CertImporter Utility used by app for certificate installs.
/Applications/Banyan.app/Contents/Resources/bin/SonicWall-CSE-Updater Used in versions 3.28+.
/Applications/Banyan.app/Contents/Resources/bin/wg Removed in versions 3.28+.
Steps to allowlist the CSE app for Linux devices
1. Allowlist the application’s package manager definition.
2. If the event binaries are needed, use the following:
/opt/Banyan/banyanapp
/opt/Banyan/resources/bin/banyanapp-admin
/opt/Banyan/resources/bin/banyanproxy
/opt/Banyan/resources/bin/banyanwgs