Allow the CSE app in your Anti-Virus (AV) or Endpoint Detection Response (EDR) Solutions
Configure your AV or EDR solutions to allowlist the CSE app
- Updated on Feb 27, 2026
- Overview
Overview
In some cases, an Anti-Virus (AV) or EDR solution might interfere with the Cloud Secure Edge (CSE) app because of how they interpret the app’s behaviour during installation or runtime. EDR and AV tools can flag behaviour that resembles attacks: since the CSE app is running background services, creating and modifying system files, intercepting network traffic, and maintaining a persistent connection to a cloud service, these actions can signal suspicious behaviour, especially if the EDR/AV tool doesn’t recognize the signing certificate or publisher.
Allow-listing the CSE app in your AV/EDR tool informs the tool that the CSE app software can be trusted and should be ignored during scans or behavioural analysis. This guide lays out the specific CSE app binaries for each OS that you can use to allowlist the app in your org’s AV/EDR solution.
Steps to allowlist the CSE app for Windows devices
1. For desktop app versions less than or equal to version 3.28.1, allowlist %ProgramFiles%/Banyan in your AV/EDR tool; For desktop app versions equal to or greater than 4.0.0, allowlist %ProgramFiles%/SonicWall Cloud Secure Edge.
2. If your AV/EDR tool requires that binaries must be specified, use all of the following binaries:
For CSE desktop app versions equal to or less than 3.28.1
| Binary | Description |
|---|---|
%ProgramFiles%/Banyan/Banyan.exe |
The primary app executable. |
%ProgramFiles%/Banyan/resources/elevate.exe |
Allows CSE to elevate to run admin functions. |
%ProgramFiles%/Banyan/resources/bin/banyanapp-admin.exe |
The primary service component for CSE app. |
%ProgramFiles%/Banyan/resources/bin/banyanproxy.exe |
Used for reverse proxy services. |
%ProgramFiles%/Banyan/resources/bin/banyanwgs.exe |
WireGuard for Service Tunnel. |
%ProgramFiles%/Banyan/resources/bin/sonicwall-cse-updater.exe |
Automatic updating, included in versions 3.28+. |
%ProgramFiles%/Banyan/resources/bin/wg.exe |
A utility used for banyanwg.exe operations; Removed in versions 3.28+. |
%ProgramFiles%/Banyan/resources/bin/mar-tools/*.exe |
These include certutil, modutil, pk12util, shlibsign, and signmar. These are utilities used by the app. |
For CSE desktop app versions equal to or greater than 4.0.0
| Binary | Description |
|---|---|
%ProgramFiles%/SonicWall Cloud Secure Edge/SonicWall Cloud Secure Edge.exe |
The primary app executable. |
%ProgramFiles%/SonicWall Cloud Secure Edge/resources/elevate.exe |
Allows CSE to elevate to run admin functions. |
%ProgramFiles%/SonicWall Cloud Secure Edge/resources/bin/sonicwall-cse-admin.exe |
The primary service component for CSE app. |
%ProgramFiles%/SonicWall Cloud Secure Edge/resources/bin/sonicwall-cse-proxy.exe |
Used for reverse proxy services. |
%ProgramFiles%/SonicWall Cloud Secure Edge/resources/bin/sonicwall-cse-wgs.exe |
WireGuard for Service Tunnel. |
%ProgramFiles%/SonicWall Cloud Secure Edge/resources/bin/sonicwall-cse-updater.exe |
Automatic updating, included in versions 3.28+. |
%ProgramFiles%/SonicWall Cloud Secure Edge/resources/bin/mar-tools/*.exe |
These include certutil, modutil, pk12util, shlibsign, and signmar. These are utilities used by the app. |
Steps to allowlist the CSE app for macOS devices
1. For desktop app versions older than or equal to version 3.28.1, allowlist /Applications/Banyan.app. For desktop app versions equal to or later than version 4.0.0, allowlist SonicWall Cloud Secure Edge.app.
2. If granular definitions are required, use all of the following binaries:
For CSE desktop app versions equal to or less than 3.28.1
| Binary | Description |
|---|---|
/Applications/Banyan.app/MacOS/Banyan |
|
/Applications/Banyan.app/Contents/Resources/bin/banyanapp-admin |
|
/Applications/Banyan.app/Contents/Resources/bin/banyanproxy |
|
/Applications/Banyan.app/Contents/Resources/bin/banyanwgs |
|
/Applications/Banyan.app/Contents/Resources/bin/Sonicwall-CSE-CertImporter |
|
%ProgramFiles%/SonicWall Cloud Secure Edge/resources/bin/sonicwall-cse-updater.exe |
Utility used by app for certificate installs. |
/Applications/Banyan.app/Contents/Resources/bin/SonicWall-CSE-Updater |
Used in versions 3.28+. |
/Applications/Banyan.app/Contents/Resources/bin/wg |
Removed in versions 3.28+. |
For CSE desktop app versions equal to or greater than 4.0.0
| Binary | Description |
|---|---|
/Applications/SonicWall Cloud Secure Edge.app/MacOS/SonicWall Cloud Secure Edge |
|
/Applications/SonicWall Cloud Secure Edge.app/Contents/Resources/bin/sonicwall-cse-admin |
|
/Applications/SonicWall Cloud Secure Edge.app/Contents/Resources/bin/sonicwall-cse-proxy |
|
/Applications/SonicWall Cloud Secure Edge.app/Contents/Resources/bin/sonicwall-cse-wgs |
|
/Applications/SonicWall Cloud Secure Edge.app/Contents/Resources/bin/Sonicwall-CSE-CertImporter |
|
%ProgramFiles%/SonicWall Cloud Secure Edge/resources/bin/sonicwall-cse-updater.exe |
Utility used by app for certificate installs. |
/Applications/SonicWall Cloud Secure Edge.app/Contents/Resources/bin/SonicWall-CSE-Updater |
Used in versions 3.28+. |
Steps to allowlist the CSE app for Linux devices
1. Allowlist the application’s package manager definition.
2. If the event binaries are needed, use the following:
For CSE desktop app versions equal to or less than 3.28.1
| Binary |
|---|
/opt/Banyan/banyanapp |
/opt/Banyan/resources/bin/banyanapp-admin |
/opt/Banyan/resources/bin/banyanproxy |
/opt/Banyan/resources/bin/banyanwgs |
For CSE desktop app versions equal to or greater than 4.0.0
| Binary |
|---|
/opt/SonicWall Cloud Secure Edge/sonicwallcse |
/opt/SonicWall Cloud Secure Edge/resources/bin/sonicwall-cse-admin |
/opt/SonicWall Cloud Secure Edge/resources/bin/sonicwall-cse-proxy |
/opt/SonicWall Cloud Secure Edge/resources/bin/sonicwall-cse-wgs |