Allow the CSE app in your Anti-Virus (AV) or Endpoint Detection Response (EDR) Solutions

Configure your AV or EDR solutions to allowlist the CSE app

  • Updated on

Overview

In some cases, an Anti-Virus (AV) or EDR solution might interfere with the Cloud Secure Edge (CSE) app because of how they interpret the app’s behaviour during installation or runtime. EDR and AV tools can flag behaviour that resembles attacks: since the CSE app is running background services, creating and modifying system files, intercepting network traffic, and maintaining a persistent connection to a cloud service, these actions can signal suspicious behaviour, especially if the EDR/AV tool doesn’t recognize the signing certificate or publisher.

Allow-listing the CSE app in your AV/EDR tool informs the tool that the CSE app software can be trusted and should be ignored during scans or behavioural analysis. This guide lays out the exclusions for each OS, grouped by app version: version 4.0.0 or later and legacy versions before 4.0.0.

Individual process exclusions are subject to change between app versions. Wherever your AV/EDR tool supports it, use the wildcard folder exclusion rather than listing individual binaries — it keeps working across app updates and covers new binaries automatically. List individual binaries only if your tool cannot use a wildcard, and re-check them after upgrading the app.

Version 4.0.0 or later

Recommended: use a wildcard folder exclusion. Exclude the entire CSE application folder with a wildcard:

  • Windows: %ProgramFiles%/SonicWall Cloud Secure Edge/*
  • macOS: /Applications/SonicWall Cloud Secure Edge.app/*
  • Linux: /opt/SonicWall Cloud Secure Edge/*

If your AV/EDR tool cannot use a wildcard and requires individual binaries, use the list below for your platform.

Binary Description
%ProgramFiles%/SonicWall Cloud Secure Edge/SonicWall Cloud Secure Edge.exe The primary app executable.
%ProgramFiles%/SonicWall Cloud Secure Edge/resources/elevate.exe Allows CSE to elevate to run admin functions.
%ProgramFiles%/SonicWall Cloud Secure Edge/resources/bin/sonicwall-cse-admin.exe The primary service component for CSE app.
%ProgramFiles%/SonicWall Cloud Secure Edge/resources/bin/sonicwall-cse-admin-worker.exe Worker process spawned by the CSE admin service.
%ProgramFiles%/SonicWall Cloud Secure Edge/resources/bin/sonicwall-cse-proxy.exe Used for reverse proxy services.
%ProgramFiles%/SonicWall Cloud Secure Edge/resources/bin/sonicwall-cse-wgs.exe WireGuard for Service Tunnel.
%ProgramFiles%/SonicWall Cloud Secure Edge/resources/bin/wg.exe A utility used for WireGuard (sonicwall-cse-wgs.exe) operations.
%ProgramFiles%/SonicWall Cloud Secure Edge/resources/bin/sonicwall-cse-updater.exe Automatic updating, included in versions 3.28+.
%ProgramFiles%/SonicWall Cloud Secure Edge/resources/bin/mar-tools/*.exe These include certutil, modutil, pk12util, shlibsign, and signmar. These are utilities used by the app.
Binary Description
/Applications/SonicWall Cloud Secure Edge.app/MacOS/SonicWall Cloud Secure Edge The primary app executable.
/Applications/SonicWall Cloud Secure Edge.app/Contents/Resources/bin/sonicwall-cse-admin The primary service component for CSE app.
/Applications/SonicWall Cloud Secure Edge.app/Contents/Resources/bin/sonicwall-cse-proxy Used for reverse proxy services.
/Applications/SonicWall Cloud Secure Edge.app/Contents/Resources/bin/sonicwall-cse-wgs WireGuard for Service Tunnel.
/Applications/SonicWall Cloud Secure Edge.app/Contents/Resources/bin/Sonicwall-CSE-CertImporter Utility used by the app for certificate installs.
/Applications/SonicWall Cloud Secure Edge.app/Contents/Resources/bin/SonicWall-CSE-Updater Automatic updating, included in versions 3.28+.
Binary
/opt/SonicWall Cloud Secure Edge/sonicwallcse
/opt/SonicWall Cloud Secure Edge/resources/bin/sonicwall-cse-admin
/opt/SonicWall Cloud Secure Edge/resources/bin/sonicwall-cse-proxy
/opt/SonicWall Cloud Secure Edge/resources/bin/sonicwall-cse-wgs

Legacy versions before 4.0.0

These apply to CSE desktop app versions 3.28.1 or earlier (the Banyan-branded app). A wildcard folder exclusion works here too — %ProgramFiles%/Banyan/* (Windows), /Applications/Banyan.app/* (macOS), or /opt/Banyan/* (Linux) — and is preferred. The individual binaries are listed below if your tool requires them.

Binary Description
%ProgramFiles%/Banyan/Banyan.exe The primary app executable.
%ProgramFiles%/Banyan/resources/elevate.exe Allows CSE to elevate to run admin functions.
%ProgramFiles%/Banyan/resources/bin/banyanapp-admin.exe The primary service component for CSE app.
%ProgramFiles%/Banyan/resources/bin/banyanapp-admin-worker.exe Worker process spawned by the CSE admin service.
%ProgramFiles%/Banyan/resources/bin/banyanproxy.exe Used for reverse proxy services.
%ProgramFiles%/Banyan/resources/bin/banyanwgs.exe WireGuard for Service Tunnel.
%ProgramFiles%/Banyan/resources/bin/sonicwall-cse-updater.exe Automatic updating, included in versions 3.28+.
%ProgramFiles%/Banyan/resources/bin/wg.exe A utility used for banyanwg.exe operations.
%ProgramFiles%/Banyan/resources/bin/mar-tools/*.exe These include certutil, modutil, pk12util, shlibsign, and signmar. These are utilities used by the app.
Binary Description
/Applications/Banyan.app/MacOS/Banyan The primary app executable.
/Applications/Banyan.app/Contents/Resources/bin/banyanapp-admin The primary service component for CSE app.
/Applications/Banyan.app/Contents/Resources/bin/banyanproxy Used for reverse proxy services.
/Applications/Banyan.app/Contents/Resources/bin/banyanwgs WireGuard for Service Tunnel.
/Applications/Banyan.app/Contents/Resources/bin/Sonicwall-CSE-CertImporter Utility used by the app for certificate installs.
/Applications/Banyan.app/Contents/Resources/bin/SonicWall-CSE-Updater Automatic updating, included in versions 3.28+.
/Applications/Banyan.app/Contents/Resources/bin/wg A utility used for WireGuard operations.
Binary
/opt/Banyan/banyanapp
/opt/Banyan/resources/bin/banyanapp-admin
/opt/Banyan/resources/bin/banyanproxy
/opt/Banyan/resources/bin/banyanwgs