Whitelist Paths

If an endpoint management tool is deployed in your organization, add the Akto AI Endpoint Shield binary paths as exclusions to prevent the tool from blocking or quarantining the process.

Only the binary paths need to be excluded. Unlike broader EDR whitelisting, exclusions scoped to the executable paths are sufficient for normal operation.

Paths to Exclude

These paths apply to all endpoint management tools (Microsoft Defender, SentinelOne, CrowdStrike, and others).

macOS

Path

Description

/usr/local/bin/akto-endpoint-shield

Main binary (MDM/Jamf install)

~/.akto-endpoint-shield/bin/akto-endpoint-shield

User-level binary

Windows

Path

Description

C:\Program Files\Akto Endpoint Shield\akto-endpoint-shield.exe

Main binary

Configure for MS Defender Endpoint

The following steps are specific to Microsoft Defender for Endpoint. For other tools, refer to your vendor's documentation for adding process or path exclusions.

macOS

Directly on the Mac

Run these commands on each machine (no MDM required):

Add the process and path exclusions:

sudo mdatp exclusion process add --name akto-endpoint-shield
mdatp exclusion path add --path /usr/local/bin/akto-endpoint-shield
mdatp exclusion folder add --path ~/.akto-endpoint-shield/bin/

Verify the exclusions were applied:

mdatp exclusion list

Via Jamf Pro

Deploy a custom Microsoft Defender configuration profile with the preference domain com.microsoft.wdav.

In Jamf Pro, navigate to Computers → Configuration Profiles → + New.

Add a payload: Application & Custom Settings.

Set Preference Domain: com.microsoft.wdav.

Upload or paste the following JSON:

{
  "antivirusEngine": {
    "exclusions": [
      { "type": "path", "path": "/usr/local/bin/akto-endpoint-shield" },
      { "type": "folder", "path": "/Users/" }
    ]
  }
}

Microsoft Defender on macOS does not expand ~ in exclusion paths. Using /Users/ as a folder exclusion covers ~/.akto-endpoint-shield/ for all users on the machine.

Set Scope to target the relevant computers or groups.

Save and deploy.

Via Microsoft Intune

Go to Endpoint Security → Antivirus → Create Policy.

Select Platform: macOS and Profile: Microsoft Defender Antivirus.

Under Antivirus engine → Exclusions, add the two paths above.

Assign the policy to the relevant device group and save.

Windows

Directly on the Windows Machine

Run the following commands in an elevated PowerShell session:

Add the process and path exclusions:

Add-MpPreference -ExclusionProcess "akto-endpoint-shield.exe"
Add-MpPreference -ExclusionPath "C:\Program Files\Akto Endpoint Shield\"

Verify the exclusions were applied:

Get-MpPreference | Select-Object -ExpandProperty ExclusionProcess
Get-MpPreference | Select-Object -ExpandProperty ExclusionPath

Via Microsoft Intune

Go to Endpoint Security → Antivirus → Create Policy.

Select Platform: Windows 10, Windows 11, and Windows Server and Profile: Microsoft Defender Antivirus.

Under Microsoft Defender Antivirus Exclusions, add:

Process exclusions: akto-endpoint-shield.exe
Path exclusions: C:\Program Files\Akto Endpoint Shield\

Assign the policy to the relevant device group and save.

Get Support for your Akto setup

There are multiple ways to request support from Akto. We are available on the following:

In-app intercom support. Message us with your query on intercom in Akto dashboard and someone will reply.
Join our discord channel for community support.
Contact support@akto.io for email support.

PreviousNinjaOne Deployment (macOS)NextMosyle MDM Deployment

Last updated 5 days ago