# Antivirus Exclusion Recommendations This document provides **recommended antivirus exclusion configurations** for environments where **SessionLimit Server and Agent components** are deployed. SessionLimit enforces security policies such as **session control, login limitation, credential-based authentication, and optional multi-factor authentication (2FA)** by interacting with the Windows logon process, credential providers, registry policies, and runtime system events. Due to this behavior, certain antivirus or endpoint protection solutions may incorrectly identify SessionLimit components as suspicious or may interfere with their normal operation. These exclusions are provided to ensure: * Reliable enforcement of SessionLimit security policies * Proper execution of authentication and 2FA workflows * Stable communication between SessionLimit components * Prevention of false-positive detections and silent blocking This document applies to the following SessionLimit components: * SessionLimit Server Service * SessionLimit Agent (Client & Server) * SessionLimit Web / Management Console (IIS-based) * Credential Provider and logon-related agent modules Supported deployment models: * All-in-One Server installation * Distributed Server / Database / Agent architecture * Agent deployment on Windows Servers and Windows Clients ### Supported Operating Systems #### Server Operating Systems * Windows Server 2016 * Windows Server 2019 * Windows Server 2022 * Windows Server 2025 #### Client Operating Systems * Windows 10 * Windows 11 ### Why Antivirus Exclusions Are Required SessionLimit performs the following operations that may be affected by real-time antivirus scanning or behavioral protection modules: * Integration with Windows Credential Provider framework * Logon, unlock, and RDP session interception * Real-time policy evaluation during authentication * Registry access under **HKLM** and **HKCU (SID-based)** paths * Local runtime decision-making for login and 2FA enforcement * Secure communication between Agent, Server, and Directory Services Aggressive antivirus scanning, ransomware protection, or behavioral monitoring may: * Delay or block authentication flows * Prevent 2FA prompts from appearing * Disable session limitation enforcement * Cause inconsistent or undefined security behavior For these reasons, controlled and limited exclusions are recommended. ### Recommended File-Based Exclusions The following **executable files** should be excluded individually from real-time antivirus scanning. #### Agent Components

Type	Path
File	`C:\Program Files\SessionLimit v2\SessionLimitService.exe`
File	`C:\Program Files\SessionLimit v2\SessionLimitUI.exe`
File	`C:\Program Files\SessionLimit v2\Settings\SessionLimit.LanguageSettings.exe`

#### Server Components

Type	Path
File	`C:\Program Files\SessionLimit Server 2.0\Service\SessionLimitServerService.exe`
File	`C:\Program Files\SessionLimit Server 2.0\FTW\FTW.exe`

### Data and Runtime Folder Exclusions The following directory contains runtime data, cache, and operational files used by SessionLimit:

Type	Path
Folder	`C:\ProgramData\ArkSoft\SessionLimit20\.`

### Process-Based Exclusions In addition to file exclusions, **process-based exclusions** are recommended to prevent behavioral blocking.

Component	Process Name
Agent	`SessionLimitService.exe`
Agent	`SessionLimitUI.exe`
Agent	`SessionLimit.LanguageSettings.exe`
Server	`SessionLimitServerService.exe`
Server	`FTW.exe`

### Registry Access Considerations SessionLimit uses the Windows Registry to store configuration, policy, and runtime information. #### HKLM (Machine-Level) | Path | | --------------------------------------------------------------------- | | `HKEY_LOCAL_MACHINE\SOFTWARE\Arksoft Bilisim\SessionLimit v2` | | `HKEY_LOCAL_MACHINE\SOFTWARE\Arksoft Bilisim\SessionLimit Server 2.0` | | `HKEY_LOCAL_MACHINE\SOFTWARE\Arksoft Bilisim\Settings\{GUID}` | #### HKCU / SID-Based (Agent) | Path | | --------------------------------------------------------------------------------------- | | `HKEY_USERS\\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System` | | `HKEY_USERS\\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI` | > Registry exclusions should be evaluated and approved according to the organization’s security policy. ### Network and Behavioral Protection Considerations #### Network Communication SessionLimit relies on the following network communications: | Source | Destination | Protocol / Port | | ------ | --------------------- | ------------------------------- | | Agent | SessionLimit Server | TCP 443 (HTTPS) | | Server | Microsoft SQL Server | TCP 1433 | | Server | Microsoft SQL Browser | UDP 1434 | | Server | Active Directory | TCP/UDP 389 (LDAP) | | Server | Active Directory | TCP 636 (LDAPS, if enabled) | | Server | Global Catalog | TCP 3268 / 3269 (if applicable) | | Server | DNS | TCP/UDP 53 | #### Behavioral / Ransomware Protection SessionLimit Agent may interact with the Windows logon process via supported Credential Provider mechanisms.\ Behavioral protection or ransomware prevention modules should allow these operations to avoid: * Blocked login flows * Missing 2FA challenges * Partial or failed policy enforcement SessionLimit does **not** perform undocumented code injection or unauthorized memory manipulation. ### Security Notice and Disclaimer * The exclusions listed in this document are **recommendations only**. * Final implementation decisions remain the responsibility of the customer’s system and security administrators. * Failure to apply appropriate exclusions may result in: * Incomplete or failed authentication workflows * 2FA mechanisms not triggering as expected * Session limitation policies not being enforced * In such cases, SessionLimit may not be able to guarantee expected security behavior.