Autonomous DEM
Windows Processes to be Allowlisted on EDR Deployments
Table of Contents
Expand All
|
Collapse All
Autonomous DEM Docs
-
-
- AI-Powered ADEM
- Autonomous DEM for China
-
-
- AI-Powered ADEM
- Access Experience Agent 5.1
- Access Experience Agent 5.3
- Access Experience Agent 5.4
Windows Processes to be Allowlisted on EDR Deployments
Allow the agent processes on EDR for ADEM to function properly.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
If you use a third-party EDR, you must allow the following Windows agent processes on the
EDR for ADEM to function properly. Examples of EDRs that require this
include:
- CrowdStrike
- Trellix
- SentinelOne
- ADEM Agents 5.3 and Earlier
Windows Process Process Process Description User/Permission Level C:\Program Files\Palo Alto Networks\DEM\DEMAgentProcess.exe The main agent process that provides portal connectivity and test coordination Local System C:\Program Files\Palo Alto Networks\DEM\bin\BMTR.exe Performs TCP path traces. Local System C:\Program Files\Palo Alto Networks\DEM\bin\curl.exe Application Performance test using Curl. Network Service C:\Program Files\Palo Alto Networks\DEM\bin\mtr.exe Invokes the mtr process for path traces. Network Service C:\Program Files\Palo Alto Networks\DEM\bin\mtr-packet.exe Path trace test for showing path visualization data on ADEM portal. Network Service C:\Program Files\Palo Alto Networks\DEM\bin\tcping.exe Network performance test for applications using TCP ping. Network Service C:\Program Files\Palo Alto Networks\DEM\DEMAgentService.exe Launcher for the main agent process. It isolates the integration with the Windows Service subsystem. Local System C:\Program Files\Palo Alto Networks\DEM\DEMPortalProcess.exe Communicates with the portal on behalf of the agent. It is isolated in a separate process so it can run with suitable permissions. Network Service C:\Program Files\Palo Alto Networks\DEM\deployment\DEMUpdateService.exe Provides upgrade functionality. Local System "C:\Program Files\Palo Alto Networks\DEM\Feature-Self-Service\Access Experience.exe" The Windows Status Tray application that provides the launcher for the Access Experience UI and raises desktop notifications for the user. Logged-in User C:\Program Files\Palo Alto Networks\DEM\Feature-Self-Service\createdump.exe Part of the application runtime required by Windows. N/A: This is a code-level dependency that does not get executed. C:\Program Files\Palo Alto Networks\DEM\Feature-Self-Service\DEMAnalyticsProcess.exe Performs data collection and processing for the End User Coaching and Self Service features. Local Service - ADEM Agent 5.4
Windows Process Process Process Description User/Permission Level C:\Program Files\Palo Alto Networks\DEM\DEMAgentProcess.exe The main agent process that provides portal connectivity and test coordination. Local System C:\Program Files\Palo Alto Networks\DEM\DEMBios.exe A utility that extracts the BIOS serial number for use by the update service. Local System C:\Program Files\Palo Alto Networks\DEM\bin\BMTR.exe Performs TCP path traces. Local System C:\Program Files\Palo Alto Networks\DEM\bin\curl.exe Application Performance test using Curl. Network Service C:\Program Files\Palo Alto Networks\DEM\bin\mtr.exe Invokes the mtr process for path traces. Network Service C:\Program Files\Palo Alto Networks\DEM\bin\mtr-packet.exe Path trace test for showing path visualization data on ADEM portal. Network Service C:\Program Files\Palo Alto Networks\DEM\bin\tcping.exe Network performance test for applications using TCP ping. Network Service C:\Program Files\Palo Alto Networks\DEM\DEMAgentService.exe Launcher for the main agent process. It isolates the integration with the Windows Service subsystem. Local System C:\Program Files\Palo Alto Networks\DEM\DEMPortalProcess.exe Communicates with the portal on behalf of the agent. It is isolated in a separate process so it can run with suitable permissions. Network Service C:\Program Files\Palo Alto Networks\DEM\deployment\DEMUpdateService.exe Provides upgrade functionality. Local System C:\Program Files\Palo Alto Networks\DEM\EProxy.exe Utility tool for debugging purpose, doesn't get executed. N/A: This is a code-level dependency that does not get executed. "C:\Program Files\Palo Alto Networks\DEM\Feature-Self-Service\Access Experience.exe" The Windows Status Tray application that provides the launcher for the Access Experience UI and raises desktop notifications for the user. Logged-in User C:\Program Files\Palo Alto Networks\DEM\Feature-Self-Service\createdump.exe Part of the application runtime required by Windows. N/A: This is a code-level dependency that does not get executed. C:\Program Files\Palo Alto Networks\DEM\Feature-Self-Service\DEMAnalyticsProcess.exe Performs data collection and processing for the End User Coaching and Self Service features. Local Service - ADEM Agent 5.5
Windows Process Process Process Description User/Permission Level C:\Program Files\Palo Alto Networks\DEM\DEMAgentProcess.exe The main agent process that provides portal connectivity and test coordination. Local System C:\Program Files\Palo Alto Networks\DEM\DEMAgentCLI.exe Utility tool for debugging purpose, doesn't get executed. N/A: This is a code-level dependency that does not get executed. C:\Program Files\Palo Alto Networks\DEM\DEMBios.exe A utility that extracts the BIOS serial number for use by the update service. Local System C:\Program Files\Palo Alto Networks\DEM\BMTR.exe Performs TCP path traces. Local System C:\Program Files\Palo Alto Networks\DEM\Crypter.exe Utility tool for debugging purpose, doesn't get executed. N/A: This is a code-level dependency that does not get executed. C:\Program Files\Palo Alto Networks\DEM\curl.exe Application Performance test using Curl. Network Service C:\Program Files\Palo Alto Networks\DEM\EProxy.exe Utility tool for debugging purpose, doesn't get executed. N/A: This is a code-level dependency that does not get executed. C:\Program Files\Palo Alto Networks\DEM\mtr.exe Invokes the mtr process for path traces. Network Service C:\Program Files\Palo Alto Networks\DEM\mtr-packet.exe Path trace test for showing path visualization data on ADEM portal. Network Service C:\Program Files\Palo Alto Networks\DEM\tcping.exe Network performance test for applications using TCP ping. Network Service C:\Program Files\Palo Alto Networks\DEM\DEMAgentService.exe Launcher for the main agent process. It isolates the integration with the Windows Service subsystem. Local System C:\Program Files\Palo Alto Networks\DEM\DEMPortalProcess.exe Communicates with the portal on behalf of the agent. It is isolated in a separate process so it can run with suitable permissions. Network Service C:\Program Files\Palo Alto Networks\DEM\deployment\DEMUpdateService.exe Provides upgrade functionality. Local System "C:\Program Files\Palo Alto Networks\DEM\Feature-Self-Service\Access Experience.exe" The Windows Status Tray application that provides the launcher for the Access Experience UI and raises desktop notifications for the user. Logged-in User C:\Program Files\Palo Alto Networks\DEM\Feature-Self-Service\DEMAnalyticsProcess.exe Performs data collection and processing for the End User Coaching and Self Service features. Local Service - ADEM Agent 5.6
Windows Process Process Process Description User/Permission Level C:\Program Files\Palo Alto Networks\DEM\NativeMessagingHost.exe Communicates with the real-user monitor extension. Local System C:\Program Files\Palo Alto Networks\DEM\DEMAgentProcess.exe The main agent process that provides portal connectivity and test coordination. Local System C:\Program Files\Palo Alto Networks\DEM\DEMAgentCLI.exe Utility tool for debugging purpose, doesn't get executed. N/A: This is a code-level dependency that does not get executed. C:\Program Files\Palo Alto Networks\DEM\DEMBios.exe A utility that extracts the BIOS serial number for use by the update service. Local System C:\Program Files\Palo Alto Networks\DEM\BMTR.exe Performs TCP path traces. Local System C:\Program Files\Palo Alto Networks\DEM\Crypter.exe Utility tool for debugging purpose, doesn't get executed. N/A: This is a code-level dependency that does not get executed. C:\Program Files\Palo Alto Networks\DEM\curl.exe Application Performance test using Curl. Network Service C:\Program Files\Palo Alto Networks\DEM\EProxy.exe Utility tool for debugging purpose, doesn't get executed. N/A: This is a code-level dependency that does not get executed. C:\Program Files\Palo Alto Networks\DEM\mtr.exe Invokes the mtr process for path traces. Network Service C:\Program Files\Palo Alto Networks\DEM\mtr-packet.exe Path trace test for showing path visualization data on ADEM portal. Network Service C:\Program Files\Palo Alto Networks\DEM\tcping.exe Network performance test for applications using TCP ping. Network Service C:\Program Files\Palo Alto Networks\DEM\DEMAgentService.exe Launcher for the main agent process. It isolates the integration with the Windows Service subsystem. Local System C:\Program Files\Palo Alto Networks\DEM\DEMPortalProcess.exe Communicates with the portal on behalf of the agent. It is isolated in a separate process so it can run with suitable permissions. Network Service C:\Program Files\Palo Alto Networks\DEM\deployment\DEMUpdateService.exe Provides upgrade functionality. Local System "C:\Program Files\Palo Alto Networks\DEM\Feature-Self-Service\Access Experience.exe" The Windows Status Tray application that provides the launcher for the Access Experience UI and raises desktop notifications for the user. Logged-in User C:\Program Files\Palo Alto Networks\DEM\Feature-Self-Service\DEMAnalyticsProcess.exe Performs data collection and processing for the End User Coaching and Self Service features. Local Service - ADEM Agent 5.7
Windows Process Process Process Description User/Permission Level C:\Program Files\Palo Alto Networks\DEM\NativeMessagingHost.exe Communicates with the real-user monitor extension. Local System C:\Program Files\Palo Alto Networks\DEM\DEMAgentProcess.exe The main agent process that provides portal connectivity and test coordination. Local System C:\Program Files\Palo Alto Networks\DEM\DEMAgentCLI.exe Utility tool for debugging purpose, doesn't get executed. N/A: This is a code-level dependency that does not get executed. C:\Program Files\Palo Alto Networks\DEM\DEMBios.exe A utility that extracts the BIOS serial number for use by the update service. Local System C:\Program Files\Palo Alto Networks\DEM\BMTR.exe Performs TCP path traces. Local System C:\Program Files\Palo Alto Networks\DEM\Crypter.exe Utility tool for debugging purpose, doesn't get executed. N/A: This is a code-level dependency that does not get executed. C:\Program Files\Palo Alto Networks\DEM\curl.exe Application Performance test using Curl. Network Service C:\Program Files\Palo Alto Networks\DEM\EProxy.exe Utility tool for debugging purpose, doesn't get executed. N/A: This is a code-level dependency that does not get executed. C:\Program Files\Palo Alto Networks\DEM\mtr.exe Invokes the mtr process for path traces. Network Service C:\Program Files\Palo Alto Networks\DEM\mtr-packet.exe Path trace test for showing path visualization data on ADEM portal. Network Service C:\Program Files\Palo Alto Networks\DEM\tcping.exe Network performance test for applications using TCP ping. Network Service C:\Program Files\Palo Alto Networks\DEM\DEMAgentService.exe Launcher for the main agent process. It isolates the integration with the Windows Service subsystem. Local System C:\Program Files\Palo Alto Networks\DEM\DEMPortalProcess.exe Communicates with the portal on behalf of the agent. It is isolated in a separate process so it can run with suitable permissions. Network Service C:\Program Files\Palo Alto Networks\DEM\deployment\DEMUpdateService.exe Provides upgrade functionality. Local System "C:\Program Files\Palo Alto Networks\DEM\Feature-Self-Service\Access Experience.exe" The Windows Status Tray application that provides the launcher for the Access Experience UI and raises desktop notifications for the user. Logged-in User C:\Program Files\Palo Alto Networks\DEM\Feature-Self-Service\DEMAnalyticsProcess.exe Performs data collection and processing for the End User Coaching and Self Service features. Local Service Processes to be Allowlisted to Monitor LAN Health When Local Network Access is Blocked C:\Program Files\Palo Alto Networks\DEM\DEMLocalNetworkTestProcess.exe Dedicated process for local network ping tests. Local System C:\Program Files\Palo Alto Networks\DEM\BMTR-Local.exe Local network specific utility to perform TCP path traces.Local System C:\Program Files\Palo Alto Networks\DEM\LocalNetwork\mtr.exe Local network specific utility to perform ICMP path traces. Network Service C:\Program Files\Palo Alto Networks\DEM\LocalNetwork\mtr-packet.exe Works with the local network specific mtr process to provide path trace functionality to the agent. Network Service