>
    Strata Copilot
    Prisma Browser Guide to Performance and Security Exclusions
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma Browser
    3. Prisma Browser Guide to Performance and Security Exclusions
    Download PDF
    Prisma Browser

    Prisma Browser Guide to Performance and Security Exclusions

    Table of Contents

    Prisma Browser Guide to Performance and Security Exclusions

    Guide to Performance and Security Exclusion
    Prisma Browser operates using multiple processes and continuous read/write operations within its profile directory. Consequently, antivirus and Endpoint Detection and Response (EDR) tools that scan every file access or hook every process can lead to performance degradation, such as high CPU/Disk I/O and UI lag. In some instances, these security tools may also cause installation or update failures by blocking legitimate browser binaries.
    This guide provides IT administrators with optional exclusion paths for Windows, macOS, and Linux. Applying these exclusions selectively can reduce scanning overhead and improve overall browser performance.

    Windows

    Paths use environment variables: `%PROGRAMFILES%` is typically `C:\Program Files`, and `%LOCALAPPDATA%` is the current user’s AppData Local folder. Installations may be system-wide (elevated) or per-user; use the column that matches your deployment.
    Directories often considered for performance-oriented scan reduction
    AreaSystem Level InstallationPer-user installationNotes
    User profile%LOCALAPPDATA%\Palo Alto Networks\PrismaAccessBrowser\User Data%LOCALAPPDATA%\Palo Alto Networks\PrismaAccessBrowser\User DataConfigurations, caches, databases; very high I/O. Strong performance impact if heavily scanned
    Application%PROGRAMFILES%\Palo Alto Networks\PrismaAccessBrowser%LOCALAPPDATA%\Palo Alto Networks\PrismaAccessBrowser\Application
    Updated%PROGRAMFILES%\Palo Alto Networks\PrismaAccessBrowserUpdater%LOCALAPPDATA%\Palo Alto Networks\PrismaAccessBrowserUpdater
    Extension storage under the profile (for example paths under `User Data` that include `Extensions`) may be excluded for performance in some designs; that further reduces visibility into extension-related files—evaluate carefully.
    Executables commonly allowlisted or trusted by path (examples)
    ComponentSystem-levelPer-user
    Browser%PROGRAMFILES%\Palo Alto Networks\PrismaAccessBrowser\Application\PrismaAccessBrowser.exe%LOCALAPPDATA%\Palo Alto Networks\PrismaAccessBrowser\Application\PrismaAccessBrowser.exe
    Anti-tamper%PROGRAMFILES%\Palo Alto Networks\PrismaAccessBrowser\Application\*\PrismaAccessBrowserGuard.exe%LOCALAPPDATA%\Palo Alto Networks\PrismaAccessBrowser\Application\*\PrismaAccessBrowserGuard.exe
    Update%PROGRAMFILES%\Palo Alto Networks\PrismaAccessBrowserUpdater\<VERSION>\updater.exe%LOCALAPPDATA%\Palo Alto Networks\PrismaAccessBrowserUpdater\<VERSION>\updater.exe
    `<VERSION>` changes with updates; where your security product allows, a parent directory rule may be easier to maintain than per-version paths. Alternatively you can use * to target all versions.

    macOS

    Areasystem-widePer-userNotes
    Application/Applications/Prisma Access Browser.app//Users/<user>/Library/Applications/Prisma Access Browser.app/Many organizations scope trust or reduced scanning to the signed application bundle.
    User-profile/Users/<user>/Library/Application Support/PAB/Prisma Access Browser//Users/<user>/Library/Application Support/PAB/Prisma Access Browser/Strong performance impact if heavily scanned.
    Updater/Library/Application Support/PAB/PrismaAccessBrowserUpdater~/Library/Application Support/PAB/PrismaAccessBrowserUpdater
    <user> changes based on the logged in user. You can use * to target all versions.

    Linux

    AreaSystem-widePer-user
    Application`/opt/paloaltonetworks/pab/`Not applicable for typical system package layout
    User Profile`~/.config/Palo Alto Networks/PrismaAccessBrowser``~/.config/Palo Alto Networks/PrismaAccessBrowser`

    © 2026 Palo Alto Networks, Inc. All rights reserved.