Resilio Agent works on the files level and is going to extensively access files in the configured jobs. If your organization is using any anti-malware solution, likely you have it installed and the on-access scanner intercepts all the disk requests to scan files for possible malwares.
Possible negative effects that the anti-malware may cause:
- Significant disk performance drop due to files scan
- Significant increase in disk latency as disk read/write operations are hold off until scanned
- Possible disk threads lock-ups due to interoperability issues
- Connect components installation blocked
- Full file hydration with enabled progressive hydration in Resilio 4.2.0. Antimalware software scans initiate full hydration—causing all data blocks to be downloaded locally, even if the user did not explicitly request access. This undermines the storage and performance benefits of progressive hydration.
To address this, general recommendation to add a set of exclusions:
- The Agent executable.
Windows:C:\Program Files\Resilio Connect Agent\Resilio Connect Agent.exe
Mac:/Applications/Resilio Connect Agent - The Agent's storage folder. See actual paths in this article.
- The Resilio Agent Job folder
List of anti-malware vendors with known compatibility issues
Security warning:
While exclusions may reduce unintended hydration, they also lower the system’s malware defense in those directories. Apply exclusions only when absolutely necessary, and assess the risk based on your environment's threat model and security policy.- Centrally, via Group Policy or Microsoft Endpoint Manager (Intune) for domain-joined environments.
-
Locally, through Windows Security settings on individual machines.
How to Configure Exclusions
For full instructions on adding exclusions to Microsoft Defender Antivirus, refer to the official Microsoft documentation:
Configure custom exclusions for Microsoft Defender Antivirus
Virus and Threat Protection in the Windows Security App
- Bitdefender performs scheduled or on-access scans
- Files are being indexed or backed up
- Security policies enforce deep scanning of cloud-synced or placeholder files
The result is that files which are meant to be streamed on-demand are fully downloaded to disk, increasing bandwidth usage and defeating storage optimization goals.
To mitigate these effects:
- Add exclusions for the folders managed by Resilio Agent, either via the Bitdefender GravityZone Control Center or local policy settings.
- Exclude both file paths and processes (e.g., Resilio agent executables) where appropriate.
- Consider disabling scan-on-close or scan archive contents for specific directories, if policy allows.
- Regularly audit hydration behavior to ensure exclusions are effective and not impacting endpoint protection posture.
How to Configure Exclusions
You can configure exclusions in Bitdefender through the central management console or directly on the client. For complete, up-to-date instructions, refer to:
How to exclude files and folders from Bitdefender Antivirus scan
For enterprise deployments using GravityZone: GravityZone - Manage exclusions
- Increased local disk usage
- Elevated bandwidth consumption
- Potential performance degradation
- Disruption of storage optimization strategies
Recommendation
- Add directory and process exclusions for trusted applications or storage paths.
In CB Cloud/EDR, define Custom Bypass Rules for specific behaviors (e.g., allow reads from designated paths without triggering full scanning). - Avoid using aggressive scanning policies (e.g., scan-on-read or sandbox-on-access) on known streamed or virtualized storage locations.
- Monitor Carbon Black logs and correlate with file system telemetry to identify hydration triggers.
You can create exclusions through the Carbon Black cloud console (CB Defense or EDR) or via policy definitions. Refer to official documentation for detailed guidance:
Setting up Exclusions in the Carbon Black Cloud Console for AV Products
Sophos intercepts a wide range of file operations as part of its Runtime Protection and Deep Learning engines that often cause files to be opened, analyzed, or sandboxed, even when no explicit user interaction has occurred.
Observed Effects
- Resilio Agent installation is blocked.
- Files are fully downloaded on scan or metadata access
- Increased I/O and bandwidth usage
Recommendation
- Use Scanning Exclusions to exclude specific folders associated with streamed or virtualized storage.
- Optionally exclude known-trusted processes from triggering real-time scans (e.g., file sync agents).
- Disable scan-on-read for specific directories, if permitted by policy.
- Adjust ransomware and behavioral rules to avoid monitoring hydrated file paths where high I/O activity is expected.
How to Configure Exclusions
Sophos supports file, folder, extension, and process exclusions via both Sophos Central and local configuration tools. For detailed steps, refer to official documentation:
Sophos - Global Exclusions
- Full hydration of files
- Increased network traffic and disk usage
- Reduced storage efficiency
- Potential performance degradation during file indexing or scanning
Recommendation
- Configure folder and process exclusions in SEP to prevent scanning of directories used by file streaming applications.
- Use centralized policies via the Symantec Endpoint Protection Manager (SEPM) or local client configuration for standalone systems.
- Disable or tune specific features (e.g., Insight Lookup or scan-on-close) where appropriate and safe.
- Regularly audit hydration triggers using SEP logs and Windows file access telemetry (e.g., ETW or Process Monitor) to refine exclusions.
How to Configure Exclusions
SEP allows detailed exclusions for:
- File paths
- Extensions
- Processes
- Mount points (e.g., network shares, cloud sync directories)
For detailed instructions, refer to official documentation:
Applying exceptions to scans in Symantec Endpoint Protection
Configuring Exceptions policies in Endpoint Protection Manager