Issue
If your device experiences performance issues after installing our endpoint agent, it's likely that other alternative (AV/MDR/EDR/XDR) software is simultaneously scanning the Field Effect endpoint agent as it monitors the device.
If this is the case, your organization may have also received an ARO reporting on the issue:
While Field Effect MDR was designed to operate in conjunction with other EDR solutions, it is not always possible to guarantee the behavior of other products. Although unlikely, the ARO shown above is generated to ensure you are aware that multiple EDR solutions have the capacity to limit, or even interfere with, each solution's effectiveness.
Having multiple security products responding to security events in your environment may lead to unexpected outcomes, including endpoint performance reductions. Enabling Field Effect as the only security solution to actively respond to security events on all servers and workstations across your environment will reduce these risks.
For systems running Microsoft Defender, there is a low likelihood of conflict between Field Effect and Microsoft Defender. The endpoint agent has been designed to work with this Defender and will report on alerts derived from Microsoft Defender via ARO.
Why Field Effect MDR does not require exceptions
Path based exceptions like these are normally used in traditional Antivirus products to perform actions such as scanning changed files for malicious artifacts. We will likely use path-based exclusions when rolling out our static scanning capability in the future.
Field Effect MDR, like most EDRs, uses behavioral based detections. As we come across legitimate software that might trigger a detection(s), we will add specific exceptions for the software that will work in tandem with our behavior detections. Granting a global exclusion can create a significant gap in the protection provided by EDRs, and this can be leveraged by malware actors to bypass detections.
Solution
If you are experiencing issues related to competing cybersecurity products, we recommend adding the following exceptions to your alternative (AV/MDR/EDR/XDR) software:
Windows
Program exceptions:
C:\Program Files\Field Effect\Covalence\bin\covalence-endpoint.exeC:\Program Files\Field Effect\Covalence\bin\CovNotify.exeDirectory exceptions:
C:\Program Files\Field EffectC:\ProgramData\Field EffectFile exceptions:
C:\Windows\system32\drivers\covagent.sysMac
If your firewall exclusions do not allow for wildcards, exclude covalence-esext explicitly:
/Library/Application Support/Covalence/Make the following path root exceptions, where * is a wildcard for the UUID:
/Library/SystemExtensions/*/com.fieldeffect.covalence.esext.systemextension/
If required, add the following per-binary exceptions:
covalence-endpointcovalence-esextcovalence-systraycovalence-healthLinux
Program exceptions:
/opt/fieldeffect/covalence-endpoint/bin/covalence-endpoint/opt/fieldeffect/covalence-endpoint/bin/covalence-health-serviceDirectory exceptions:
/opt/fieldeffect/covalence-endpointFile exceptions:
/opt/fieldeffect/covalence-endpoint/bin/covalence.koWas this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article