Best practices for using Code42 with antivirus or EDR software

Last updated
Save as PDF

Who is this article for?

CrashPlan Cloud

CrashPlan for Small Business

CrashPlan On-Premises

Find your product plan in the Code42 console on the Account menu.
Not a CrashPlan On-Premises customer? Search or browse Incydr and Instructor, CrashPlan Cloud, or CrashPlan for Small Business.

Instructor, no.

Incydr Professional, Enterprise, Gov F2, and Horizon, no.

Incydr Basic, Advanced, and Gov F1, no.

CrashPlan Cloud, no.

Retired product plans, yes.

CrashPlan for Small Business, no.

Overview

Code42 complements the functionality of antivirus or endpoint detection and response (EDR) programs. However, when the Code42 app and these other programs are installed on the same device, they might compete for locked files and system resources, causing heavy CPU usage.

As a result, we recommend configuring your antivirus or other endpoint security programs to exclude Code42. We also recommend configuring the Code42 app to exclude from backup the cache files created by the antivirus EDR programs.

Follow this process if you are using applications like:

Carbon Black Cb Defense
Carbon Black Cb Response
CrowdStrike Falcon
Kaspersky Endpoint Security for Business
McAfee AntiVirus
McAfee Endpoint Threat Defense and Response
Sophos Intercept X

Configure your antivirus or EDR app to exclude Code42

Code42 app backs up your existing files, but only creates two types of files: backup archives and cache files. Learn more about the Code42 file types below.

Backup archives

The contents of backup archives are compressed and encrypted. Even if a backup archive contains a malicious file, antivirus or EDR software cannot inspect the contents of an archive. Furthermore, malicious files cannot activate or spread while in a compressed and encrypted form.

Most importantly, backup archives only contain data that is already stored elsewhere. To detect malicious files, scan the source, not the backup archive.

Cache files

The cache files are benign records of Code42 operations. They only contain information about Code42 activity, and therefore they can be ignored by scans.

Step 1: Exclude Code42 app folders

Some programs operate by scanning folders. We recommend excluding Code42 app folders from live scans.

Windows folders

Use	Folder
Main application	Version 8.2 and later: C:\Program Files\Code42 Version 8.0 and earlier: C:\Program Files\CrashPlan
Service log files	C:\ProgramData\CrashPlan\log
UI log files	Versions 6.5 and earlier: C:\ProgramData\CrashPlan\log Versions 6.5.1 and later: C:\Users\<username>\AppData\Local\CrashPlan\log
Transient caches	C:\ProgramData\CrashPlan\cache
Code42 app configuration file	C:\Program Files\CrashPlan\CrashPlanService.ini Code42 app version 6.x only
Identity file	C:\ProgramData\CrashPlan\.identity
Files for customizing the desktop graphic interface	Versions 4.4 through 4.7: C:\ProgramData\CrashPlan\conf\custom.properties C:\ProgramData\CrashPlan\skin\custom Versions 4.8 and later: C:\ProgramData\CrashPlan\conf\custom.properties C:\ProgramData\CrashPlan\skin\custom C:\ProgramData\CrashPlan\lang\custom

If the Code42 app is installed per user, exclude these folders.

Mac folders

Use	Folder
Main application	Version 8.2 and later: /Applications/Code42.app/ Version 8.0 and earlier: /Applications/CrashPlan.app/
Service log files	/Library/Logs/CrashPlan
UI log files	~/Library/Logs/CrashPlan To view this hidden folder, open the Finder, press Command-Shift-G, and enter the folder path.
Transient caches	/Library/Caches/CrashPlan
Code42 app configuration file	Version 8.2 and later: /Library/LaunchDaemons/com.code42.service.plist Version 8.0 and earlier: /Library/LaunchDaemons/com.crashplan.engine.plist
Identity file	/Library/Application Support/CrashPlan/.identity
Files for customizing the desktop graphic interface	Versions 4.4 through 4.7: /Library/Application Support/CrashPlan/conf/custom.properties /???Library/Application Support/CrashPlan/skin/custom Versions 4.8 through 6.0: /Library/Application Support/CrashPlan/conf/custom.properties /???Library/Application Support/CrashPlan/skin/custom /???Library/Application Support/CrashPlan/lang/custom Version 6.5 introduced a new process for customizing the Code42 app.

If the Code42 app is installed per user, exclude these folders.

Linux folders

Use	Folder
Main application	/usr/local/crashplan
Service log files	/usr/local/crashplan/log
UI log files	Version 6.8.1 and earlier: /usr/local/crashplan/log Version 6.8.2 and later: ~/.code42/log
Transient caches	/usr/local/crashplan/cache
Code42 app configuration file	/usr/local/crashplan/bin/run.conf
Identity file	/var/lib/crashplan/.identity
Files for customizing the desktop graphic interface	Versions 4.4 through 4.7: /var/lib/crashplan/conf/custom.properties /???var/lib/crashplan/skin/custom Versions 4.8 and later: /var/lib/crashplan/conf/custom.properties /???var/lib/c???rashplan/skin/custom /???var/lib/c???rashplan/lang/custom

Step 2: Exclude the Code42 service

Antivirus and EDR programs might also monitor the processes running on your device, so we recommend excluding the Code42 service.

If the Code42 app is installed per user, exclude these folders for the Code42 service.

Configure Code42 to exclude your antivirus or EDR cache files

As antivirus and EDR applications scan your device, they create cache files. Depending on your file selection, Code42 may attempt to back up these cache files. We recommend excluding these caches from your file selection for several reasons:

The need to restore these cache files is very unlikely.
Antivirus and EDR applications might attempt to scan Code42's cache files of their cache, which causes an endless loop.

To exclude your antivirus cache from your backup:

Consult your antivirus program's documentation to find the antivirus cache location.
Sign in to your administration console.
Go to Settings > Device Backup > Backup.
Use the File Selection settings to exclude the antivirus cache location for all devices in your Code42 environment.
Click Save.

Restore considerations

Restoring a large amount of files may cause your antivirus or EDR program to examine each file as Code42 restores it. This causes your restore job to take longer than usual. To speed up the restore, pause the antivirus or EDR program.