Windows Sensor Processes and Paths
Here is the complete list of Windows Sensor processes and paths that you should exclude from your EDR tools and other security applications.
Sensor Processes
| Process Name | Description |
|---|---|
| Cyberhaven.exe | Service that manages all other Cyberhaven processes below |
| CyberhavenBackendConnector.exe | Transfers data to the Cyberhaven backend on behalf of all other processes |
| CyberhavenSystemMonitor.exe | Monitors file system and application file access |
| CyberhavenHealthMonitor.exe | Acts as watchdog for other Cyberhaven processes & sends telemetry to backend |
| CyberhavenNativeProxy.exe | Bridge process connecting to the browser extension |
| CyberhavenSessionMonitor.exe | User session monitoring processes |
| CyberhavenAutoUpdater.exe | Sensor self-upgrade process |
| CyberhavenDis32.exe | Prevention driver (32-bit) |
| CyberhavenDis64.exe | Prevention driver (64-bit) |
| CyberhavenApiMonitorInjector32.exe | Process hooking support (32-bit version) |
| CyberhavenApiMonitorInjector64.exe | Process hooking support (64-bit version) |
| CyberhavenDumpstk.exe | Tool used for inspecting system crashes |
| CyberhavenPwdHash.exe | Tool used to generate a password hash for the uninstall password protection |
| CyberhavenHealthChecker.exe | Tool for manually running health checks |
| CyberhavenUpdaterService.exe | Auto Update helper service. Runs from C:\Windows\Temp. |
| CyberhavenNetworkRedirector.exe | This process redirects HTTPS traffic to Cyberhaven when coverage for certain apps is enabled, like Microsoft Teams. |
| CyberhavenNetworkInspector.exe | This process inspects the redirected HTTPS traffic for sensitive information and applies policies accordingly when coverage for certain apps is enabled, like Microsoft Teams. |
| CyberhavenContentScanner.exe | Performs Data at Rest scanning on the endpoint device, when the feature is enabled. |
Sensor Paths
A Windows device that is running Cyberhaven will have application and configuration data stored in the following paths.
| Directory |
|---|
| %PROGRAMFILES%\Cyberhaven |
| %PROGRAMFILES%\CyberhavenAutoUpdater |
| %PROGRAMDATA%\Cyberhaven |
| %PROGRAMFILES(x86)%\Cyberhaven |
| C:\WINDOWS\SYSTEM32\drivers\Cyberhaven |