TABLE OF CONTENTS
- Technical Details
As a general matter, encrypted files are not vulnerable to viruses and antivirus software cannot scan encrypted files. As a result, you will want to configure your antivirus software to exclude scans of the Atakama Vault and .kama files. For example, Sophos offer the ability via their extension configuration page to exempt files based on file extensions. If you do not exclude the Atakama Vault and .kama files from your antivirus scan you will receive a MofNop every time the antivirus software attempts to scan an Atakama encrypted file.
In addition, Antivirus software uses heuristic analysis as a method to detect unknown computer viruses. This method sometimes mistakenly identifies downloadable software, such as Atakama, as malware. The method can also sometimes block legitimate communications between the Atakama desktop client and the Atakama Mobile app.
If you are running the following antivirus software, you should not need to change your current configuration when installing Atakama:
Bitdefender Total Security
Microsoft Security Essentials
Sophos Home Edition
Symantec Endpoint Protection Cloud
Webroot Business Endpoint Protection.
If you are running other antivirus software and encounter issues with Atakama installation, the following should ensure proper Atakama functionality:
Review your antivirus software's whitelist instructions. Searching online for your antivirus software plus the keyword "whitelist" should bring up the relevant instructions. Add "Atakama.exe" (located in C:\Program Files\Atakama) and add wss://relay.atakama.com:443 to the whitelist if you experience an issue during installation/setup of Atakama.
During installation you may see a pop-up notification to block "vidable.exe". Do not approve this block.
Do not add Atakama to the quarantine list if the antivirus software incorrectly detected Atakama as an application with suspicious activity.
If you are running SentinelOne, we recommend adding the following path exclusions (make sure to include subfolders):
- C:\Program Files\Atakama\
Whitelisting Application Binaries
Several binaries are installed as part of Atakama, all of which will need to be whitelisted to ensure proper application functionality. There are potentially several ways of doing this:
- Whitelist by Certificate
- Whitelist by File
- Whitelist by Folder
All binaries, DLLs, and scripts included in the installer are signed with the same certificate. By whitelisting the certificate, you can more easily ensure that the application and any future components all function without interruption. Keep in mind, this certificate is different than the one used to establish SSL connections described in the networking section.
CN = SSL.com EV Code Signing Intermediate CA RSA R3
O = SSL Corp
L = Houston
S = Texas
C = US
Files and Folders
If whitelisting by certificate is not an option, or you would rather whitelist by file or folder, then consult the following table for a list of all applicable paths. Note: all file paths are relative to the installation root. This is typically C:\Program Files\Atakama.
|Path||File or Folder||File Type||Required|
Whitelisting Network Connections (Proxy servers and firewalls)
Atakama relies on a few remote components as part of normal application function. Please ensure the following connections are whitelisted accordingly.
|Service||Domain Name||Resource (if HTTPS)||Port||Protocol|
|Relay Server||relay.atakama.com||443||WebSocket (wss://)|
|Licensing Server||service.atakama.com||/license||443||HTTPS (https://)|
|Bug Reporter||service.atakama.com||/bugreporter/dump||443||HTTPS (https://)|
|OneDrive (if applicable)||login.microsoft.com||443||HTTPS (https://)|
Note: Setting up a bypass for *.atakama.com on proxy servers should fix license activation issues that might not appear during initial setup.
In addition to whitelisting Atakama application files and network connections, it may also be desirable to exclude encrypted files from antivirus and antimalware scans. The Atakama installer will attempt to do this automatically for Windows Security during installation by running a PowerShell script, but this can fail due to a strict execution policy.
It is recommended that you exclude all .kama files from automatic scans, as these files are encrypted and thus scanning them is unnecessary and can introduce performance issues.
You can see the exclusion in Windows Security by going to the "Virus & threat protection" section, clicking "Manage settings", and then clicking "Add or remove exclusions" towards the bottom of that page.
In addition to excluding Atakama-encrypted files, the Atakama Vault must be excluded from all scans or backup applications. As mentioned in the summary, if this directory is not excluded from scans or backups, the active user will receive file open MofNops for every file that is scanned. This is undesirable, not only because the user will be inundated with erroneous requests, but also because this directory is only a virtual filesystem. Take a look at this article for more information.
The vault is located in the active user's home directory in a folder called Atakama. Using an environment variable, this can be generalized as follows: