Help Center
News
Help Center
News
Popular
Architecture and High-level Information
Scans
Agents
How to Use Dashboards
How to Use Data Asset Inventory
How to Install\Uninstall and Set Up Spirion Sensitive Data Platform
How to Use Logs
How to Manage Users and Roles
Settings and Resources
Additional Resources
Reports
Reporting API
Customer Support Articles
How to Follow Data Through the Search PipelineEndpoint for Windows Configuration Reference GuideEndpoint Software Command Line InterfaceBasic Troubleshooting Steps (Enterprise Console)Endpoints or Results Fail to be Displayed in the ConsoleMongoDB and TLS 1.3SQL Client SQL Exception ErrorHow to Troubleshoot Spirion Client Search Failures and How to WhitelistCustomer Notice – Spirion Agent Update & Security Assessment for PostgreSQLHow to Enable Verbose/Debug Logging for the Endpoint ServiceHow can I monitor the status of a queue job?Can I monitor the job queue status automatically?Troubleshooting: "Unable to find job queue: search_queue"How to Verify the Discovery Agent's StatusHow to check if port 6433 is open on your networkWhat is the SDM Translator Service?How to Create a Single Tenant App for OneDrive and Exchange Online SearchesHow to Configure Spirion for Sybase DiscoveryHow to Use Certificates to Authenticate with SharePoint OnlineHow to Quarantine to a Remote Location Using Spirion Sensitive Data PlatformA Server Error has Occurred: How to use the Chrome Developer ToolsWhy doesn't my Oracle 19c Database scan?How to Enable Full Disk Access on a Mac AgentWhy is My Scan Node Running Out of Disk Space?What to do about Message Processing and Delays, also known as 'Lag,' in SpirionDetails About the Box API used by Spirion to Search Box AccountsHow to Build a Mac Package (PKG)How to Sanitize AgentsHow to Set User and Role AccessHow to Enable SSL Communication between Linux Agents and the Spirion ConsoleHow to Enable HTTPS for the Spirion ConsoleHow to Search BoxFAQ: How do I avoid being prompted to re-login to the Spirion console?Spirion Sensitive Data Platform Scan PerformanceHow to Authenticate to SharePoint On-PremiseHow to Configure Spirion Sensitive Data Platform to Connect to an Oracle DatabaseFAQ: Linux 12.5 Client Package Build WorkaroundTroubleshoot Exchange Online Using Microsoft Graph ExplorerFAQ: What to do when an agent will not start the discovery team scan?Required SQL Server PermissionsHow to Scan Microsoft Teams with Spirion Sensitive Data PlatformField Input Using Linux Machines Anti-virus Alerts Received during Spirion SearchVersion 13.6 MSI Installation Issues - Exe file not signedWhat are common firewall rules needed for distributed scans?
Release Notes

How to Troubleshoot Spirion Client Search Failures and How to Whitelist

When the Spirion Client search fails to run, it’s often due to the client being blocked by an endpoint monitoring tool, antivirus, or application control software. This article explains why this happens and how to fix it by properly whitelisting Spirion components.

Why Spirion Search May Fail

If the Spirion Client is blocked:

  • The search may never start.
  • Or it may start briefly and then stop without any errors in the search log.

This typically happens when security software prevents the Spirion Client from running or communicating normally.

To resolve this, you need to allow (whitelist) Spirion’s files and network access.

How Whitelisting Works

Whitelisting tells your security software to trust and allow specific files, folders, or network connections so that Spirion can run searches without interference.

Depending on your security product, you may be able to:

  • Whitelist an entire folder
  • Or whitelist individual executable files

In most cases, whitelisting the entire Spirion installation folder is the simplest and most reliable option.

Recommended Whitelisting Methods

1. Whitelist the Spirion Installation Folder (Preferred)

Allow the entire Spirion directory to run in your security software:

  • C:\Program Files (x86)\Spirion

2. Whitelist Specific Spirion Executables (if needed)

Include all listed Spirion executables you use — this is a representative sample.

If your security tool cannot whitelist a folder, add each of these executables:

  • C:\Program Files (x86)\Spirion\iacrawl.exe
  • C:\Program Files (x86)\Spirion\IdentityFinder.exe
  • C:\Program Files (x86)\Spirion\IdentityFinderCmd.exe
  • C:\Program Files (x86)\Spirion\idfEndpoint.exe
  • C:\Program Files (x86)\Spirion\idfEndpointWatcher64.exe
  • C:\Program Files (x86)\Spirion\idfextaccess.exe
  • C:\Program Files (x86)\Spirion\idfextaccess64.exe
  • C:\Program Files (x86)\Spirion\idfextcloud.exe
  • C:\Program Files (x86)\Spirion\idfextdatabase.exe
  • C:\Program Files (x86)\Spirion\idfextdatabase64.exe
  • C:\Program Files (x86)\Spirion\idfextdictsearcher.exe
  • C:\Program Files (x86)\Spirion\idfextdictsearcher64.exe
  • C:\Program Files (x86)\Spirion\idfextnosqldb.exe
  • C:\Program Files (x86)\Spirion\idfextnosqldb64.exe
  • C:\Program Files (x86)\Spirion\idfextO2k7.exe
  • C:\Program Files (x86)\Spirion\idfextoutlook.exe
  • C:\Program Files (x86)\Spirion\idfextoutlook64.exe
  • C:\Program Files (x86)\Spirion\idfextpdf.exe
  • C:\Program Files (x86)\Spirion\idfFilter.exe
  • C:\Program Files (x86)\Spirion\idfMessagingSvc.exe
  • C:\Program Files (x86)\Spirion\idfServicesMonitor.exe
  • C:\Program Files (x86)\Spirion\idfshadow64.exe
  • C:\Program Files (x86)\Spirion\MicrosoftInformationProtection\idfextip.exe
  • C:\Program Files (x86)\Spirion\OCR\idfextocr.exe
  • C:\Program Files (x86)\Spirion\OCR\xocr32b.exe
  • C:\Program Files (x86)\Spirion\OCR.Net\idfextocr.exe
  • C:\Program Files (x86)\Spirion\OCR.Net\xocr32b.exe
  • C:\Program Files (x86)\Spirion\Postgres\pgBouncer\pgbouncer.exe
  • (entire folder - (contains 43 executables)) - C:\Program Files (x86)\Spirion\Postgres\pgsql\bin
  • C:\Program Files (x86)\Spirion\SharePoint\idfextwebservices.exe

3. Allow Necessary Network Access

To ensure Spirion can communicate correctly, confirm that the ports and protocols in the table below are not blocked.

Failure to allow these ports/protocols can result in failed communication or blocked searches.

Requirement

Notes

Ports: 80, 443, 8080

Used for Agent communication

Ports: 443, 5433, 6433

Used by Spirion Sensitive Data Platform

Protocol: SOAP

Must be allowed

4. Special Note for CrowdStrike Users

If your endpoints use CrowdStrike as an EDR or monitoring tool:

  • You may need to add exclusions in multiple places in the CrowdStrike console.
  • CrowdStrike can block processes without showing alerts.

Refer to CrowdStrike’s documentation on how to create process and file exclusions for best results.

5. Whitelisting DLLs (CrowdStrike Environments Only)

In environments where CrowdStrike is installed, you may also need to whitelist related DLLs that Spirion uses.

This includes DLLs that contain unique customer identifiers (shown as ##### in the DLL names).

Example DLL whitelist entries (replace ##### with your customer-specific value):

C:\Windows\System32\ScriptControl64_#####.dll  
C:\Windows\System32\CrowdStrike.Sensor.ScriptControl#####.dll
C:\Windows\System32\umppc#####.dll
...
C:\Windows\SysWOW64\ScriptControl32_#####.dll

Temporary Scan Files to Watch For

When a scan runs from the endpoint or via a Scheduled Task, temporary files are created in these locations and could trigger security alerts:

  • C:\Users\<username>\AppData\Local\Temp\IDFTmpDir
  • Default Spirion TEMP folder: C:\Windows\Temp\IDFTmpDir

Add these locations to your whitelist if your security software flags temporary scan files.

Tips & Best Practices

✔ Whitelist the entire Spirion folder first.

✔ Verify network ports and SOAP protocol access.

✔ Check for hidden blocks — some EDRs do not produce alerts.

✔ Test after whitelisting to ensure Spirion searches run normally.

Still Seeing Issues?

If searches are still blocked after whitelisting:

  • Check your endpoint monitoring tool’s logs for blocked processes,
  • Confirm that your whitelist settings are applied at all policy levels,
  • Consult your security product’s documentation for specific exclusion syntax and requirements.


Was this article helpful?

Powered by Product Fruits