This article applies as of PRTG 26
PRTG and antivirus applications
As a monitoring solution, PRTG contains components to retrieve monitoring data from devices. Among others, these contain technologies such as packet sniffing, or libraries to connect to databases. Monitoring needs data, and PRTG uses many ways to gather data. Viruses also excel at gathering data. Antivirus applications cannot always tell the difference.
Antivirus applications installed on the PRTG core server system sometimes block PRTG features and updates. Even if the antivirus does not keep PRTG from working, it can cause other issues on PRTG core server systems.
For example, some users reported high CPU loads as a result of their antivirus application. If your antivirus checks all PRTG folders, that means it checks all monitoring data folders. And if you have many sensors or have been running PRTG for years, the number of files builds up.
Also, antivirus applications can sometimes interrupt actual monitoring. If the antivirus uses the same port as PRTG, it can cause timeout errors and connection problems, for example, Socket Error #10061: Connection refusal from the target system.
You can resolve most issues with antivirus applications on the PRTG core server system in two ways:
- Add PRTG directories and services to the exclusion list or whitelist so that the antivirus always ignores them.
- Disable your antivirus when you install or update PRTG.
Whitelist PRTG directories and services
Our recommendation is to add PRTG directories and services to the exclusion list on your antivirus application if possible. Check the documentation of your antivirus application for how to manage the exclusion list.
If you use Microsoft Defender Antivirus (Windows Defender), we also recommend that you create custom exclusions for the same files that you whitelist in your antivirus application.
For more information on where data in PRTG is stored, see the PRTG Manual: Data Storage.
PRTG directories
The two most important paths to exclude are the following:
- PRTG program directory: %programfiles(x86)\PRTG Network Monitor
- PRTG data directory: %programdata%\Paessler\PRTG Network Monitor
Additionally, PRTG uses a PostgreSQL database with PRTG Database. You might want to add this path to your exclusion list:
- %programfiles%\PostgreSQL
PRTG services
PRTG runs various services on the PRTG core and probe systems. If you have issues with the PRTG core or classic remote probe system restarting after an update, add the PRTG services to the exclusion list.
PRTG core server services
- PRTG Core Server Service
- PRTG Probe Service
- PRTG Application Server
- PRTG Database Server
- PRTG Message Service via NATS (only for integrated NATS server)
PRTG classic remote probe server services
- PRTG Probe Service
Miscellaneous
Depending on how you have PRTG set up, you might need to have additional exclusions. For example, it might be necessary to whitelist the paessler.com domain for auto-updates.
Some antivirus applications flag the PRTG installer and prevent it from running. If you do not want to exclude the entire installer, it might be necessary to focus on installation-specific files, such as prtglicensecheck.exe, which are sometimes protected by external programs.
Note: If you are having issues with the PRTG installer and already confirmed that it is not the fault of your antivirus, it might be a PowerShell script issue. The PRTG installer includes a PostgreSQL setup that runs unsigned PowerShell scripts. If your system requires signed scripts, this may cause the installation to fail.
Disable antivirus as necessary
You can manually disable your antivirus when you want to install or update PRTG.
While this works, it does not solve the issue if the antivirus is causing high CPU load or connection timeouts.
Examples with solutions
Below you can find some examples of real issues from PRTG users and the solution they used:
| Issue | Antivirus software | Solution |
|---|---|---|
| Consistent high CPU load on PRTG core server system | Avira | Excluded the PRTG data directory files (monitoring data) from checks. |
| PDF reports stopped working | ESET | Paused the antivirus and re-ran the PRTG installer to recreate the folder. |
| Auto-update doesn't work | ESET NOD32 | Added the string "paessler.com" to the HTTP address management exclude list of the Web access protection in advanced configuration. |
| PRTG core server did not restart after update | -- | Whitelisted PRTG Core Server Service and PRTG Probe Service. |
Step by step
Imagine: the antivirus on your PRTG core server system deleted the reporter.exe file from the PRTG program directory.
To solve the issue, you need to re-run the PRTG installer to recreate the folder. Your settings and monitoring data are kept.
- Open services.msc.
- Set the PRTG Core Server Service and the PRTG Probe Service services startup type to Manual.
- Create an exception for reporter.exe in your antivirus application and/or Windows Defender. (This is the conservative, only-as-necessary approach.)
- Reboot the PRTG core server to make sure no files are locked during the re-install.
- Run the PRTG installer manually.
- Once the installation finishes, check that the reporter.exe file exists in the PRTG program directory.
- In services.msc, change the PRTG Core Server Service and the PRTG Probe Service services startup type back to Automatic.
- Confirm that both services are running.
Bonus: Monitoring your antivirus
PRTG has multiple native sensors that help keep track of the state of your antivirus application. Some you can use directly as is; others require a script or SNMP traps. Consider using the following sensors to monitor your antivirus:
