Troubleshooting High CPU & RAM Usage and Functionality Issues in Timus Connect Application on Windows

Overview:

This article provides troubleshooting steps to resolve common issues related to high CPU and RAM usage, as well as functionality disruptions in the Timus Connect application. It aims to assist in identifying and addressing problems that may arise due to antivirus or endpoint protection software blocking key executables or interfering with the application's native operations. By following these guidelines, users can ensure smooth performance and prevent potential conflicts that could lead to prolonged processes or system slowdowns.

To ensure full compatibility and performance of the Timus Connect application, it is critical that all related executable files are properly whitelisted in both Antivirus (AV) and Endpoint Protection Platform (EPP) tools.

Failing to whitelist these files may cause:

  • High CPU and memory usage
  • Stuck or unresponsive processes
  • VPN connection failures
  • Performance degradation due to blocked native API calls or memory hooks

Modern AV/EPP solutions may block more than just the executable file. They often inspect runtime behavior, command-line parameters and system-level API calls. Therefore, it is essential to allow not only the executables but also their full runtime behavior.


βœ… Required Executables for Whitelisting

The following files must be excluded from scanning, behavioral analysis, and execution restrictions:

C:\Program Files\Timus Connect\Timus Connect.exe
C:\Program Files\Timus Connect\Uninstall Timus Connect.exe
C:\Program Files\Timus Connect\resources\elevate.exe
C:\Program Files\Timus Connect\resources\service\timus-connect-service.exe
C:\Program Files\Timus Connect\resources\service\timus-helper-service.exe
C:\Program Files\Timus Connect\resources\service\lib\win\nss\win32\certutil.exe
C:\Program Files\Timus Connect\resources\service\lib\win\nss\win32\modutil.exe
C:\Program Files\Timus Connect\resources\service\lib\win\nss\win32\pk12util.exe
C:\Program Files\Timus Connect\resources\service\lib\win\nss\win32\shlibsign.exe
C:\Program Files\Timus Connect\resources\service\lib\win\nss\win64\certutil.exe
C:\Program Files\Timus Connect\resources\service\lib\win\nss\win64\modutil.exe
C:\Program Files\Timus Connect\resources\service\lib\win\nss\win64\pk12util.exe
C:\Program Files\Timus Connect\resources\service\lib\win\nss\win64\shlibsign.exe
C:\Program Files\Timus Connect\resources\service\lib\win\openvpn\openssl.exe
C:\Program Files\Timus Connect\resources\service\lib\win\openvpn\openvpn.exe
C:\Program Files\Timus Connect\resources\service\lib\win\openvpn\openvpn_2.4.exe
C:\Program Files\Timus Connect\resources\service\lib\win\openvpn\tapctl.exe
C:\Program Files\Timus Connect\resources\service\lib\win\openvpn\tuntap_win\tapctl.exe
C:\Program Files\Timus Connect\resources\service\lib\win\openvpn\tuntap_win\tapinstall.exe
C:\Program Files\Timus Connect\resources\service\lib\win\telemetry\timus-telemetry.exe
C:\Program Files\Timus Connect\resources\service\lib\win\wireguard\amd64\timus-wireguard-tunnel-service.exe
C:\Program Files\Timus Connect\resources\service\lib\win\wireguard\amd64\wg.exe

πŸ” General Whitelisting Guidelines

To ensure full functionality, perform whitelisting at two levels:

  1. Client-Side Agent – Exclude paths directly on the endpoint
  2. Central Console – Apply policy-wide exclusions for consistency and scale

For maximum compatibility:

  • Exclude by exact file path
  • Exclude entire Timus Connect folder to cover future updates

πŸ”§ Configuration by Vendor (Antivirus + EPP)

1. Windows Defender (Microsoft Defender for Endpoint)

Client UI:

  • Go to Windows Security β†’ Virus & threat protection β†’ Manage settings β†’ Add exclusions
  • Add both individual .exe files and the full folder path

PowerShell (for bulk deployment):

Add-MpPreference -ExclusionPath "C:\Program Files\Timus Connect"

Microsoft Defender for Endpoint (MDE Console):

  • Go to Device Configuration β†’ Endpoint Security β†’ Antivirus β†’ Policy
  • Add exclusions under Microsoft Defender Antivirus settings

2. BitDefender GravityZone

Control Center:

  • Navigate to Policies β†’ Antimalware β†’ Settings β†’ Exclusions
  • Add file paths for all relevant executables and their subfolders
  • If β€œAdvanced Threat Control” flags the app, add a Process Exception

Client:

  • Open local agent settings β†’ Go to Protection β†’ Manage Exclusions
  • Add relevant paths manually

3. SentinelOne

Management Console:

  • Navigate to Threat Protection β†’ Exclusions
  • Add executables by path
  • Create Behavioral AI exclusions to allow elevated processes and tunneling apps (OpenVPN/WireGuard)

Note: SentinelOne client does not support local UI configurationβ€”central management only.


4. CrowdStrike Falcon

Cloud Console:

  • Go to Configuration β†’ Prevention Policies
  • Add to β€œAllow List” using exact path
  • Confirm that the process is excluded from behavioral blocking policies (e.g., β€œProcess Injection” or β€œCredential Access” rules)

5. Trend Micro Apex One

Control Manager:

  • Navigate to Policy Management β†’ Agent Settings β†’ Exceptions
  • Add both file and folder exclusions
  • Include all child .exe under Timus Connect path

Client:

  • Right-click agent icon β†’ Go to Settings β†’ Scan Exceptions

6. Symantec Endpoint Protection

SEPM Console:

  • Go to Policies β†’ Exception Policies β†’ Windows Exceptions
  • Add by File, Folder, and optionally by File Type (.exe)

Client:

  • Open SEP UI β†’ Settings β†’ Configure Exceptions

7. McAfee Trellix Endpoint Security

ePolicy Orchestrator (ePO):

  • Go to Policy Catalog β†’ Endpoint Security Threat Prevention β†’ Access Protection β†’ Exclusions
  • Add by path and allow for:
    • Read/Write Access
    • Memory Access

Client Console:

  • Open ENS client β†’ Go to Threat Prevention β†’ Show Advanced Settings β†’ Exclusions

8. ESET Endpoint Security

ESET PROTECT Console:

  • Go to Policies β†’ Detection Engine β†’ Exclusions
  • Add all Timus .exe files and folders

Client Interface:

  • Open ESET UI β†’ Setup β†’ Detection Engine β†’ Manage Exclusions

9. ThreatLocker

Portal:

  • Navigate to Application Control β†’ Policies β†’ Add Policy
  • Create a custom group for Timus Connect
  • Approve each executable manually
  • Ensure compatibility with Ring0 operations (driver/low-level calls)

10. Datto AV/EPP

Control Manager:

  • Navigate to Security Management β†’ Policies β†’ Exclusions
  • Add full folder C:\Program Files\Timus Connect\ and all executable paths
  • Allow behaviors: privilege elevation, service creation, VPN tunneling (OpenVPN/WireGuard)

Client:

  • Open Local Agentβ†’ Settings β†’ Exclusions
  • Add Timus Connect folder and executables manually
  • Allow runtime behaviors if blocked

11. FortiEDR / FortiClient 

FortiEDR Console

    • Log in to the FortiEDR Management Console

    • Navigate to Policies β†’ Endpoint Policies

    • Select your policy β†’ Edit

    • In the left pane, choose Exclusions β†’ File and Folder Exclusions

    • Click Add β†’ browse to C:\Program Files\Timus Connect\

    • Select all .exe files and their parent folders under that path

    • Save changes β†’ Publish updated policy

FortiClient (Client Interface)

  • Open FortiClient on the endpoint

  • Click Settings (gear icon) β†’ Antivirus

  • Scroll to Exclusions β†’ Manage Exclusions

  • Click Add Exclusion β†’ Browse to C:\Program Files\Timus Connect\

  • Select all .exe files (include subfolders) β†’ OK

  • Click Apply to activate exclusions


11. SolarWinds

Orion Console (Server-Side)

  • Log in to the Orion Web Console

  • Go to Settings β†’ All Settings

  • Under SAM Settings, click Manage File & Directory Monitors

  • Select any monitor that might scan Timus files β†’ Edit

  • In Excluded Paths, click Add and enter: C:\Program Files\Timus Connect\

  • Click Save and Apply

SolarWinds Agent (Client-Side)

  • Open the SolarWinds Agent local UI (e.g. http://localhost:17778/)

  • Click Settings β†’ File & Directory Exclusions

  • Click Add Exclusion β†’ browse to: C:\Program Files\Timus Connect\

  • Check Include subfolders

  • Click OK, then Save or Apply


⚠️ Additional Notes on Runtime Behavior

  • Some Timus components use privilege elevation (elevate.exe), create or manage services, and perform tunneling operations using OpenVPN and WireGuard.
  • EPPs with behavioral engines may falsely classify this behavior as malicious.
  • We strongly recommend creating behavioral exclusions where applicable to allow full functionality.
  • Monitor the application’s performance post-deployment and check for flagged events in your EPP logs.

⚠️Additional Step: Run System File Checker (SFC) and DISM

If you continue to experience high CPU, RAM usage, or functionality issues after whitelisting the executables, it may be helpful to run the System File Checker (SFC) and DISM commands to repair potential system file corruption. Follow these steps:

  1. Open Command Prompt as Administrator.
  2. Run the following command to check for and repair corrupted system files:
    sfc /scannow
  3. Once SFC completes, run the following DISM command to repair the Windows image:
    DISM /Online /Cleanup-Image /RestoreHealth

These steps can help resolve underlying system issues that might be contributing to performance problems or functionality disruptions.

 

Please note - Huntress currently does not support traditional software exclusions in the way antivirus or endpoint protection platforms might (e.g., excluding a specific folder or process from scanning).  We recommend putting the machine in maintenance mode when installing our application.


Summary of Actions

AVs and EPPs Exclude by Path Behavioral Exclusion Folder-Level Exclusion
Windows Defender βœ… ❌ βœ…
BitDefender βœ… βœ… βœ…
SentinelOne βœ… βœ… βœ…
CrowdStrike βœ… βœ… βœ…
Trend Micro βœ… ❌ βœ…
Symantec βœ… ❌ βœ…
McAfee ENS βœ… βœ… βœ…
ESET βœ… ❌ βœ…
ThreatLocker βœ… βœ…

βœ…

Datto AV/EPP βœ… βœ…

βœ…

FortiEDR βœ… βœ…

βœ…

SolarWinds βœ… ❌

βœ…

 

Updated

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.