Security Settings

BEFORE PERMANENTLY DISABLING OR RESTRICTING ANY SECURITY SETTINGS IT IS HIGHLY RECOMMENDED TO CONSULT THE CUSTOMER’S IT VENDOR. DUE TO VARIENCES IN ENDPOINT SECURITY AND NETWORK CONFIGURATION OTHER OPTIONS MAY EXIST.


Firewall Settings – For License Dongle and NNT Only

netsh advfirewall firewall add rule name=“IRYS UDP Port 12234” dir=in action=allow protocol=UDP localport=12234
netsh advfirewall firewall add rule name=“IRYS UDP Port 12234” dir=out action=allow protocol=UDP localport=12234

netsh advfirewall firewall add rule name=“IRYS Network Dongle UDP” dir=in action=allow protocol=UDP localport=1947
netsh advfirewall firewall add rule name=“IRYS Network Dongle UDP” dir=out action=allow protocol=UDP localport=1947

netsh advfirewall firewall add rule name=“IRYS Network Dongle TCP” dir=in action=allow protocol=TCP localport=1947
netsh advfirewall firewall add rule name=“IRYS Network Dongle TCP” dir=out action=allow protocol=TCP localport=1947

netsh advfirewall firewall add rule name=“IRYS TCP Port 12235” dir=in action=allow protocol=TCP localport=12235
netsh advfirewall firewall add rule name=“IRYS TCP Port 12235” dir=out action=allow protocol=TCP localport=12235

netsh advfirewall firewall add rule name=“CEFLA TCP Port 12236” dir=in action=allow protocol=TCP localport=12236
netsh advfirewall firewall add rule name=“CEFLA TCP Port 12236” dir=out action=allow protocol=TCP localport=12236

netsh advfirewall firewall add rule name=“CEFLA Console Port 5790” dir=in action=allow protocol=TCP localport=5790
netsh advfirewall firewall add rule name=“CEFLA Console Port 5790” dir=out action=allow protocol=TCP localport=5790


Disable Cloud Delivered Protection

Set-MpPreference -MAPSReporting Disabled

Set-MpPreference -SubmitSamplesConsent Never


Add Exclusions to Windows Defender Antivirus

The list below is formatted to specifically alter Windows Defender Antivirus. The list can be adapted to provide exclusions for any endpoint security application.

In Windows 10 the follow exclusions should prevent TWAIN batch image transfer from failing. However, there are some PCs where this still will not protect the batch image transfer between iCapture and EagleSoft. In these rare cases you may have to permanently disable real-time protection by the command “Set-MpPreference -DisableRealtimeMonitoring 1” in an elevated PowerShell console.

Add-MpPreference -ExclusionPath “C:\NNT”
Add-MpPreference -ExclusionPath “C:\Program Files (x86)\Common Files\MyRay”
Add-MpPreference -ExclusionPath “C:\Program Files (x86)\Common Files\NewTom”
Add-MpPreference -ExclusionPath “C:\Program Files (x86)\iCapture”
Add-MpPreference -ExclusionPath “C:\iMAGERS”
Add-MpPreference -ExclusionPath “C:\Eaglesoft”
Add-MpPreference -ExclusionProcess “C:\Program Files (x86)\iCapture\iCaptureMonitor.exe”
Add-MpPreference -ExclusionProcess “C:\Program Files (x86)\iCapture\iCaptureNotificationArea.exe”
Add-MpPreference -ExclusionProcess “C:\Program Files (x86)\iCapture\iCaptureTwainToDisk.exe”
Add-MpPreference -ExclusionProcess “C:\Program Files (x86)\iCapture\iCaptureConnectionChecker.exe”
Add-MpPreference -ExclusionProcess “C:\NNT.exe”
Add-MpPreference -ExclusionProcess “C:\NNT_Bridge.exe”
Add-MpPreference -ExclusionProcess “C:\Eaglesoft\Shared\Eaglesoft.exe”


Disable Windows Defender Real-Time Protection

Set-MpPreference -DisableRealtimeMonitoring 1