Knowledge Base

Our dedicated Product Specialist team is always ready to help you when you need it the most. Contact Support

Authentication Client Antivirus and 3rd party exclusions

For the most part the Specops Authentication client will play nice with Antivirus in displaying the dynamic feedback to the end user during password change, but if not the changes below are needed:


Adding the following paths to the Global exception list. This will need to be done for each one of your domain, your domain controllers, as well as the authentication client file path:

C:\Program Files\Specopssoft\Specops Authentication Client\Specops.Authentication.Client.exe

***Please note, etc. are placeholders for your specific domain controllers and domain. It is not meant to be the exclusions placed within your environment .***


Adding the following paths to the exceptions list:




the highlighted version will change depending on the version of the client and cefsharp being run.

Netmotion always On VPN

If you have NetMotion always on vpn in your environment. It is necessary to configure several options for the Cefsharp browser to function appropriately. Below are the rules necessary to do so:


If you come across the issue that the Specops Autentication Client RulesUI does not show the password rules on a Citrix Server then changing the following registry values might solve it. The rules may already be shown but are out of sight due to the screen resolution being too small.

Change the LogonUIWidth to 1280 and the LogonUIHeight to 1024.
Location in the registry on the Citrix Server:

HKLM\Software\Wow6432node\Citrix\CtxHook\AppInit_DLLS\Multiple Monitor Hook\LogonUIWidth = DWORD:1280
HKLM\Software\Wow6432node\Citrix\CtxHook\AppInit_DLLS\Multiple Monitor Hook\LogonUIHeight = DWORD:1024

Note: The Citrix recommendation is to not configure and push out these registry changes with a group policy object.


C:\Program Files\Specopssoft\Specops Authentication Client\Specops.Authentication.Client.exe

Palo Alto VPN Client

On a machine with the Global Protect VPN client installed, create or update the following registry key:

Key path: HKEY_LOCAL_MACHINE\SOFTWARE\Palo Alto Networks\GlobalProtect
Value name: wrap-cp-guid
Value type: REG_SZ (String Value)
Value data: {00002ba3-bcc4-4c7d-aec7-363f164fd178}

SafeNet Agent for Windows Logon

The Safenet Agent for Windows Logon needs to be told not to filter out the Specops Authentication Client by creating the following registry entry on any machine with the client installed on it:

Value name: DonotFilter
Value type: REG_SZ (String Value)
Value data: {00002ba3-bcc4-4c7d-aec7-363f164fd178}

WatchGuard MFA

The Watchguard MFA client needs to be told by the Specops Authentication Client that it can be wrapped:

Key path: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Specopssoft\uReset\Client\CredentialProvider
Value name: WrappedCredentialProviderGuid
Value type: REG_SZ (String Value)
Value data: {BCB72349-6C97-4E3F-94B5-6EA045F85CA5}

Publication date: August 16, 2022
Modification date: June 13, 2024

Was this article helpful?

Related Articles