Antivirus Exclusions for the Windows Forwarder

To ensure optimal performance and interoperability, certain files, folders, and processes used by the Stairwell Windows Forwarder must be excluded from scanning by any antivirus or endpoint security software.


Customers have observed up to a 10× performance improvement in file scanning after configuring exclusions in Microsoft Defender. These exclusions prevent real-time security software from interfering with Stairwell’s file access operations, reducing latency and avoiding unnecessary resource contention.


Add the following items to your endpoint protection exclusion policies:

ComponentPath
Forwarder Data DirectoryC:\ProgramData\Stairwell
Forwarder Kernel DriverC:\Windows\System32\drivers\SWAgent.sys
Forwarder ProcessC:\Program Files\Stairwell\SwellService\SwellService.exe
  • Ensure that sub-folders are included for directory exclusions.
  • Do not scan these paths with on-access or real-time protection engines.

Third-Party Antivirus Notes

Some antivirus vendors require wildcards or trailing asterisks (*) when specifying exclusion paths. For example:

C:\ProgramData\Stairwell\*

Consult your vendor’s documentation to ensure correct formatting of path-based exclusions.