It is crucial for the safety of your machine to have Anti-Virus (AV) software installed and in use. You should inquire with your IT administrator about the preferred AV solution for your organization. Swif is capable of detecting and updating a range of AV software for external compliance automation platforms like Vanta and Drata. If you are utilizing a different AV software, please contact your admin to have it included as an approved option.

Antivirus Software:

Avast
Avira
Bitdefender
ClamAV
Comodo Antivirus
Coro
CrowdStrike
Cybereason AntiVirus
Cylance Endpoint Security
Datto
ESET Security
Falcon
FortiClient
Intego
Jamf Protect
Kaspersky AntiVirus
Malwarebytes
McAfee AntiVirus
Microsoft Defender / Windows Defender
NANO Antivirus
Norton AntiVirus
REVE AntiVirus
SentinelOne
Sophos
Symantec
Total Defense Essential Anti-Virus
Trend Micro
VMware Carbon Black
Webroot AntiVirus
XProtect, a built-in MacOS antivirus
ZoneAlarm

Here’s the updated section you can add to your existing Help Center article —
Anti-Virus Detection and Reporting — written in the same professional and instructional tone used in your other Swif.ai documentation.

Linux Antivirus Path Whitelist

For Linux devices, Swif automatically detects antivirus software by scanning known installation paths.
Because antivirus binaries may vary in location across distributions and installations, Swif maintains a whitelist of verified binary paths to ensure accurate detection.

Below are the currently supported paths included in Swif’s whitelist:

Antivirus Name	Whitelisted Paths
bitdefender	`/opt/bitdefender-security-tools/bin`
clambc	`/usr/bin/clambc`, `/usr/local/bin/clambc`
clamconf	`/usr/bin/clamconf`, `/usr/local/bin/clamconf`
clamdscan	`/usr/bin/clamdscan`, `/usr/local/bin/clamdscan`
clamdtop	`/usr/bin/clamdtop`, `/usr/local/bin/clamdtop`
clamscan	`/usr/bin/clamscan`, `/usr/local/bin/clamscan`
clamsubmit	`/usr/bin/clamsubmit`, `/usr/local/bin/clamsubmit`
falcon-sensor (CrowdStrike)	`/usr/bin/falcon-sensor`, `/usr/local/bin/falcon-sensor`, `/opt/CrowdStrike/falcon-sensor`
mblinux	`/usr/bin/mblinux`, `/usr/local/bin/mblinux`
mbdaemon	`/usr/bin/mbdaemon`, `/usr/local/bin/mbdaemon`

If Swif doesn’t detect an installed antivirus automatically, it’s possible the binary path is different from the default ones listed above.

Submitting Custom Antivirus Paths for Linux

If your organization uses an antivirus solution that is installed in a custom directory, you can send the installation path to the Swif team for whitelisting.
To find your antivirus installation path, use the commands below and share the results with Swif support.

Step 1 — Check if the service exists

sudo systemctl status {appName}

Step 2 — Check for desktop entries

ls /usr/share/applications | grep {appName} ls /usr/local/share/applications | grep {appName} ls ~/.local/share/applications | grep {appName}

Step 3 — Check for binary location

ls /usr/bin | grep {appName} ls /usr/local/bin | grep {appName}

Tip: Replace {appName} with your antivirus process or service name (for example, falcon-sensor, clamscan, or bitdefender).

Why This Matters

Adding new antivirus paths to the whitelist ensures that Swif can:

Accurately detect and report the antivirus software installed on Linux devices.
Include the antivirus status in compliance and security reports.
Maintain visibility across heterogeneous Linux environments and distributions.

✅ Example:
If you installed CrowdStrike Falcon Sensor in a non-standard directory such as /opt/crowdstrike/bin/falcon-sensor, simply provide that path to Swif Support.
After review and verification, it will be added to the whitelist for future automatic detection.

Install/Uninstall CrowdStrike Falcon

Installing Custom Software via Swif

Configuring SentinelOne Exclusions for Swif.ai to Prevent False Positives

Clean Uninstallation of Rippling from macOS Devices Using Swif

Configuring CrowdStrike Falcon Exclusions for Swif.ai to Prevent False Positives