How to Whitelist Salad in Norton Antivirus
1. Open up Norton Antivirus
2. Click Settings
Click on the “Settings” icon at the top right of the screen
3. Click Antivirus
This will pop up another window for settings, click the top left option, “Antivirus”.
4. Click “Scans and Risks”
On the antivirus window, click on the “Scans and Risks” tab
5. Click “Configure [+]”
Scroll all the way to the bottom of the window, and click on “Items to Exclude from Scans”
6. Click Add Folders
Click “Add Folders” at the bottom left of the window
7. Whitelist the Salad miner folder
Salad v1.0.0: The Salad miner folder can be found under "C:\ProgramData\Salad\workloads".
Salad v0.5.8-Alpha: The Salad miner folder can be found under "C:\%AppData%\Salad\plugin-bin".
8. Make sure the checkbox for including all subfolders is checked!
9. Click OK, and it will bring you back to the exclusions management window
10. Click OK on the exclusions management window to finalize the addition
11. Click “Configure [+]”
This time, select "Items to Exclude from Auto-Protect, SONAR, and Download Intelligence Detection".
12. Repeat the same steps above
Follow the same steps as the previous whitelist, to whitelist your "C:\ProgramData\Salad\workloads" folder.
13. Click the "Back" button
Click the "Back" button at the bottom to navigate back to the main settings page for Norton.
14. Select "Firewall"
Now select the "Firewall" option to navigate into the settings for it.
15. Select "Intrusion and Browser Protection"
Navigate to the "Intrusion and Browser Protection" panel at the top.
16. Click "Configure [+]"
Click the "Configure [+]" button next to "Intrusion Signatures".
17. Type "coinminer" into the search bar
On the popup window, type "coinminer" into the bar at the top right, this will filter it to only miner signatures.
18. Uncheck the "Active" box for all of them
To ensure all of Salad's miners are able to run, you will need to uncheck the "Active" box for all the items in this list, making sure to scroll all the way through the list to get them all. Once done, click the "OK" button at the bottom.
19. Navigate to "General Settings"
Now head into the "General Settings" page, and scroll all the way down to the bottom.
20. Click "Configure [+]"
Click the "Configure [+]" button next to "Device Trust".
21. Whitelist each of the miner pools
Now, you will need to add a whitelist for each of the mining pools that Salad will connect to. You can do this by clicking the "Add" button at the bottom, and filling in the information for the pools. The information for each of the pools is shown below.
- Name: Ethermine IP or Physical Address: ethermine.org Trust Level: Full Trust
- Name: Prohashing IP or Physical Address: prohashing.com Trust Level: Full Trust
- Name: NiceHash IP or Physical Address: nicehash.com Trust Level: Full Trust
- Name: xmrig.com IP or Physical Address: 126.96.36.199 Trust Level: Full Trust
- Name: Salad IP or Physical Address: 188.8.131.52 Trust Level: Full Trust
- Name: xmrnicehash IP or Physical Address: 184.108.40.206 Trust Level: Full Trust
- Name: eu nicehash IP or Physical Address: 220.127.116.11 Trust Level: Full Trust
- Name: xmrdonation IP or Physical Address: 18.104.22.168 Trust Level: Full Trust
- Name: xmrig IP or Physical Address: 22.214.171.124 Trust Level: Full Trust
For all of these, you should enable IPS Exclusion as well. The names provided are recommendations, you can name it something else if you prefer. Once complete, click the "Apply" button at the bottom. Here is a screenshot showing some of these whitelists:
22. That should be it for whitelisting Salad in Norton Antivirus!
If you continue to get popups from Norton in the bottom right, you may need to add additional Device Trust whitelists for the IP addresses shown. You can find the IP address by clicking "More Information" on the popup, and looking for the Destination Address IP, as shown below.
If that doesn't do the trick after you’ve followed all the steps, and whitelisted any popup IP addresses, please contact us here via a support ticket.
Note - You may still get popups from Norton regarding a "CL.Coinminer!gen1." security risk. This is simply flagging the command we run to start the miners, and can be ignored.