To have a good experience using the HEIMDAL Security products, we recommend you take a look at the following requirements and configure your environment accordingly.
1. Supported Architectures and OSes
2. Requirements
3. IP addresses and Ports
4. File/process exclusions
5. CPU/Memory Usage
SUPPORTED ARCHITECTURES AND OSes
The HEIMDAL Agent is developed on the 32-bit architecture (with a plan to move all the HEIMDAL products to 64-bit architecture) and can be installed on computers/devices with the following architectures:
- x86
- x64
- ARM - The HEIMDAL Agent can be installed on ARM architectures on Windows and macOS, but the HEIMDAL Ransomware Encryption Protection product is NOT supported on Windows.
The HEIMDAL Agent can be installed on computers/devices running the following operating systems:
Windows
- Windows 7 (64-bit) - reached end of life on January 14th, 2020. While Microsoft and Heimdal have officially ended support for it, the Heimdal Agent remains compatible with it for specific products (DNS Security - Endpoint, VectorN Detection, 3rd Party Patch Management, OS Updates - only lists available updates, Next-Gen Antivirus, XTP, Firewall & RAP, Privilege Elevation and Delegation Management, Application Control, Remote Desktop, Scripting, USB Management). This allows organizations to maintain a layer of security on legacy systems. To get the Heimdal Agent installed on a Windows 7 device, you need Service Pack 1, KB4474419 (for Trusted Root Certificates), KB4490628, and .NET Framework 4.8 or 4.8.1
- Windows 8.1 (64-bit) - reached end of life on January 23rd, 2023. While Microsoft and Heimdal have officially ended support for it, the Heimdal Agent remains compatible with it for specific products (DNS Security - Endpoint, VectorN Detection, 3rd Party Patch Management, OS Updates - only lists available updates, Next-Gen Antivirus, XTP, Firewall & RAP, Privilege Elevation and Delegation Management, Application Control, Remote Desktop, Scripting, USB Management). This allows organizations to maintain a layer of security on legacy systems. To get the Heimdal Agent installed on a Windows 8.1 device, you need .NET Framework 4.8 or 4.8.1.
- Windows 10 (32-bit) - although Microsoft stated that the OS reached end of life on October 14th, 2025, and that the Extended Security Update (ESU) will extend until October 13th, 2026, Heimdal will continue to work.
- Windows 10 (64-bit) - although Microsoft stated that the OS reached end of life on October 14th, 2025, and that the Extended Security Update (ESU) will extend until October 13th, 2026, Heimdal will continue to work.
- Windows 11 (64-bit)
- Windows Server 2008 R2 - end of life on January 14, 2020. While Microsoft and Heimdal have officially ended support for it, the Heimdal Agent remains compatible with it for specific products (DNS Security - Endpoint, VectorN Detection, 3rd Party Patch Management, OS Updates - only lists available updates, Next-Gen Antivirus, XTP, Firewall & RAP, Privilege Elevation and Delegation Management, Application Control, Remote Desktop, Scripting, USB Management). This allows organizations to maintain a layer of security on legacy systems. To install the Heimdal Agent on a Windows Server 2008 R2, you need Service Pack 1, KB4474419 (for Trusted Root Certificates), and .NET Framework 4.8 or 4.8.1.
- Windows Server 2012 R2 - end of life on October 10, 2023. While Microsoft and Heimdal have officially ended support for it, the Heimdal Agent remains compatible with it for specific products (DNS Security - Endpoint, VectorN Detection, 3rd Party Patch Management, OS Updates - only lists available updates, Next-Gen Antivirus, XTP, Firewall & RAP, Privilege Elevation and Delegation Management, Application Control, Remote Desktop, Scripting, USB Management). This allows organizations to maintain a layer of security on legacy systems. To get the Heimdal Agent installed on a Windows Server 2012 R2, you need .NET Framework 4.8 or 4.8.1.
- Windows Server 2016
- Windows Server 2019
- Windows Server 2022
- Windows Server 2025
macOS
- macOS 10.15 (Catalina)
- macOS 11 (BigSur)
- macOS 12 (Monterey)
- macOS 13 (Ventura)
- macOS 14 (Sonoma)
- macOS 15 (Sequoia) and above
Linux
- Ubuntu 18.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 23.04
- Ubuntu 24.04 LTS
- Ubuntu 25.10
- Ubuntu 26.04
REQUIREMENTS
Before installing the HEIMDAL Agent, make sure your devices meet the following requirements.
Windows
- Microsoft .NET Framework 4.8 or 4.8.1
- Up to 640 MB disk space
- At least 250 MB RAM
- CPU usage may reach up to 40% during scanning
- Administrator permissions during installation
- User permissions during execution
- Internet access with ports 53 and 443 open
- Internal ports used: 80, 8001, 57127
- Microsoft Visual C++ 2015-2022 (x86) required
- DNS Security Network Log Agent uses port 443
- Remote Desktop Viewer uses port 7615
macOS
- macOS 12.0 (Monterey) or later
- At least 400 MB of disk space
- At least 4 GB RAM
- Approval of the DNS Security system extension is required when DNS Security is enabled
- Full Disk Access is required for Antivirus and REP / Endpoint Security modules
- Finder Extension / Managed Login Item approval may be required for Finder-based scan and Run as Admin actions
- The HEIMDAL privileged helper must be allowed to run for system-level operations
- Internet access with ports 53 and 443 open
Linux (Ubuntu)
- .NET 6 Framework
- At least 50 MB of disk space
- At least 4 GB RAM
- sudo permissions required
- Required packages: curl, unzip, gnupg, lsb-release, netcat, ca-certificates
- Internet access with port 443 open
- Red Hat Enterprise Linux is currently NOT supported
IP ADDRESSES AND PORTS
The HEIMDAL Agent needs the following domains/IP addresses to communicate with HEIMDAL servers. If you are behind a firewall or proxy, ensure these are allowlisted.
HEIMDAL Agent / Dashboard & Core Service
| Service | Domain/IP | Port |
|---|---|---|
| HEIMDAL services | heimdalsecurity.com | 443 |
| HEIMDAL services | *.heimdalsecurity.com | 443 |
| HEIMDAL Dashboard | 4.210.233.58 | 443 |
| HEIMDAL Core Service | 20.0.77.1, 20.31.148.77, 20.41.253.65, 20.86.58.154, 20.234.37.69, 40.87.128.228, 40.121.66.93, 52.172.28.76, 52.191.117.200, 57.150.81.193, 74.243.253.84, 172.190.200.107 | 443 |
| HEIMDAL Blob Storage | 20.60.27.164 | 443 |
| HEIMDAL Monitor Device service | 9.163.73.206 | 8884 |
DNS Security
| Service | Domain/IP | Port |
|---|---|---|
| DNS Security Block Page | tpeblockserver.trafficmanager.net | 443 |
| DNS Security Block Page | blockedbyheimdalsecurity.com | 443 |
| DNS Security Block Page | 20.86.55.232, 52.166.12.23 | 443 |
| DNS-N LogAgent | 3.68.42.215, 3.122.156.8, 3.75.56.71 | 443 |
| DNS-E Full Logging | 52.140.46.52, 40.87.154.237, 40.117.169.91, 40.68.157.46 | 443 |
Privileged Account and Session Management
| Service | IP Address | Port(s) |
|---|---|---|
| CloudFlare DNS | 1.1.1.1 | 80, 443 |
| Google DNS | 8.8.8.8 | 80, 443 |
| Google DNS | 8.8.4.4 | 80, 443 |
| PASM CDN | heimdalpasmprod.blob.core.windows.net | 80, 443 |
Additional required ports: 123 (NTP), 389 (LDAP), 636 (LDAPS).
Application Control
| Service | IP Address | Port |
|---|---|---|
| Application Control | 20.71.146.235 | 443 |
Email Protection
| Region | IP Address | Domain | Port |
|---|---|---|---|
| EU | 20.50.183.144, 20.50.183.146 | eu-esec-01.heimdalsecurity.com | 25 |
| EU | 20.50.183.145, 20.50.183.147 | eu-esec-02.heimdalsecurity.com | 25 |
| EU | 20.50.183.148, 20.50.183.149 | eu-esec-outbound.heimdalsecurity.com | 25 |
| EU | 20.50.183.150, 20.50.183.151 | eu-esec-backup.heimdalsecurity.com | 25 |
| US | 20.88.177.217, 20.88.177.218 | us-esec-01.heimdalsecurity.com / us-esec-02.heimdalsecurity.com | 25 |
| US | 20.88.177.208, 20.88.177.209 | us-esec-outbound.heimdalsecurity.com | 25 |
| UK | 172.166.114.48, 172.166.114.49 | uk-esec-01.heimdalsecurity.com / uk-esec-02.heimdalsecurity.com | 25 |
| UK | 172.166.114.50, 172.166.114.51 | uk-esec-outbound.heimdalsecurity.com | 25 |
| UAE | 20.233.55.176, 20.233.55.177 | uae-esec-01.heimdalsecurity.com, uae-esec-02.heimdalsecurity.com | 25 |
| UAE | 20.233.55.178, 20.233.55.179 | uae-esec-outbound.heimdalsecurity.com | 25 |
The full list of domains and IP addresses can be found at the bottom of this page.
Remote Desktop
| Service | IP Address | Domain | Port(s) |
|---|---|---|---|
| Remote Desktop / ISL Online | 91.217.255.149 | *.islonline.net, *.islonline.com | 80, 443, 7615, 32000 |
| ISL Online Host | *.islonline-host.com | 80, 443, 7615, 32000 |
FILE / PROCESS EXCLUSIONS
If you use another antivirus software or another application that scans browsing traffic, we recommend adding exceptions for HEIMDAL processes and for the installer located at:
HEIMDAL Agent for Windows:
C:\Program Files (x86)\Heimdal\
HEIMDAL Agent
- Heimdal.AdminPrivilege.exe
- Heimdal.AgentError.exe
- Heimdal.AgentLoader.exe
- Heimdal.Antivirus.exe
- Heimdal.ClientHost.exe
- Heimdal.DarkLayerGuard.exe
- Heimdal.DeliveryManager.exe
- Heimdal.Firewall.exe
- Heimdal.Insights.Service.exe
- Heimdal.IpxeChecker.exe
- Heimdal.MonitorServices.exe
- Heimdal.OsDeployment.exe
- Heimdal.OsDeploymentChecker.exe
- Heimdal.ProcessLock.exe
- Heimdal.ProcessLock.Elevator.exe
- Heimdal.ProcessLock.Elevatorx64.exe
- Heimdal.RemoteDesktop.Service
- Heimdal.REP
- Heimdal.SetupLauncher.exe
- Heimdal.ThorAgent.exe
- Heimdal.ThorVigilanceScanStarter.exe
- Heimdal.UpdateService.exe
- Heimdal.UptimeChecker.exe
- Heimdal.VigilanceMonitor.exe
- Heimdal.Wizard.exe
- Heimdal.XTP.exe
- ScriptRunner.exe
- Heimdal.AddRemovePrograms.exe
- Heimdal.AdminPrivilege.Elevator.exe
- Heimdal.AdminPrivilege.FileElevator.exe
- Heimdal.AdminPrivilege.FileElevatorX64.exe
- Heimdal.AgentError.exe
HEIMDAL Remote Desktop (Viewer and Agent)
- %localappdata%\ISL Online Cache\
- %programdata%\ISL Online Cache\
HEIMDAL Agent for macOS:
If you use another antivirus, EDR, or a traffic-inspection product on macOS, we recommend allowlisting the following HEIMDAL components.
Application Bundles and Embedded Binaries
- /Applications/Heimdal Agent.app
- /Applications/Heimdal Agent.app/Contents/MacOS/Heimdal Agent
- /Applications/Heimdal Agent.app/Contents/PlugIns/finderSync.appex
- /Applications/Heimdal Agent.app/Contents/PlugIns/finderSync.appex/Contents/MacOS/finderSync
- /Applications/Heimdal Agent.app/Contents/Library/LaunchServices/Heimdal ES Client.app
- /Applications/Heimdal Agent.app/Contents/Library/LaunchServices/Heimdal ES Client.app/Contents/MacOS/Heimdal ES Client
System Extensions and Helper Components
- /Applications/Heimdal Agent.app/Contents/Library/SystemExtensions/com.heimdalsecurity.heimdalAgent.dnsNetworkExtension.systemextension
- /Library/PrivilegedHelperTools/com.heimdalsecurity.heimdalAgent.cmdHelper
- com.heimdalsecurity.heimdalAgent.finderSync
- com.heimdalsecurity.heimdalAgent.dnsNetworkExtension
Launchd Jobs and Service Files
- /Library/LaunchDaemons/com.heimdalsecurity.heimdalAgent.cmdHelper.plist
- /Library/LaunchDaemons/com.heimdalSecurity.launchSupervisor.plist
- /Library/LaunchAgents/com.heimdalSecurity.Agent.restart.plist
- /Library/HeimdalSecurity/HeimdalLaunchSupervisor
Support, Logs, and User Data
- /Library/HeimdalSecurity/
- ~/Library/Application Support/com.heimdalsecurity.heimdalAgent
- ~/Library/Application Support/HeimdalAgent
- ~/Library/Application Support/Heimdal Agent
- ~/Library/Application Support/HeimdalLogs
- ~/Library/Preferences/com.heimdalsecurity.heimdalAgent.plist
Process and Bundle Identifiers
- Heimdal Agent
- com.heimdalsecurity.heimdalAgent.cmdHelper
- Heimdal ES Client
- HeimdalESClient
- HeimdalRepClient
- HeimdalLaunchSupervisor
CPU/MEMORY USAGE
The Heimdal Agent (formerly Thor) is designed to be a lightweight, modular security client. Its resource footprint varies depending on which modules (DNS Security, Next-Gen Antivirus, Firewall Management, Ransomware Encryption Protection, Application Control, etc.) are active and whether it is performing a background task or an active scan.
Based on technical specifications and performance benchmarks for 2026, CPU usage is ~1-3% (background monitoring) and up to 40% (during full system scans), while Memory usage is ~250 MB and goes up to 500 MB - 1 GB (during deep scans):
When blocking a malicious domain or monitoring traffic (DarkLayer Guard), CPU usage typically stays below 3%. Opening the Heimdal Agent GUI can cause a temporary spike of up to 10%. During a full scan, CPU usage is architected to stay around 40%.
Note: Administrators can configure a CPU Threshold in the Group Policy. If the agent detects the system is already under heavy load (e.g., above 50%), it may throttle its own processes to prevent "agent fatigue" and maintain system responsiveness.