IT Security, Firewall, Antivirus, and Network Filtering Issues

Overview

Some scanner/software connection issues may be caused by IT security settings rather than the scanner, software, or computer hardware.

Firewalls, antivirus software, endpoint protection, DNS filters, proxy servers, VPNs, and application-control tools can prevent required software files, services, drivers, or cloud connections from working correctly.

This article explains:

  • Common symptoms of IT-related blocking
  • Quick tests to identify whether the issue is local or network-related
  • What customer IT may need to allow
  • How to collect an .exe list for IT review
  • What firewall, antivirus, and Windows Security changes may be needed


Common Symptoms

IT security restrictions may cause the following issues:


Symptom

Possible cause

Software will not open

Antivirus, SmartScreen, EDR, or application control is blocking the software

Software opens but scanner does not connect

Firewall, service blocking, driver issue, or network adapter restriction

Scanner is detected by Windows but not by the software

Required service, driver, or local communication is blocked

Login fails

Cloud access, DNS, proxy, firewall, date/time, or SSL issue

Cloud indicator is red, disconnected, or shows a slash mark

Software cannot reach required cloud services

Uploading, downloading, or sending cases fails

Cloud/domain access is blocked

Modules do not load

Required cloud resource or local component is blocked

Software update fails

Update service, installer, or download connection is blocked

Installation fails or is interrupted

Antivirus, EDR, SmartScreen, driver policy, or missing admin rights

Background services do not start

Service is blocked, disabled, quarantined, or restricted

Scanner disconnects over wireless

Wireless adapter, firewall, driver, base connection, or service issue

Software works on mobile hotspot but not office network

Office firewall, DNS filtering, proxy, or network security policy issue



Why This Happens

Many offices use multiple layers of IT security. These tools are important, but they may block trusted software if the required applications, services, drivers, folders, or cloud domains are not approved.


Common security layers include:

Security layer

Possible impact

Windows Defender Firewall

May block scanner communication, cloud sync, updates, or local services

Microsoft Defender Antivirus

May block or quarantine installers, services, drivers, or application files

Third-party antivirus / EDR

May block background services, scripts, drivers, or network traffic

SmartScreen / app protection

May prevent installer tools or update tools from opening

Controlled Folder Access

May block software from saving scans, logs, exports, or case files

DNS filtering

May prevent cloud domains from resolving correctly

Proxy / web filtering

May block login, cloud sync, downloads, or API communication

VPN software

May reroute or block required local or cloud traffic

Application control

May prevent unknown .exe files from running

USB / driver policy

May prevent scanner drivers or virtual network adapters from working



Quick Checks Before Escalating to IT

1. Check the Cloud Indicator

If the software has a cloud indicator, check its status.

A red cloud indicator, disconnected icon, or slash mark may indicate that the software cannot connect to required cloud services.

Affected functions may include:

  • Login
  • Case sending
  • Case downloading
  • Cloud sync
  • Module loading
  • Software resources
  • Updates


Cloud Indicator on Software (Top Left)


Successful Cloud ConnectionBlocked connection



2. Test with a Mobile Hotspot

Connect the PC to a mobile hotspot and retest the software.

Test result

Meaning

Works on hotspot but not office network

Office network, DNS, proxy, firewall, or filtering issue is likely

Fails on both hotspot and office network

Local PC, software, service, account, or security software issue is more likely

Works on another PC on the same network

The issue may be isolated to one PC

Fails on all PCs on the same network

Network-wide security restriction is likely


A successful hotspot test is one of the fastest ways to show that customer IT needs to review network filtering, DNS, proxy, firewall, or domain allowlisting.




3. Check VPN Software

VPN software may block or reroute local scanner communication and cloud traffic.

Ask the customer to check whether a VPN is active. If IT approves, temporarily disconnect the VPN and retest.

VPN-related issues may affect:

  • Scanner connection
  • Cloud login
  • Upload/download
  • Local network communication
  • License or authentication services


4. Check Date and Time

Incorrect Windows date or time can cause:

  • Login failures
  • SSL certificate errors
  • Cloud communication failures
  • License or authentication issues

Recommended setting:

  1. Open Windows Settings.
  2. Go to Time & language.
  3. Select Date & time.
  4. Enable:
    • Set time automatically
    • Set time zone automatically, if appropriate




5. DNS Test

DNS translates cloud addresses into IP addresses. If DNS is blocked or filtered, the PC may still have general internet access, but the software may fail to connect to required cloud services.

Example:

shining3d.com  →  123.45.67.89

Scanner/software cloud functions may depend on DNS for:

  • Login
  • Case upload
  • Case download
  • Cloud sync
  • Software resources
  • Updates
  • API communication

Testing with public DNS such as 8.8.8.8 or 1.1.1.1 can help determine whether the customer’s DNS infrastructure is causing the issue.

Important: Changing DNS is a diagnostic step, not the preferred permanent fix. If changing DNS resolves the issue, customer IT should review DNS forwarding, DNS filtering, web filtering, proxy restrictions, firewall rules, and domain allowlisting.


Windows Defender and Security Software

Windows Defender Firewall

Windows Defender Firewall controls network traffic in and out of the PC.

It may block:

  • Scanner communication
  • Cloud sync
  • Software updates
  • Local network discovery
  • Background services
  • Communication between scanner software and local services

Customer IT may need to create firewall allow rules for required software components.

Recommended firewall allowlist items:

Item

Recommended action

Main software executable

Allow required inbound/outbound traffic

Launcher executable

Allow outbound traffic; inbound if needed

Background service executable

Allow inbound/outbound traffic if used for scanner/software communication

Device communication executable

Allow local scanner or local network communication

Update executable

Allow outbound traffic

Cloud communication component

Allow outbound HTTPS traffic



Recommended firewall profiles:

Firewall profile

Recommendation

Domain

Allow if the PC is connected to a managed company domain

Private

Usually allow for clinic, office, lab, or trusted scanner networks

Public

Only allow if specifically required by IT or the workflow


For most scanner/software workflows, Domain and Private are the preferred firewall profiles. Public access should be limited unless there is a specific need.


Microsoft Defender Antivirus

Microsoft Defender Antivirus scans files, applications, installers, scripts, services, and system activity.

It may block or delay:

  • Installer files
  • Application .exe files
  • Background services
  • Driver installation
  • Update tools
  • Network communication
  • Scan exports, logs, or case files


If Defender is confirmed to be interfering, customer IT may need to add targeted exclusions.


Possible Defender exclusions:

Exclusion type

What to add

Purpose

File path exclusion

Full path to required .exe files

Prevents Defender from blocking or quarantining trusted files

Process exclusion

Required .exe process path

Prevents Defender from scanning trusted process activity

Folder exclusion

Trusted software installation folder

Helps when multiple related files or updates are affected

Controlled Folder Access allowed app

Required application .exe files

Allows trusted software to write to protected folders


Important: Antivirus should not be permanently disabled. The preferred solution is a targeted allowlist or exclusion for trusted files, services, folders, and processes.


Controlled Folder Access

Controlled Folder Access is a Windows Security feature that blocks unauthorized applications from writing to protected folders.

If enabled, it may prevent the software from saving:

  • Scan data
  • Case files
  • Export files
  • Logs
  • Configuration files
  • Temporary workflow files


If Controlled Folder Access is blocking the software, customer IT may need to allow the required software applications.


Third-Party Antivirus or EDR

If a third-party antivirus or EDR platform is installed, Microsoft Defender may not be the active antivirus provider. In that case, allow rules and exclusions must be added through the customer’s security platform.

Customer IT should check for:

  • Quarantined files
  • Blocked processes
  • Blocked scripts
  • Blocked services
  • Blocked driver installation
  • Blocked network connections
  • Suspicious behavior detections
  • Application-control restrictions


Software folder directories to exclude from Antivirus / Sercurity scanning for softwares to be allowed.


Either allow full folder or specific EXE files listed.


Folder directories will vary depending on instalation options, verify before changing.

Default paths are used below.



IOS Scanners:

Main SW directory: C:\Shining3D\DentalLauncher


C:\Shining3D\DentalLauncher\IntraoralScan\Bin


        DentalLauncher.exe

        IntraoralScan.exe

        DentalAlgoService.exe

        DentalNetwork.exe

        SnSyncService.exe


C:\Shining3D\DentalLauncher\IntraoralScan\Bin\hub

        DentalHub

        quickBroker



Desktop Scaners:

Main SW directory: C:\Shining3D\DentalScan


C:\Shining3D\DentalScan\DentalScan\Bin


        DentalScan.exe

        DSLauncher.exe

        DSAlgoService.exe

        DSNetwork.exe

        DSSnSyncService.exe


 C:\Shining3D\DentalScan\DentalScan\Bin\hub

        DSHub.exe


Facial Scanners:

Main SW directory: C:\Shining3D\FSLauncher


C:\Shining3D\FSLauncher\Facecan\Bin

        FScan.exe

        FSLauncher.exe

        FSAlgoService.exe

        FSNetwork.exe

        FSSyncService.exe


C:\Shining3D\FSLauncher\Facecan\Bin\hub

        FSHub.exe

        quickBroker.exe




Network and Cloud Allowlisting

The software requires cloud access, customer IT may need to allow the required vendor domains through:

  • DNS filtering
  • Web filtering
  • Proxy rules
  • Firewall rules
  • SSL inspection policies
  • Endpoint security policies


IT should confirm that HTTPS access is allowed to the required software/cloud services.

Affected functions may include:

  • Login
  • Case upload
  • Case download
  • Cloud sync
  • Software updates
  • Module loading
  • API communication
  • License or authentication services


Recommended IT request:

Please allow the required software domains through DNS filtering, web filtering, proxy inspection, firewall rules, and endpoint security policies.

 

The affected functions include:

  • Login
  • Case upload/download
  • Cloud sync
  • Software updates
  • Module loading
  • API communication


Refer to the below article for a list of Domains / Ports needed for the software to run


Can Not Access / Sync Cloud - IT Allowlist : Dental Support



Wireless Scanner and Network Adapter Checks

For wireless scanner workflows, Windows may show whether the scanner base or related network adapter is connected.

Important distinction:

  • USBDeview may show whether the wireless base is connected to the PC.
  • USBDeview may not confirm whether the scanner itself is communicating with the base.
  • Task Manager or Network Connections may help confirm whether the related network adapter is active.
  • A red X or greyed-out adapter may indicate that the adapter is disabled or not working correctly.
  • In USBDeview, a disabled driver may show a red dot even though the device appears connected.


Customer IT or support should check:

  1. The wireless base is physically connected.
  2. The adapter appears in Windows.
  3. The adapter is enabled.
  4. The driver is installed correctly.
  5. Security software is not blocking the service or adapter.
  6. The scanner can communicate with the base.



Using the EXE Finder BAT Files

Purpose

The EXE finder BAT files are used to collect all .exe files inside a software version folder.

These BAT files do not add firewall rules, antivirus exclusions, or make system changes. They only search for .exe files and create a text file that can be sent to customer IT.


Google Drive Folder for BAT Files

There are two versions:

BAT file

Output

Best use

exe_find_full_path.bat

Full path of every .exe file

Useful when IT needs exact file paths

exe_find_name_only.bat

File name only for every .exe file

Useful when IT needs a simple executable name list


Where to Place the BAT Files

Place the BAT file in the parent directory of the software version folder so it can scan all subfolders.

Example folder structure:


Full Path EXE List

Use this option when IT needs the full location of every executable.

Output file:

exe_list_full_path.txt

Example output:

Listing all .exe files with full paths...

 

C:\Shining3D\DentalLauncher\uninst.exe

C:\Shining3D\DentalLauncher\IntraoralScan\Bin\client.exe

C:\Shining3D\DentalLauncher\IntraoralScan\Bin\DentalAlgoService.exe

C:\Shining3D\DentalLauncher\IntraoralScan\Bin\DentalDesignAppLogic.exe

C:\Shining3D\DentalLauncher\IntraoralScan\Bin\DentalLauncher.exe


Use this output when IT asks for:

  • Firewall executable paths
  • Antivirus exclusions
  • EDR allow rules
  • Application-control review
  • Exact software component locations


Important: The EXE list is an inventory for IT review. Not every .exe file necessarily requires firewall access. For example, uninstallers such as uninst.exe usually do not need network/firewall allowlisting unless IT specifically requires all software executables to be reviewed.


Name-Only EXE List

Use this option when IT only needs executable names.

Output file:

exe_list_names_only.txt

Example output:

uninst.exe

client.exe

DentalAlgoService.exe

DentalDesignAppLogic.exe

DentalLauncher.exe

Use this output when IT asks for:

  • General application allowlist
  • Executable names
  • Security review
  • Software component list


Recommended Shining3D Items for IT Review

The exact files may vary by software version and installation path. Customer IT should review the generated EXE list and confirm which files are required.


Possible IT actions:

Area

Recommended review

Windows Firewall

Allow required executables for Domain and Private profiles

Microsoft Defender Antivirus

Add file/process exclusions if Defender is blocking or quarantining files

Third-party antivirus / EDR

Add trusted allow rules if files, services, or processes are blocked

Controlled Folder Access

Allow required apps if the software cannot save scans, logs, exports, or case files

Application control

Allow required files by path, publisher, certificate, hash, or approved folder

Services

Confirm required services are installed, allowed, and running

Cloud/domain filtering

Allow required vendor domains and HTTPS traffic



Recommended Workflow for Support and Customer IT

Step 1: Confirm the Issue

Document the issue clearly:

Software name:

Software version:

Scanner/device model:

Windows version:

Issue observed:

Does the software open:

Does the scanner connect:

Does cloud login/sync work:

Does upload/download work:

Does the issue happen on one PC or all PCs:

Does the issue happen on office Wi-Fi, Ethernet, or both:

Does the issue work on mobile hotspot:



Step 2: Collect the EXE List

  1. Locate the correct software version folder.
  2. Place the EXE finder BAT file in the parent folder.
  3. Run either:
    • exe_find_full_path.bat
    • exe_find_name_only.bat
  4. Open the generated .txt file.
  5. Send the output to customer IT.



Step 3: Ask IT to Review Firewall Rules

Customer IT should review firewall access for the required application files.

Recommended request:

Please review the attached EXE list and allow the required software components through Windows Defender Firewall or the company firewall.

 

Recommended profiles:

- Domain, if the PC is domain-managed

- Private, for trusted office/clinic/lab networks

 

Public should only be allowed if specifically required by IT or the workflow.


Step 4: Ask IT to Review Antivirus / EDR Logs

Customer IT should check whether antivirus or EDR has blocked, quarantined, or restricted any required files.

Recommended request:

Please check antivirus/EDR logs for blocked or quarantined Shining3D software files, services, scripts, drivers, or network activity.

 

If trusted software components are being blocked, please add targeted allow rules or exclusions for the required files, processes, services, and folders.


Step 5: Ask IT to Review Services

Customer IT or support should confirm that required services are:

  • Installed
  • Running
  • Not disabled
  • Not quarantined
  • Not blocked by EDR
  • Not blocked by application control
  • Allowed to communicate through the firewall if network communication is required

Open Services:

Windows + R → services.msc

Check for services related to the software, scanner, launcher, algorithm processing, or device communication.


Step 6: Ask IT to Review Cloud/Domain Access

If login, upload, download, cloud sync, software resources, or updates are affected, customer IT should review cloud/domain access.

Recommended request:

Please confirm that required vendor domains are allowed through:

- DNS filtering

- Web filtering

- Proxy rules

- Firewall rules

- SSL inspection policies

- Endpoint security policies

 

Please also confirm that outbound HTTPS traffic is allowed for the required software components.


Step 7: Restart and Retest

After IT makes changes:

  1. Restart the software.
  2. Restart related services, if applicable.
  3. Restart the PC if files, services, drivers, or Defender exclusions were changed.
  4. Retest scanner connection.
  5. Retest login.
  6. Retest upload/download.
  7. Retest cloud indicator.
  8. Retest the original failed workflow.



Troubleshooting Decision Guide

Result

Likely cause

Next step

Works on hotspot but not office network

Office firewall, DNS, proxy, or web filtering

Escalate to customer IT

Fails on all networks

Local PC, software, antivirus, service, or account issue

Check Windows Security, services, install status

Works on another PC on same network

Local PC security or configuration issue

Compare firewall, antivirus, services, and drivers

Fails on all PCs on same network

Network-wide restriction

Review firewall, DNS, proxy, and domain allowlist

Cloud indicator is red/disconnected

Cloud connectivity blocked or service unavailable

Test DNS, hotspot, firewall, and domains

Scanner base appears connected but scanner does not connect

Wireless adapter, driver, service, or base/scanner communication issue

Check Task Manager, Network Connections, USBDeview, and services

Installer fails

Antivirus, SmartScreen, app control, driver policy, or missing admin rights

Check security logs and install with admin rights

Software cannot save files

Controlled Folder Access, folder permissions, or antivirus restriction

Allow trusted apps or review folder permissions

Software opens but processing fails

Background service or algorithm component may be blocked

Check services, Defender/EDR logs, and required executables



Information to Send to Customer IT

When escalating to customer IT, provide:

Software name:

Software version:

Scanner/device model:

Windows version:

Installation path:

Generated EXE list:

Affected workflow:

Error message or screenshot:

Does the issue happen on all PCs or only one PC:

Does the issue happen on Ethernet, office Wi-Fi, or both:

Does it work on mobile hotspot:

Antivirus/EDR software installed:

VPN software installed:

Firewall profile in use:

Required cloud/domain allowlist:

Recommended message:

The scanner/software may be blocked by local firewall, antivirus/EDR, application control, DNS filtering, proxy filtering, or network security policy.

 

Please review the attached executable list and allow the required software components, background services, trusted folders, and cloud/domain connections.

 

The affected functions may include:

- Software login

- Scanner communication

- Cloud upload/download

- Module loading

- Software updates

- Local service communication

- File saving/exporting

 

A hotspot test and DNS test can help determine whether the issue is caused by the office network or local PC security.



Recommended Pictures to Include

To make the article easier for customers and IT teams to follow, include the following images where available:

  1. Software cloud indicator
     Show normal vs red/disconnected status.
  2. BAT file placement
     Show the EXE finder BAT file placed in the parent software folder.
  3. Generated EXE list
     Show exe_list_full_path.txt with executable paths.
  4. Windows Firewall allowed apps
     Show Domain / Private / Public options.
  5. Windows Security exclusions
     Show file, process, or folder exclusion location.
  6. Controlled Folder Access allowed apps
     Show where trusted applications can be allowed.
  7. Windows Date & Time settings
     Show automatic time enabled.
  8. Network adapter check
     Show scanner/base adapter enabled in Windows Network Connections or Task Manager.
  9. DNS/cloud diagram
     Show simple flow: Software → DNS → Cloud Server.



Summary

IT security restrictions can prevent scanner/software systems from opening, connecting to devices, logging in, syncing with cloud services, updating, saving files, or running required background services.

The preferred resolution is not to disable security permanently. Customer IT should add targeted allow rules for trusted executable files, background services, folders, drivers, and cloud domains.

The EXE finder BAT files help collect the executable list from a software version folder so IT can review and allow the required components more easily.

 

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.