mwhalenhtc

Members
  • Content count

    10
  • Joined

  • Last visited

  1. Exlcusion not working

    Either that or I misunderstood. I am getting clarification. Thanks.
  2. Exlcusion not working

    Marcos, That is _not_ what I've heard from another agent at ESET. He tells me that 6.6.2072.4 will fix the problem. Are you saying that's not accurate?
  3. Exlcusion not working

    I have been speaking with my favorite tech at ESET. He says to update the endpoints to 6.6.2072.4. I am doing that now. Is that what you're running?
  4. Exlcusion not working

    That's disappointing, but knowing that and having a live phone call means I'll lean hard to get this resolved. I am especially inrigued Marcos's note:
  5. Exlcusion not working

    I'm hopeful to have a better answer soon. ESET has given me one of the best experiences I've ever had with tech support. Unfortunately, I only have experience with one person who was on the ConnectWise/ESET migration team. I hung on to that ticket for dear life because the tech was so good. I don't know what I'm going to get this time.
  6. Exlcusion not working

    Well, that's how I have it setup and it's not working. Fortunately, I've got a ticket open with ESET and I have a call scheduled with them tomorrow. I'll update here when I have an answer. :-)
  7. Exlcusion not working

    Any further news on this topic? :-/
  8. Exlcusion not working

    Thanks, nasaeed. Good to know I am not the only one at any rate! :-) ConnectWise support told me that the ProduKey scanning method for keys is deprecated and had me install their update for product key scanning via the LabTech Solution Center. It can't hurt to do that. You have to run the solution center on the Labtech server directly. (We are hosting LT "on-prem." The method may be different for hosted LT.) I haven't been crushed with client calls (yet) and I have at least one workstation in which I can run a log collector without much fuss.
  9. Exlcusion not working

    Hi Marcos, Thanks so much for your response. I seem to have a lot of users who click buttons. :-) I can't find that particular line since the detection threats log is currently clear. The item I can find is below. C:\Windows\LTSVC\scripts\ProduKey.exe - a variant of Win64/PSWTool.ProductKey.A potentially unsafe application - action selection postponed until scan completion Does that help? Or do you need something else? I ran the log collector on the Detected Threats with a 30-day window. Would that contain information you'd need? Most agents are running 6.6.2052.0.
  10. Hello, Full disclosure: We have ConnectWise and buy our licenses through them. However, ConnectWise takes... what? ... a week to get back to people for technical support issues. I am posting here in the hopes that it won't be slower. ;-) Just recently, ESET agents started flagging Win64/PSWTool.ProductKey.A as an Unsafe Application. This tool is one that our remote management system uses and I'm aware of what it does. I've also put in the 32-bit variety as an exclusion and that's been there for some time. I've not had any trouble with. However, I can't seem to exclude the one for some reason. What's more, I already have excluded the directory that the executable lives in so I am unsure why two exceptions are failing. I have a base agent policy. In there, I've defined Exclusions with the drop down for the Exclusions section listed as "Replace." The 32-bit variety exclusion is defined like so: Exclude for this computer has a three check. Exclude all threats does not have a check. Threat name is defined as: @NAME=Win32/PSWTool.ProductKey.D@TYPE=ApplicUnsaf The 64-bit variety is defined like so: Exclude for this computer has a three check. Exclude all threats does not have a check. Threat name is defined as: @NAME=Win64/PSWTool.ProductKey.A@TYPE=ApplicUnsaf I have checked agents and see that the exclusion definitions have made it to the agents themselves but they're still flagging @NAME=Win64/PSWTool.ProductKey.A@TYPE=ApplicUnsaf. I've attached screenshots in the hopes that will help.