mlottgie 0 Posted September 27, 2017 Share Posted September 27, 2017 We use Radmin here and have for years. Despite several different methods of trying to exclude it from detection, we still get alerts including Malware Outbreak emails for at least one of the desktops. It is detected as "potentially unsafe application;Win32/RemoteAdmin.RAdmin.AC;Variant;Startup scanner." This image shows the exclusion we have for this. We also have path exclusions: and several others like this including path *rserver3.exe* - Nothing seems to work here. Link to comment Share on other sites More sharing options...
Administrators Marcos 3,884 Posted September 27, 2017 Administrators Share Posted September 27, 2017 Currently you need to prepend the detection name with "@NAME=" in order for PUA exclusions by name to work. Link to comment Share on other sites More sharing options...
mlottgie 0 Posted September 27, 2017 Author Share Posted September 27, 2017 So @NAME=Win32/RemoteAdmin.RAdmin.AC ??? Link to comment Share on other sites More sharing options...
Administrators Marcos 3,884 Posted September 27, 2017 Administrators Share Posted September 27, 2017 25 minutes ago, mlottgie said: So @NAME=Win32/RemoteAdmin.RAdmin.AC ??? That's correct. Link to comment Share on other sites More sharing options...
mlottgie 0 Posted September 27, 2017 Author Share Posted September 27, 2017 (edited) Another issue seems to be the versions. We recently upgraded ERA to 6.5.417.0. But the clients are still on 6.4.2014.0. Does the >= 6.5 on the edit exclusion pages mean that this will not apply? Note that this also did not work before the update of ERA, although we never had @NAME= in the rules. Edited September 27, 2017 by mlottgie Link to comment Share on other sites More sharing options...
Recommended Posts