mlottgie 0 Posted September 27, 2017 Posted September 27, 2017 We use Radmin here and have for years. Despite several different methods of trying to exclude it from detection, we still get alerts including Malware Outbreak emails for at least one of the desktops. It is detected as "potentially unsafe application;Win32/RemoteAdmin.RAdmin.AC;Variant;Startup scanner." This image shows the exclusion we have for this. We also have path exclusions: and several others like this including path *rserver3.exe* - Nothing seems to work here.
Administrators Marcos 5,735 Posted September 27, 2017 Administrators Posted September 27, 2017 Currently you need to prepend the detection name with "@NAME=" in order for PUA exclusions by name to work.
mlottgie 0 Posted September 27, 2017 Author Posted September 27, 2017 So @NAME=Win32/RemoteAdmin.RAdmin.AC ???
Administrators Marcos 5,735 Posted September 27, 2017 Administrators Posted September 27, 2017 25 minutes ago, mlottgie said: So @NAME=Win32/RemoteAdmin.RAdmin.AC ??? That's correct.
mlottgie 0 Posted September 27, 2017 Author Posted September 27, 2017 (edited) Another issue seems to be the versions. We recently upgraded ERA to 6.5.417.0. But the clients are still on 6.4.2014.0. Does the >= 6.5 on the edit exclusion pages mean that this will not apply? Note that this also did not work before the update of ERA, although we never had @NAME= in the rules. Edited September 27, 2017 by mlottgie
Recommended Posts