Jump to content

Recommended Posts

Posted

We use Radmin here and have for years.  Despite several different methods of trying to exclude it from detection, we still get alerts including Malware Outbreak emails for at least one of the desktops.  It is detected as "potentially unsafe application;Win32/RemoteAdmin.RAdmin.AC;Variant;Startup scanner."  This image shows the exclusion we have for this.

radmin_exclusion.PNG.e08c40036eb7b36d0d6eeb1ec74a8b6a.PNG

 

We also have path exclusions:

radmin_exclusion2.PNG.ee596675dc22a57fea499b7ec9c4c6fa.PNG

and several others like this including path *rserver3.exe* - Nothing seems to work here.

 

  • Administrators
Posted

Currently you need to prepend the detection name with "@NAME=" in order for PUA exclusions by name to work.

  • Administrators
Posted
25 minutes ago, mlottgie said:

So @NAME=Win32/RemoteAdmin.RAdmin.AC ???

That's correct.

Posted (edited)

Another issue seems to be the versions.  We recently upgraded ERA to 6.5.417.0.  But the clients are still on 6.4.2014.0.  Does the  >= 6.5 on the edit exclusion pages mean that this will not apply?  Note that this also did not work before the update of ERA, although we never had @NAME= in the rules.

Edited by mlottgie
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...