tmuster2k 22 Posted May 11, 2021 Share Posted May 11, 2021 Customer has his own web site where he directs end users to download a connectwise Screen connect client which is an .exe file. This file is analyzed by EDTD it appears and shows in EVENT logs >> User5/10/2021 3:26:24 PM;ESET Kernel;chrome.exe tried to access a file (companyX.ScreenConnect.Client (27).exe) which is being analyzed for malware. This can take several minutes.You will be notified when the file is ready.;BTB-RPRO-8\Karen Time;Component;Event;User5/10/2021 3:26:25 PM;ESET Kernel;A suspicious file was sent to the ESET Virus Lab for analysis.;SYSTEM and last one is >> ScreenConnect.Client (27).exe) was analyzed and is safe to be opened.;BTB-RPRO-8\Karen the problem is, there is a burned in 5 minute delay to analyze so file will only run in that time frame. Each detection in ESET Protect shows a different hash each time its detected and when doing the "create exclusion" this is the only option. We cannot do a EDTD exclusion as we don't want to exclude the users download folder where these files are being downloaded to. Are there any other options to make this process go faster for customer when trying to do remote sessions? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,406 Posted May 11, 2021 Administrators Share Posted May 11, 2021 Please check and make sure that EDTD proactive protection is disabled or better exclude the file path or its name from EDTD submission. Link to comment Share on other sites More sharing options...
Recommended Posts