Jump to content

ESET Dynamic Threat defense causing delay of 5 minutes before remote session can start.


Recommended Posts

Customer has his own web site where he directs end users to download a connectwise Screen connect client which is an .exe file. This file is analyzed by EDTD it appears and shows in EVENT logs >>

User5/10/2021 3:26:24 PM;ESET Kernel;chrome.exe tried to access a file (companyX.ScreenConnect.Client (27).exe) which is being analyzed for malware. This can take several minutes.You will be notified when the file is ready.;BTB-RPRO-8\Karen
 

Time;Component;Event;User5/10/2021 3:26:25 PM;ESET Kernel;A suspicious file was sent to the ESET Virus Lab for analysis.;SYSTEM
 

and last one is >> ScreenConnect.Client (27).exe) was analyzed and is safe to be opened.;BTB-RPRO-8\Karen   

the problem is, there is a burned in 5 minute delay to analyze so file will only run in that time frame. Each detection in ESET Protect shows a different hash each time its detected and when doing the "create exclusion" this is the only option. We cannot do a EDTD exclusion as we don't want to exclude the users download folder where these files are being downloaded to. 

Are there any other options to make this process go faster for customer when trying to do remote sessions? 

 

Link to comment
Share on other sites

  • Administrators

Please check and make sure that EDTD proactive protection is disabled or better exclude the file path or its name from EDTD submission.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...