PMIadmin 0 Posted December 15, 2022 Share Posted December 15, 2022 I create exclusion rules but every time there is a update to Connectwise, i have to reapply the rules. Why do they keep flagging it? Its a legitimate paid for tool for businesses. Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,548 Posted December 15, 2022 Administrators Share Posted December 15, 2022 Maybe you have made the exclusion also based on the file hash instead of just the detection name? Quote Link to comment Share on other sites More sharing options...
PMIadmin 0 Posted December 15, 2022 Author Share Posted December 15, 2022 I was thinking the same thing after i posted. Going to look into that now, thank you. Quote Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 430 Posted January 3 ESET Staff Share Posted January 3 Hello @PMIadmin can you please share details about as what kind of detection the CW Control is flagged with? I would expect, it would be some kind of Potentially Unsafe Application, as despite being a legitimate software, RMM / remote connection tools are many times misused by attackers to gain control over the victim´s computer. We will need to investigate the reasoning further, but based on my experience if specific application was misused like this in the past, we keep flagging it as unsafe. https://blog.morphisec.com/connectwise-control-abused-again-to-deliver-zeppelin-ransomware Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.