PMIadmin 0 Posted December 15, 2022 Share Posted December 15, 2022 I create exclusion rules but every time there is a update to Connectwise, i have to reapply the rules. Why do they keep flagging it? Its a legitimate paid for tool for businesses. Link to comment Share on other sites More sharing options...
Administrators Marcos 4,698 Posted December 15, 2022 Administrators Share Posted December 15, 2022 Maybe you have made the exclusion also based on the file hash instead of just the detection name? Link to comment Share on other sites More sharing options...
PMIadmin 0 Posted December 15, 2022 Author Share Posted December 15, 2022 I was thinking the same thing after i posted. Going to look into that now, thank you. Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 430 Posted January 3 ESET Staff Share Posted January 3 Hello @PMIadmin can you please share details about as what kind of detection the CW Control is flagged with? I would expect, it would be some kind of Potentially Unsafe Application, as despite being a legitimate software, RMM / remote connection tools are many times misused by attackers to gain control over the victim´s computer. We will need to investigate the reasoning further, but based on my experience if specific application was misused like this in the past, we keep flagging it as unsafe. https://blog.morphisec.com/connectwise-control-abused-again-to-deliver-zeppelin-ransomware Link to comment Share on other sites More sharing options...
Recommended Posts