ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login
    1. Topics
    2. Tags
    3. antivirus
    Log in to post
    • All categories
    • CCWTechC

      Windows defender quarentined my VM... WTH?

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion virus hyper-v antivirus server
      6
      0 Votes
      6 Posts
      650 Views
      scottalanmillerS

      @CCWTech said in Windows defender quarentined my VM... WTH?:

      @Obsolesce said in Windows defender quarentined my VM... WTH?:

      @CCWTech said in Windows defender quarentined my VM... WTH?:

      Server down this morning...
      VHDX File is just gone... It's missing...
      I found out that Windows Defender had detected it was (or had) a virus and quarantined it...

      How Windows defender even would ever quarantine a VHDX is beyond me.

      Come on Microsoft!

      That's odd. VHD/VHDX files are NOT ever scanned by the host, unless of course they are mounted in the same way as a disk or USB disk is to the host OS for example. Otherwise, they are treated like a black box. So something else had to have happened for it to be quarantined by the host OS. That doesn't just happen willy-nilly.

      Additionally, VM files are automatically excluded when the Hyper-V server role is installed. So again, something isn't configured correctly or something weird is going on.

      What happened to you isn't default behavior.

      Not sure, we 'inherited' the server. We don't do HYPER-V any longer. Everything is KVM now. (Proxmox)

      But it was for sure quarantiined. Funny thing is that Windows defender scan of the actual VM shows no virus... So weird.

      My guess would be that the VM's AV cleaned it up separate from the host's AV killing the VM.

    • WrCombsW

      When Anti-Virus Companies Get Hacked: Symantec, Trend Micro, and Intel McAfee

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion antivirus hacked breach symantec av trend micro mcafee intel
      10
      0 Votes
      10 Posts
      1k Views
      scottalanmillerS

      @Dashrender said in When Anti-Virus Companies Get Hacked: Symantec, Trend Micro, and Intel McAfee:

      I can't recall if the bad ccleaner was signed or not?

      Even if it was, that would be a Microsoft compromise. This is about the AV vendors getting hacked.

    • AmbarishrhA

      ScreenConnect/Connectwise control client exe (marked as malicious)

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion connectwise screenconnect antivirus
      27
      0 Votes
      27 Posts
      5k Views
      scottalanmillerS

      @dbeato said in ScreenConnect/Connectwise control client exe (marked as malicious):

      @JaredBusch said in ScreenConnect/Connectwise control client exe (marked as malicious):

      @dbeato said in ScreenConnect/Connectwise control client exe (marked as malicious):

      @scottalanmiller said in ScreenConnect/Connectwise control client exe (marked as malicious):

      @dbeato no, just an online file by file virus scanner?

      No, (although it should be for another thread) it gives you information about the file, file hash. or URL in question. Example below is the Itarian Remote Control application Executable:
      2019-04-23_0039.png

      It compares the has of the file to multiple AV and Technology companies to see if the hash has been flagged as malicious or not or if it is questionable.

      How is that useful? The executable is rebuilt on every install for every group that it auto links to. that makes a hash useless.

      That might be true for ConnectWise but not all Executables create a new hash everytime.

      And in those unrelated cases, lots of things flagging the would be more meaningful.

    • scottalanmillerS

      Windows Server 2019 Need to Download and Run without AV Deleting Files

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion windows windows server windows server 2019 windows defender av antivirus cli command line
      11
      0 Votes
      11 Posts
      2k Views
      scottalanmillerS

      @black3dynamite said in Windows Server 2019 Need to Download and Run without AV Deleting Files:

      https://www.thomasmaurer.ch/2016/07/how-to-disable-and-configure-windows-defender-on-windows-server-2016-using-powershell/

      For now, just temporary disable Real-Time Protection via PowerShell
      Set-MpPreference -DisableRealtimeMonitoring $true

      Download the executable and scan it manually before you install
      Start-MpScan -ScanPath C:\datastore\file.exe -ScanType QuickScan

      Enable Real-Time Protection after the install
      Set-MpPreference -DisableRealtimeMonitoring $false

      Excellent, now THAT did it.

    • WrCombsW

      Microsoft Security Essentials - Script?

      Watching Ignoring Scheduled Pinned Locked Moved Water Closet windows 7 pro windows microsoft security essentials antivirus
      6
      0 Votes
      6 Posts
      531 Views
      WrCombsW

      @Dashrender said in Microsoft Security Essentials - Script?:

      Do you have a remote access solution for these machines?

      If not, Mesh Central might be a real life saver - then you could remote in and run these commands. No driving required.

      What do you meant "Remote access solution"?
      if the question is "DO i have remote access" ?
      then the answer is yes .

    • wrx7mW

      Webroot SecureAnywhere Business Replacement?

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion webroot antivirus intune defender ninite pdq depoy secureanywhere
      45
      1 Votes
      45 Posts
      5k Views
      dbeatoD

      @wrx7m said in Webroot SecureAnywhere Business Replacement?:

      @momurda said in Webroot SecureAnywhere Business Replacement?:

      This task Manager behavior is from Webroot?
      I see it occasionally; one developer in particular says it is always a problem.

      https://community.webroot.com/t5/Webroot-SecureAnywhere-Complete/Task-Manager/td-p/309032

      According to the most recent post in that thread (edit - the most recent post is currently 2 weeks old), a beta release fixes this issue. Being that the thread started in December of 2017, it goes to show how long it takes them to fix things.

      yes, that is also what we found out, especially in Windows 10.

    • mlnewsM

      New Attack Vector for your Computer - AV Itself.

      Watching Ignoring Scheduled Pinned Locked Moved News ars technica security antivirus
      1
      4 Votes
      1 Posts
      494 Views
      No one has replied
    • wrx7mW

      Webroot - Limiting Access to Shutdown Protection to Admins

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion webroot av antivirus
      21
      2 Votes
      21 Posts
      3k Views
      coliverC

      @wrx7m said in Webroot - Limiting Access to Shutdown Protection to Admins:

      Thanks, everyone. Policies are the way to handle it.

      Has anyone needed to exclude services/files/directories from being scanned by webroot? For instance, Exchange, SQL, IIS, etc?

      Not really. It was recommended by some software vendors but we ignored it and everything kept humming along without issue.

    • wrx7mW

      Trend Micro OfficeScan Renewal Coming Up - Replacements?

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion av antivirus antimalware
      35
      0 Votes
      35 Posts
      5k Views
      wrx7mW

      @momurda - I will have to keep an eye on the last seen. So far, those reports are accurate on mine, as they are newly-imaged computers that have not been deployed.

    • Emad RE

      Really Panda AV?

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion panda av antivirus
      46
      2 Votes
      46 Posts
      5k Views
      dbeatoD

      @stacksofplates Yeah, I work mostly in WIndows 10 but my laptop is based on Ubuntu right now.

    • nadnerBN

      Home Anti-virus

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion antivirus
      68
      1 Votes
      68 Posts
      9k Views
      ObsolesceO

      Please don't reference bad links.

    • mlnewsM

      Webroot in Massive Failure with Monday Update

      Watching Ignoring Scheduled Pinned Locked Moved News webroot ars technica antivirus
      9
      2 Votes
      9 Posts
      2k Views
      scottalanmillerS

      Rough week, first Webroot, now Netgear.

    • Deleted74295D

      Webroot - Malicious autorun scripts on USBs

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion webroot avast security antivirus
      17
      3 Votes
      17 Posts
      2k Views
      Reid CooperR

      And a lot of people set it to "always do" something bad, then it doesn't ask again.

    • mlnewsM

      Cylance Unbelievable Tour Lives Up to Name, Can Cylance Be Trusted?

      Watching Ignoring Scheduled Pinned Locked Moved News cylance antivirus antimalware security ars technica
      46
      3 Votes
      46 Posts
      6k Views
      dbeatoD

      @RojoLoco Today on this too:
      https://community.spiceworks.com/topic/1985267-av-conspiracy-theory-or-reality

    • mlnewsM

      Installing Linux Malware Detect and ClamAV on CentOS 7

      Watching Ignoring Scheduled Pinned Locked Moved News linux linux malware detect clamav antivirus antimalware centos centos 7 rhel rhel 7 howtoforge
      4
      4 Votes
      4 Posts
      2k Views
      travisdh1T

      @scottalanmiller said in Installing Linux Malware Detect and ClamAV on CentOS 7:

      @travisdh1 said in Installing Linux Malware Detect and ClamAV on CentOS 7:

      Any reason to use LMD instead of or in addition to rkhunter?

      Doesn't rkhunter focus only on root kits?

      Mostly, but this was the first time I remember hearing about LMD.

    • steveS

      Nic Tolstoshev: Webroot on Security 2016

      Watching Ignoring Scheduled Pinned Locked Moved MangoCon webroot nic tolstoshev security antivirus malware youtube
      1
      2 Votes
      1 Posts
      837 Views
      No one has replied
    • thwrT

      What's your favorite AV for home use?

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion antivirus soho
      22
      1 Votes
      22 Posts
      2k Views
      coliverC

      Windows Defender... works well enough and is included with the operating system.

    • IRJI

      Sophos Intercept X

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion sophos ransomware antivirus
      3
      2 Votes
      3 Posts
      1k Views
      scottalanmillerS

      https://vimeo.com/182707041

    • nadnerBN

      Sophos False Positive with WinLogon.EXE

      Watching Ignoring Scheduled Pinned Locked Moved News sophos security antivirus
      15
      3 Votes
      15 Posts
      4k Views
      StrongBadS

      @Dashrender said in Sophos False Positive with WinLogon.EXE:

      @StrongBad said in Sophos False Positive with WinLogon.EXE:

      @Dashrender said in Sophos False Positive with WinLogon.EXE:

      other than webroot, who's had more false positives at my one client who uses them than panda that I have been running for 10+ years.

      I'm not understanding your statement. This feels like only part of a sentence. Is this a question?

      It's a statement - I'll re-word.

      Webroot has had more false positives in the 3 years a client of mine has been using Webroot, than I have had in the 10+ years another client has been using Panda AV.

      So while I love Webroot (primarily the journaling), it does require more support than other options I have/do use.

      I see, thanks for the clarification. That's not what I had read you to mean at all. That makes more sense.

    • Deleted74295D

      Cylance Questions

      Watching Ignoring Scheduled Pinned Locked Moved IT Discussion cylance security antivirus
      49
      3 Votes
      49 Posts
      11k Views
      BRRABillB

      @Richard_Cylance said in Cylance Questions:

      FTFY - Sold = Lost. Exec = guru

      This reminded me of the following Simpsons clip:
      Youtube Video

    • 1
    • 2
    • 1 / 2