@black3dynamite said in Windows Server 2019 Need to Download and Run without AV Deleting Files:
https://www.thomasmaurer.ch/2016/07/how-to-disable-and-configure-windows-defender-on-windows-server-2016-using-powershell/
For now, just temporary disable Real-Time Protection via PowerShell
Set-MpPreference -DisableRealtimeMonitoring $true
Download the executable and scan it manually before you install
Start-MpScan -ScanPath C:\datastore\file.exe -ScanType QuickScan
Enable Real-Time Protection after the install
Set-MpPreference -DisableRealtimeMonitoring $false
Excellent, now THAT did it.
@Dashrender said in Microsoft Security Essentials - Script?:
Do you have a remote access solution for these machines?
If not, Mesh Central might be a real life saver - then you could remote in and run these commands. No driving required.
What do you meant "Remote access solution"?
if the question is "DO i have remote access" ?
then the answer is yes .
@wrx7m said in Webroot SecureAnywhere Business Replacement?:
@momurda said in Webroot SecureAnywhere Business Replacement?:
This task Manager behavior is from Webroot?
I see it occasionally; one developer in particular says it is always a problem.
https://community.webroot.com/t5/Webroot-SecureAnywhere-Complete/Task-Manager/td-p/309032
According to the most recent post in that thread (edit - the most recent post is currently 2 weeks old), a beta release fixes this issue. Being that the thread started in December of 2017, it goes to show how long it takes them to fix things.
yes, that is also what we found out, especially in Windows 10.
@wrx7m said in Webroot - Limiting Access to Shutdown Protection to Admins:
Thanks, everyone. Policies are the way to handle it.
Has anyone needed to exclude services/files/directories from being scanned by webroot? For instance, Exchange, SQL, IIS, etc?
Not really. It was recommended by some software vendors but we ignored it and everything kept humming along without issue.
@momurda - I will have to keep an eye on the last seen. So far, those reports are accurate on mine, as they are newly-imaged computers that have not been deployed.
@scottalanmiller said in Installing Linux Malware Detect and ClamAV on CentOS 7:
@travisdh1 said in Installing Linux Malware Detect and ClamAV on CentOS 7:
Any reason to use LMD instead of or in addition to rkhunter?
Doesn't rkhunter focus only on root kits?
Mostly, but this was the first time I remember hearing about LMD.
@Dashrender said in Sophos False Positive with WinLogon.EXE:
@StrongBad said in Sophos False Positive with WinLogon.EXE:
@Dashrender said in Sophos False Positive with WinLogon.EXE:
other than webroot, who's had more false positives at my one client who uses them than panda that I have been running for 10+ years.
I'm not understanding your statement. This feels like only part of a sentence. Is this a question?
It's a statement - I'll re-word.
Webroot has had more false positives in the 3 years a client of mine has been using Webroot, than I have had in the 10+ years another client has been using Panda AV.
So while I love Webroot (primarily the journaling), it does require more support than other options I have/do use.
I see, thanks for the clarification. That's not what I had read you to mean at all. That makes more sense.
@BBigford said in Torch malware / browser?:
If we're talking about the same Torch, it's not malware. It has a torrent client embedded in it so that might be throwing up a flag.
Not to say it might be a phishing variant, or be compromised in another way. But the browser itself is fine (based on Chrome). Used it for a couple years before moving on.
I saw that there is a split on whether or not it is technically "malware", but that's not as much my concern. I just need to be able to positively tell the customer that it didn't come from our side (and I'm feeling pretty confident in that it did not).
And to my eyes, @BBigford, its behavior absolutely qualifies it as malware. Too much sneaky stuff going on when you use it, pop up ads all over the place, the use of the word "toolbar", etc, but I digress.
@Ambarishrh said:
@nadnerB Thank God i could remote it and do the things required, otherwise would be driving a bit far to do this! Thanks to screenconnect, i was actually evaluating screenconnect as my go to tool for remote support, one thing i noticed is few windows message screenconnect didn't allow me to click ok to proceed, at that time it just shows that i am connected but not the guest. Used Teamviewer free for that to complete that action, so i have second thoughts about screenconnect!
When ScreenConnect is running as an admin process, you can click everything.
@JaredBusch said:
@IT-ADMIN said:
is this feeling is wrong???
because whenever i'm doing something on the cloud i start have concern on security
I most certainly do not. The only reason to feel safe locally is because you are practicing security through obscurity, and that is not security.
Well known reputable providers have security teams dedicated to ensuring their services are secure.
^^^ This. Not only do they have teams of people that do this, and they have people with a lot more experience than you are likely to have, and lots of them... but they also have more money and resources, take security much more seriously, don't deal with SMB politics crippling their security efforts, have tons of reputation on the line and the big one... they know their product far better than anyone else and simply have more capability to protect it.
What we might do is for our non-servers go with the cloud free platform, and for the servers just purchase the standard business version.
Sure it splits up the monitoring, but at least it gives us the tools we need (for our servers), at a reasonable cost.
@Nic said:
No, that's our direct sales guy - email is [email protected]
Sweet. I emailed him about renewal, so I could gather info, and so his email would be saved in my Gmail...LOL
@Nic said:
Yeah as far as I know we don't have anything like that. Seems a bit unfair to existing customers too - like when you switch phone companies
If it is only for the first year or something, nothing really wrong with it. If it was a permanent rate, that would be different.
@Dashrender said:
@alexntg said:
@Dashrender said:
@alexntg said:
A bit on the reimaging rights. Intune with SA is a volume license. You could use the volume license media and key to reimage other computers that run the same exact product version. You could use the Win8.1 Pro media and key for other Win8.1 Pro computers. Upgrade rights are only available with SA, one device per user. Do understand that if you cancel Intune, you'd be revoking your volume license rights.
Alex,
Under the old SA in a VL setup, let's say you bought Office Pro plus with SA, when you purchased it Office 2010 was out, but during your subscription, Office 2013 comes out.
Now say you discontinue your subscription. It is my understanding that you can use 2013 in perpetuity.
Is the same true for machines that you purchase Intune with SA? So you have a Windows XP machine today, you buy Intune with SA which allows you to upgrade to Windows 8.1 Pro (or Enterprise if you wish). If you dump the SA portion of the subscription are you required to go back to XP on that computer? If that's the case, calling it SA was a bad decision as the rules would be different for two things with the same name.
The software, including the OS license, is provided on a subscription basis only. There is, however, a buyout option that's available for cancellations after the initial 12-month term. I'm not sure what the pricing on it is offhand, as that requires contacting MS directly.
Thanks - I do recall seeing something about a buyout.
Do we have a MS rep around to answer this?
