@Dashrender said in When Anti-Virus Companies Get Hacked: Symantec, Trend Micro, and Intel McAfee: I can't recall if the bad ccleaner was signed or not? Even if it was, that would be a Microsoft compromise. This is about the AV vendors getting hacked.

@dbeato said in ScreenConnect/Connectwise control client exe (marked as malicious): @JaredBusch said in ScreenConnect/Connectwise control client exe (marked as malicious): @dbeato said in ScreenConnect/Connectwise control client exe (marked as malicious): @scottalanmiller said in ScreenConnect/Connectwise control client exe (marked as malicious): @dbeato no, just an online file by file virus scanner? No, (although it should be for another thread) it gives you information about the file, file hash. or URL in question. Example below is the Itarian Remote Control application Executable: It compares the has of the file to multiple AV and Technology companies to see if the hash has been flagged as malicious or not or if it is questionable. How is that useful? The executable is rebuilt on every install for every group that it auto links to. that makes a hash useless. That might be true for ConnectWise but not all Executables create a new hash everytime. And in those unrelated cases, lots of things flagging the would be more meaningful.

@black3dynamite said in Windows Server 2019 Need to Download and Run without AV Deleting Files: https://www.thomasmaurer.ch/2016/07/how-to-disable-and-configure-windows-defender-on-windows-server-2016-using-powershell/ For now, just temporary disable Real-Time Protection via PowerShell Set-MpPreference -DisableRealtimeMonitoring $true Download the executable and scan it manually before you install Start-MpScan -ScanPath C:\datastore\file.exe -ScanType QuickScan Enable Real-Time Protection after the install Set-MpPreference -DisableRealtimeMonitoring $false Excellent, now THAT did it.

@Dashrender said in Microsoft Security Essentials - Script?: Do you have a remote access solution for these machines? If not, Mesh Central might be a real life saver - then you could remote in and run these commands. No driving required. What do you meant "Remote access solution"? if the question is "DO i have remote access" ? then the answer is yes .

@wrx7m said in Webroot SecureAnywhere Business Replacement?: @momurda said in Webroot SecureAnywhere Business Replacement?: This task Manager behavior is from Webroot? I see it occasionally; one developer in particular says it is always a problem. https://community.webroot.com/t5/Webroot-SecureAnywhere-Complete/Task-Manager/td-p/309032 According to the most recent post in that thread (edit - the most recent post is currently 2 weeks old), a beta release fixes this issue. Being that the thread started in December of 2017, it goes to show how long it takes them to fix things. yes, that is also what we found out, especially in Windows 10.

@wrx7m said in Webroot - Limiting Access to Shutdown Protection to Admins: Thanks, everyone. Policies are the way to handle it. Has anyone needed to exclude services/files/directories from being scanned by webroot? For instance, Exchange, SQL, IIS, etc? Not really. It was recommended by some software vendors but we ignored it and everything kept humming along without issue.

@momurda - I will have to keep an eye on the last seen. So far, those reports are accurate on mine, as they are newly-imaged computers that have not been deployed.

@stacksofplates Yeah, I work mostly in WIndows 10 but my laptop is based on Ubuntu right now.

Please don't reference bad links.

Rough week, first Webroot, now Netgear.

And a lot of people set it to "always do" something bad, then it doesn't ask again.

@RojoLoco Today on this too: https://community.spiceworks.com/topic/1985267-av-conspiracy-theory-or-reality

@scottalanmiller said in Installing Linux Malware Detect and ClamAV on CentOS 7: @travisdh1 said in Installing Linux Malware Detect and ClamAV on CentOS 7: Any reason to use LMD instead of or in addition to rkhunter? Doesn't rkhunter focus only on root kits? Mostly, but this was the first time I remember hearing about LMD.

Windows Defender... works well enough and is included with the operating system.

https://vimeo.com/182707041

@Dashrender said in Sophos False Positive with WinLogon.EXE: @StrongBad said in Sophos False Positive with WinLogon.EXE: @Dashrender said in Sophos False Positive with WinLogon.EXE: other than webroot, who's had more false positives at my one client who uses them than panda that I have been running for 10+ years. I'm not understanding your statement. This feels like only part of a sentence. Is this a question? It's a statement - I'll re-word. Webroot has had more false positives in the 3 years a client of mine has been using Webroot, than I have had in the 10+ years another client has been using Panda AV. So while I love Webroot (primarily the journaling), it does require more support than other options I have/do use. I see, thanks for the clarification. That's not what I had read you to mean at all. That makes more sense.

@Richard_Cylance said in Cylance Questions: FTFY - Sold = Lost. Exec = guru This reminded me of the following Simpsons clip: Youtube Video

@BBigford said in Torch malware / browser?: If we're talking about the same Torch, it's not malware. It has a torrent client embedded in it so that might be throwing up a flag. Not to say it might be a phishing variant, or be compromised in another way. But the browser itself is fine (based on Chrome). Used it for a couple years before moving on. I saw that there is a split on whether or not it is technically "malware", but that's not as much my concern. I just need to be able to positively tell the customer that it didn't come from our side (and I'm feeling pretty confident in that it did not). And to my eyes, @BBigford, its behavior absolutely qualifies it as malware. Too much sneaky stuff going on when you use it, pop up ads all over the place, the use of the word "toolbar", etc, but I digress.

Bitdefender lauch a new tool to detect ransomware, It's free. https://labs.bitdefender.com/2016/03/combination-crypto-ransomware-vaccine-released/

@Ambarishrh said: @nadnerB Thank God i could remote it and do the things required, otherwise would be driving a bit far to do this! Thanks to screenconnect, i was actually evaluating screenconnect as my go to tool for remote support, one thing i noticed is few windows message screenconnect didn't allow me to click ok to proceed, at that time it just shows that i am connected but not the guest. Used Teamviewer free for that to complete that action, so i have second thoughts about screenconnect! When ScreenConnect is running as an admin process, you can click everything.

@JaredBusch said: @IT-ADMIN said: is this feeling is wrong??? because whenever i'm doing something on the cloud i start have concern on security I most certainly do not. The only reason to feel safe locally is because you are practicing security through obscurity, and that is not security. Well known reputable providers have security teams dedicated to ensuring their services are secure. ^^^ This. Not only do they have teams of people that do this, and they have people with a lot more experience than you are likely to have, and lots of them... but they also have more money and resources, take security much more seriously, don't deal with SMB politics crippling their security efforts, have tons of reputation on the line and the big one... they know their product far better than anyone else and simply have more capability to protect it.

What we might do is for our non-servers go with the cloud free platform, and for the servers just purchase the standard business version. Sure it splits up the monitoring, but at least it gives us the tools we need (for our servers), at a reasonable cost.

@Nic said: No, that's our direct sales guy - email is [email protected] Sweet. I emailed him about renewal, so I could gather info, and so his email would be saved in my Gmail...LOL

I would definitely prefer working with Sophos over TrendMicro anyday.

@Nic said: Yeah as far as I know we don't have anything like that. Seems a bit unfair to existing customers too - like when you switch phone companies If it is only for the first year or something, nothing really wrong with it. If it was a permanent rate, that would be different.

@Dashrender said: @alexntg said: @Dashrender said: @alexntg said: A bit on the reimaging rights. Intune with SA is a volume license. You could use the volume license media and key to reimage other computers that run the same exact product version. You could use the Win8.1 Pro media and key for other Win8.1 Pro computers. Upgrade rights are only available with SA, one device per user. Do understand that if you cancel Intune, you'd be revoking your volume license rights. Alex, Under the old SA in a VL setup, let's say you bought Office Pro plus with SA, when you purchased it Office 2010 was out, but during your subscription, Office 2013 comes out. Now say you discontinue your subscription. It is my understanding that you can use 2013 in perpetuity. Is the same true for machines that you purchase Intune with SA? So you have a Windows XP machine today, you buy Intune with SA which allows you to upgrade to Windows 8.1 Pro (or Enterprise if you wish). If you dump the SA portion of the subscription are you required to go back to XP on that computer? If that's the case, calling it SA was a bad decision as the rules would be different for two things with the same name. The software, including the OS license, is provided on a subscription basis only. There is, however, a buyout option that's available for cancellations after the initial 12-month term. I'm not sure what the pricing on it is offhand, as that requires contacting MS directly. Thanks - I do recall seeing something about a buyout. Do we have a MS rep around to answer this?

@Nic said: For anyone who is a satisfied customer, cast your vote here http://community.spiceworks.com/spice_list/show/397 Done!

@Obsolesce said in TrendMicro 10.6: Is TrendMicro still blocking ML? No, we run it here and I'm able to access it.