@Dashrender said in When Anti-Virus Companies Get Hacked: Symantec, Trend Micro, and Intel McAfee:

I can't recall if the bad ccleaner was signed or not?

Even if it was, that would be a Microsoft compromise. This is about the AV vendors getting hacked.

@black3dynamite said in Windows Server 2019 Need to Download and Run without AV Deleting Files:

https://www.thomasmaurer.ch/2016/07/how-to-disable-and-configure-windows-defender-on-windows-server-2016-using-powershell/

For now, just temporary disable Real-Time Protection via PowerShell
Set-MpPreference -DisableRealtimeMonitoring $true

Download the executable and scan it manually before you install
Start-MpScan -ScanPath C:\datastore\file.exe -ScanType QuickScan

Enable Real-Time Protection after the install
Set-MpPreference -DisableRealtimeMonitoring $false

Excellent, now THAT did it.

@wrx7m said in Webroot - Limiting Access to Shutdown Protection to Admins:

Thanks, everyone. Policies are the way to handle it.

Has anyone needed to exclude services/files/directories from being scanned by webroot? For instance, Exchange, SQL, IIS, etc?

Not really. It was recommended by some software vendors but we ignored it and everything kept humming along without issue.

@momurda - I will have to keep an eye on the last seen. So far, those reports are accurate on mine, as they are newly-imaged computers that have not been deployed.

@stacksofplates Yeah, I work mostly in WIndows 10 but my laptop is based on Ubuntu right now.