Create new ScreenConnectSetup.exe programs in same folder - Help reduce unnecessary "threat" alerts
The current process that updates remote Windows agents creates a new folder and ScreenConnectSetup.exe file in the folder c:\Windows\SystemTemp\ScreenConnect\<version-number>\
Every time McAfee throw a "treat" warning to each of the clients, that can 'worry' users, and generate un-necessary calls ad tickets. Worth noting that McAfee does not allow folders and sub-folders to be excluded.
If ScreenConnect always created the setup program in the same file, over-writing the previous version, then excluding the file once should prevent the "threat" re-occurring for every new agent install.
We seem to be seeing a new agent almost every week at the moment!
Same issue here with crowdstrike. It seems to be generating randomly named installers such as C:\Windows\SystemTemp\ScreenConnect\25.5.3.9371\GR4LipPSs0qK.exe
I suspect the random names may be what is triggering the machine learning detection as malware also uses randomly generated executable names.