Create new ScreenConnectSetup.exe programs in same folder - Help reduce unnecessary "threat" alerts

Avatar
  • updated
  • Pending Review

The current process that updates remote Windows agents creates a new folder and ScreenConnectSetup.exe file in the folder c:\Windows\SystemTemp\ScreenConnect\<version-number>\

Every time McAfee throw a "treat" warning to each of the clients, that can 'worry' users, and generate un-necessary calls ad tickets.  Worth noting that McAfee does not allow folders and sub-folders to be excluded.

If ScreenConnect always created the setup program in the same file, over-writing the previous version, then excluding the file once should prevent the "threat" re-occurring for every new agent install.

We seem to be seeing a new agent almost every week at the moment!

Avatar
0
nathan levandowski

Same issue here with crowdstrike. It seems to be generating randomly named installers such as C:\Windows\SystemTemp\ScreenConnect\25.5.3.9371\GR4LipPSs0qK.exe

I suspect the random names may be what is triggering the machine learning detection as malware also uses randomly generated executable names.



Top contributors

Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar
Avatar