Create new ScreenConnectSetup.exe programs in same folder - Help reduce unnecessary "threat" alerts

tim

1 month ago
updated 1 month ago
Pending Review

The current process that updates remote Windows agents creates a new folder and ScreenConnectSetup.exe file in the folder c:\Windows\SystemTemp\ScreenConnect\<version-number>\

Every time McAfee throw a "treat" warning to each of the clients, that can 'worry' users, and generate un-necessary calls ad tickets. Worth noting that McAfee does not allow folders and sub-folders to be excluded.

If ScreenConnect always created the setup program in the same file, over-writing the previous version, then excluding the file once should prevent the "threat" re-occurring for every new agent install.

We seem to be seeing a new agent almost every week at the moment!

Replies 2

Oldest first
Newest first Oldest first

nathan levandowski

1 month ago

Same issue here with crowdstrike. It seems to be generating randomly named installers such as C:\Windows\SystemTemp\ScreenConnect\25.5.3.9371\GR4LipPSs0qK.exe

I suspect the random names may be what is triggering the machine learning detection as malware also uses randomly generated executable names.

Reply Link

Same issue here https://screenconnect.product.connectwise.com/communities/1/topics/4914-add-improvements-to-exe-files-in-cprogram-files-x86screenconnectbin-and

Welcome to our community!

Create new ScreenConnectSetup.exe programs in same folder - Help reduce unnecessary "threat" alerts

Top contributors